Microsoft

Microsoft TechCommunity Top Posts January 2022, Week 2

Posted on by Adam Fowler

Here’s my weekly picks on the subjectively best blog posts from TechCommunity:

Released: January 2022 Exchange Server Security Updates

Security updates for Exchange 2013, 2016 and 2019 are out, and as always, there’s exploits these mitigate. Note that https://aka.ms/ExchangeUpdateWizard will ask what you’re upgrading from and to, and talk you through the process – although it does expect you’ve done this before with some high level ‘Update your AD schema with this switch’ instructions that require you to go work out how to do that – which does involve downloading the latest ISO for Exchange, mounting it, then running the setup.exe with some switches. It also notes that these patches don’t fix the January 2022 transport queue buildup issue (Y2K22). Get patching!

Create a resume website – no coding experience required!

This one’s a really neat idea – use GitHub Pages for free, to have a static online resume. No fees, no special hosting stuff – it’s what I run msportals.io off of. Good practise in doing something fairly simple on GitHub Pages. A workshop is available to work through it all.

SQl Injection: example of SQL Injections and Recommendations to avoid it

I’m not someone who dabbles in SQL too often, but this is a nice clear post demonstrating simply how SQL Injection can work by searching with the string ‘ or 1=1 or 1=’ – then how to avoid it in code, and how Microsoft Defender for Cloud can detect and notify on those sort of attacks.

New to Microsoft Certification exams? We have something you need to try

Really good idea from Microsoft here – an exam sandbox so you can get a feel for how the exams work (without actual exam questions) which can help people be prepared for what they’ll experience doing their first real Microsoft exam. I’ve added this to https://msportals.io too :)

Continuous Access Evaluation in Azure AD is now generally available!

This is a great addition to the security Azure AD provides. Instead of just assessing risk at the time of login, Azure AD will now continually assess risk, and force re-auth if something changes that it decides has increased the risk of the account such as location change or password change. It’s auto-enabled so you don’t have to do anything, but good to be aware of.

Getting Started with a Windows 365 POC

I personally haven’t even looked at Windows 365 yet – so if I was going to get started, this is the perfect sort of blog post to get things going. It looks pretty easy without too many steps, so check this out if you want to have a play.

Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses

Defender for Endpoint P1 is now in M365 E3/A3 licenses. If you’re wondering what P1 is, the article has a comparison table. That means if you have Defender for Endpoint already, it’s probably now P2. Microsoft Defender for Endpoint P1 is looking pretty cheap at $3US per user per month if you don’t already have E3/A3. This still goes to show that Microsoft licensing is hard and confusing, with so many factors to consider.

That’s it for this week, as always you can see the entire feed of TechCommunity posts at https://twitter.com/MSITTechNews

Microsoft TechCommunity Top Posts January 2022, Week 1

Posted on by Adam Fowler

This year, I’m going to pick the most interesting TechCommunity Blog Posts on a weekly basis, and talk about them. There’s so much good content that gets posted and can be missed. This is of course from my point of view and the things I care about, but I hope it’ll help others pick up on some things they might have otherwise missed.

I also have a dedicated Twitter feed that posts all TechCommunity and Azure Blog Posts at https://twitter.com/MSITTechNews if you’d rather see everything.

Here’s my picks:

Email Stuck in Exchange On-premises Transport Queues

Yikes, not a great way to start the year off – referred to as the Y2K22 bug, Exchange On-Premises servers (including ones for hybrid) were getting stuck in transport queues and eventually rejecting emails due to a date issue in malware scanning – it didn’t like the year 2022. Amusingly, the fix sets the date on the signature file as December 33rd, 2021 to get around it. The latest CU11 for Exchange 2019 doesn’t fix it, so unlikely other CUs for other versions of Exchange fix it either.

How to Remote Assist Autopilot Deployments with Quick Assist

This is about using Quick Assist to remote onto someone’s computer as part of Autopilot. It’s interesting we don’t have a nice native way of remoting into a computer we control still without requiring user input – but it does make sense if the machine is still being configured. It’d be better if one of the first things Autopilot did was allow remote controlling by an administrator without having to talk the user through opening command prompt with key combos and typing in commands.

Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview

Using Microsoft Endpoint Manager to deploy Defender to iOS devices without any user input – I love the idea, but this one needs careful planning, testing and communication. What does Defender on iOS actually do? Check out the capabilities such as Web Protection, Threat and Vulnerability Management, and Jailbreak Detection.

