Screenshot on Windows 10

Posted on by Adam Fowler

Screen Shot on Windows 10

How to take a screenshot without any extra software

  • Pressing Windows key + Shift + S will bring up the Snip & Sketch App
  • Pick from the 4 choices – Rectangular Snip, Freeform Snip, Windows Snip, or Fullscreen Snip
  • Click on what you want to screen shot
  • Use the Notification Area in Windows 10 to view, edit and save your screen shot.

Although you can still use the Print Screen button to take a screenshot of everything you can see across all monitors, or Alt + Print Screen to take a screenshot, this will purely add that image to the clipboard. You’ll then need to paste it somewhere to have a copy of it to work with and save.

Originally, Windows 10 had the Snipping Tool (and at the time of writing, it’s still there), but for a while, Snipping Tool has has this notice advising that it will be replaced by Snip & Sketch. If you have Windows 10 1607 or later, you have Snip & Sketch.

Once you’ve taken a screenshot, it will immediately be available on the clipboard too, so you’re able to paste it straight into a document, email or anywhere else that will accept clipboard images.

You can also just launch Skip & Sketch to then use the ‘New’ button, or the drop down arrow to trigger a delayed snip in 3 or 10 seconds time.

Also, if you’re wondering – is it ‘Screen Shot’ or ‘Screenshot’ – both are acceptable according to dictionary.com.

Network and Sharing Center – Windows 10

Posted on by Adam Fowler

Network and Sharing Center

How do you find the Network and Sharing Center in Windows 10?

  1. Press the ‘Start’ button
  2. Type ‘Control Panel’ and click the shortcut to Control Panel
  3. Click ‘Network and Internet’ (skip this step if your ‘view by’ isn’t set to ‘category’)
  4. Click ‘Network and Sharing Center’

Applies To: Windows 10

The Network and Sharing Center can be a bit hard to find in Windows 10, and there’s several ways to find it. The quickest way is by following the instructions above.

The Network and Sharing Center is part of the classic Windows Control panel, and being replaced by the more modern Network area of Settings:

Latest Windows 10 Version

Posted on by Adam Fowler

Latest Windows 10 Version

  • The latest version of Windows 10 is 20H2, aka 2009, aka October 2020 Update
    Released October 20, 2020

Applies To: Windows 10

If you don’t have the latest version of Windows 10, you can use Microsoft’s Update Assistant to try to download and install it.

Microsoft’s list of Windows 10 versions and update history is available here.

Microsoft Home and Microsoft Pro can be bought directly from Microsoft here.

User Can’t Receive MFA Requests for Azure AD / Microsoft 365

Posted on by Adam Fowler

Was stumpted on this one and had to get advice from Microsoft Support.

A single user couldn’t log in via Multi-Factor Authentication. SMS code would say it was sent, wouldn’t come through. Phone call also wouldn’t come through. Trying to set up another MFA method aka.ms/mfasetup would receive one of these errors:

You are blocked from performing this operation. Please contact your administrator for help.

We’re sorry, we ran into a problem. Please select “Next to try again.

There were zero search results for that first error word for word, which is never a good sign.

There’s several areas you can check for blocked users such as:

https://protection.office.com/restrictedusers

https://protection.office.com/threatincidents

https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/RiskyUsers

But I couldn’t find the user listed in any of those.

After logging a case, Microsoft Support advised to check here:

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/BlockedUsers/fromProviders/

And of course, that’s where the user was listed. They’d had some suspicious activity (a MFA phone call they didn’t initiate) so chose the option to block future sign in attempts, as you’d hope. This also triggered an email alert to admins, and that link is where the user’s block is listed until released.

Azure AD Password Protection Setup Summary

Posted on by Adam Fowler

Update 27th November 2023:
The below information may be a bit dated now, so please refer to the lastest official guide here: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy

Original Post:
Microsoft have a nice way of preventing the use of bad passwords. Yes, all passwords are bad, but some are worse than others :)

Azure Active Directory Password Protection is a service that looks at password changes and blocks passwords it deems as weak. This could be from checking it’s an easy password to break using a dictionary attack, or other easily guessable variants. It leverages Microsoft online services to do so, which requires some setup and agents installed on the on-premises environment.

Microsoft’s documentation for this is detailed and fairly easy to follow, but I thought I’d do a quick rundown.

Installing the agents:

  • There are two agents – the ‘Azure AD Password Protection DC agent’ and the ‘Azure AD Password Protection proxy service’. Both can be downloaded here.
  • The ‘Azure AD Password Protection DC agent’ needs to be installed on all Domain Controllers (DCs), but the ‘Azure AD Password Protection proxy service’ only needs to be installed somewhere once. You CAN install it on a Domain Controller, and you can install it on ALL Domain Controllers, but Microsoft highlighted this as a potential security risk allowing any DC internet access. At least two installs of this is recommended for redundancy.
  • The ‘Azure AD Password Protection proxy service’ can’t be installed alongside (on the same server) as ‘Azure AD App Proxy Service’ – which is probably the same utility server you’d think of putting this on.
  • After installing the ‘Azure AD Password Protection proxy service’ you’ll need to run a few PowerShell commands to register it with global admin rights – you don’t need to create a service account for this, it’s just a one time registration process.

    The commands are:

    Register-AzureADPasswordProtectionProxy -AccountUpn ‘[email protected]
    (run this on each install)

    Register-AzureADPasswordProtectionForest -AccountUpn ‘[email protected]
    (run this after the first install only)
  • Installing the ‘Azure AD Password Protection DC agent’ is easier again, but will need a reboot of the DC to start working.
  • Both clients automatically update themselves.

Configuring in Azure Active Directory

  • You’ll need to enable on-premises Azure Active Directory Password Protection on the Azure AD portal – that link should take you right to ‘Password Protection’ but it’s located under Azure Active Directory > Security > Authentication methods > Password protection.
  • Start with ‘Audit mode’ rather than ‘Enforced Mode’ so you can get an idea of how many users might get affected by this change, and allow you to communicate this out before forcing.
  • You can also add custom banned passwords which might include your company name and common terms in your business and industry, to ensure easily guessed passwords aren’t used.

There are other catches to this, like making sure your domain is using DFSR rather than FRSR so please go through the official documenation carfeully.

Once set up, you can either read through the logs on a DC, or run this PowerShell command on each DC to see the results.:

Get-AzureADPasswordProtectionSummaryReport

You’ll need to either wait for users to change their passwords, or do some yourself and work out which DC the changes were done against. These stats will give you an idea of how many ‘failures’ were audited, so you can decide how much of a user impact enforcing the policy will be.

You could of course ship these event viewer logs to a central repository, but the service should just do it’s thing and just block users from setting a new password that’s really bad.