Cannot enable Advanced Threat Protection on Managed Instance server

A simple post showing an error when trying to enable Advanced Threat Protection (we’re still apparently calling it that because it’s a pain to update everything with constant name changes!) and workaround. I’ve posted there suggesting they have a readable screenshot of the actual error, and put it there in plain text too so it’s searchable.

How to Manage Microsoft Teams Meeting Recording Auto-Expiration

“New recordings will automatically expire 60 days after they are recorded if no action is taken, except for A1 users who will receive a max 30-day default setting. The 60-day default was chosen because, on average across all tenants, 99%+ of meeting recordings are never watched again after 60 days. However, this setting can be modified if a different expiration timeline is desire”

I’ve gone and turned off the auto-expiring of meeting recordings. Why would I want that? Microsoft’s argument quoted is that people don’t watch them after 60 days 99%+ of the time – except what about the < 1% when you do need it? I only need to lose one meeting to be angry that this setting was ever there. There’s also a slight error in the post:

“To change the default auto-expiration setting for your tenant, go to admin.teams.microsoft.com, navigate to Meetings > Meeting Policies > Add in the left navigation panel”

Add isn’t in the left navigation panel, and we probably shouldn’t be adding a new policy, but instead adjusting the Global (Org-wide default). Creating a new policy that’s not applied to anyone won’t do much :)

I’ve posted the above there and hopefully will get updated.

That’s it for week 1!

My Windows 11 List Of Demands

Posted on by Adam Fowler

Windows 11 is a nice visual refresh to the Windows line of Operating Systems. However, there has been a simplifying and removal of many useful functions; usually these are just hidden behind more clicks, which leaves are more frustrating experience when we’ve become used to a certain way of doing things.

In no particular order, here’s the bug bears I’ve found so far in using Windows 11, and if I’ve found a fix/workaround/setting change:

Start button Location Moved to Middle

The Start Button is in the centre of the screen by default – breaking what we’ve been doing constantly since Windows 95. This change seems unnecessary and even on my 44″ Ultrawide monitor, I’d rather it in the bottom left. I tried leaving it in the middle but gave up after a week.

You can change this back to the left side by:
Click ‘Start’ > ‘Settings’ (if you don’t see it, type it)
Click ‘Personalisation’ > Taskbar (not Start, where you’d expect it!)
Click ‘Taskbar behaviours’ to expand it.
Under Taskbar alignment, change the dropdown from ‘Center’ to ‘Left’

Task Manager missing from right click on taskbar

Task Manager has grown into a much more useful tool since Windows 10, beyond just killing off programs; it provides a bunch more visibility into what your computer is actually doing. For some reason, being able to access it via a right click on the taskbar has been removed.

Ctrl + Shift + Esc will still bring up Task Manager, but it’s one of the more awkward key combos. Right clicking on the Start button itself will bring up a very useful menu (as it does on Windows 10), with one of the options still brining up Task Manager.

The new way I’ll probably try to teach myself to bring up Task Manager is, Winkey + X > T.

‘Edit’ option missing from File Explorer right click (and others)

If you have a look at the right click menu against a file in File Explorer, it will be a much shorter list than what you’re used to. Several common functions (cut, copy, rename, share, delete) are icons at the top, but everything else that didn’t make the ‘cut’ is in the ‘Show more options’ menu, which takes you back to the classic looking right click menu.

As Nathan McNulty pointed out, this can be restored to the old ways via a reg setting (run in PowerShell):

New-Item -Path "HKCU:\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" -Value "" -Force

or via Command Prompt:

reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve

File Explorer Command Bar Simplified

File Explorer had a bunch of useful options in the top Command Bar. They’ve mostly been removed (seeing a trend here?) to simplify and show only a few options. The idea of tabbed menus is completely gone. Some options like ‘Map network drive’ are in an ellipsis menu

PowerShell:

New-Item -Path "HKCU:\Software\Classes\CLSID\{d93ed569-3b3e-4bff-8355-3c44f6a52bb5}\InprocServer32" -Value "" -Force

Command Prompt:

reg.exe add "HKCU\Software\Classes\CLSID\{d93ed569-3b3e-4bff-8355-3c44f6a52bb5}\InprocServer32" /f /ve

Show all icons in Notification Area

Those little icons in the bottom right side of the taskbar – that’s the notification area. I like seeing them all, rather than having them hidden in a submenu. Windows 10 has an option to ‘Always show all icons in the notification area’. In Windows 11, this option isn’t available. I did learn that rather than mucking around with settings, you can just drag an icon out of the menu and pop them straight onto the notification area – but you shouldn’t have to do this for each icon.

Programs in Task Bar don’t expand out

In Windows 10, I’m used to having a reasonable sized bar for each program I have open. It shows the Icon and a bit of text to help identify what the program is (or in the case of Microsft Edge, which profile/web page for those untabbed). It’s great, it uses up all that task bar space. The second monitor does have a consolidated view, but I drive which program I want by clicking in the primary task bar.

Windows 11’s design is to remove that, and have all taskbar programs just show the icon. For pinned programs, you’ll need to look for a blue line/dot below the icon, to indicate a window is open. Multiple windows of File Explorer open? They’re consolidated into the one icon, you’ll need to hover over that and pick the one you want.

This one isn’t possible to restore natively, and there’s a lot of feedback about people wanting it.

Widgets

Widgets are back again (I actually liked them in Vista) except this time, Widgets is a popout menu triggered by a button in the Task Bar (although checking an Insider’s build, this looks like it will change to a weather button in the bottom left). The Widgets popout menu then contains a bunch of sections around news, weather, stocks, eSports, Traffic and so on.

It’s abilit to remember what I actually like or don’t like seems non existent. I’ve removed ‘NBA’ that many times – and yes, I am signing into Widgets with the same account, and on Windows 10 the News and Interests button works the same way). It’s a very US centric service – and only has configuration around 3 Australian Cities (Sydney, Brisbane, Melbourne). There’s a web search function, which of course only uses Bing. Although I like seeing the temperature, if you want to turn off Widgets:

Click ‘Start’ > ‘Settings’ (if you don’t see it, type it)
Click ‘Personalisation’ > Taskbar
Under ‘Taskbar items’ turn the switch ‘off’ for Widgets.

I’m sure there are a bunch of other frustrations in the simplification of Windows 11, as I’m sure the idea is that there’s too many buttons and options for a ‘regular’ user, so the idea is to clean it all up. The problem is that for many people used to these options, it feels like a step back.

Maybe the approach Microsoft should take is to have Windows 11 ‘Basic Mode’ and ‘Advanced Mode’ to try and keep everyone happy?

There are some good features in Windows 11 too, such as Snap Layouts / Snap Groups, where you can pick the size of the window to fill in your sceen – handy on an ultrawide, where you want to move a window to the right third of the screen. There’s also the whole Android app support that’s coming…

Anyway, it’s early days for Windows 11 – and although there’s plenty of criticism from Insiders on recommendations that were not taken up, I expect we’ll see the continual improvement and evolution of the platform; mostly for the better ( News and Interests is one of the reasons I say ‘mostly’ ).

Visio for the web is out!

Posted on by Adam Fowler

Microsoft Mechanics (YouTube) has made me aware that Visio for the web was now available. Check out the above video for a great overview on what this is, but I’ll break down my findings so far:

Visio for the web is ‘free’ as long as you have a business license of any sort. The full version of Visio is still available, and there’s a list of feature comparisons between the two here. As the name suggests, Visio for the web is purely a web based version of Visio, but isn’t just a viewer – it allows creating and editing of Visio files. You can download the results as an actual Visio file, or PDF/Image file.

Opening Visio up to to all users in an environment is a big change. Historically, it was limited to an expensive license, so staff who had basic occasional needs would often miss out on using Visio – either by trying to do diagrams in Microsoft Word (which is a horrible experience!), finding a 3rd party solution, or just not doing it.

Although Visio for the web has hit ‘General availability’, as per the advisory below, it is currently rolling out to tenants and is planned to be completed by January 2022:

How do you know if it’s in your tenant? Either see if you have the Visio app in your list of apps:

No Visio
Yes Visio

Or, just try and go to Visio for the web on the URL https://www.office.com/launch/visio?auth=2 and see if you can create a ‘New blank drawing’

My experience was that although the Visio for the web page loaded, I couldn’t create a New blank drawing in a tenant that didn’t have Visio for the web enabled yet:

No license for Visio for the web

Adding a Visio Tab into Microsoft Teams: The app will probably be allowed by default in the Microsoft Teams admin center, you check check directly on this link https://admin.teams.microsoft.com/policies/manage-apps/com.microsoft.teamspace.tab.file.staticviewer.visio/

However, the client side experience was a bit more confusing. On the tenant that didn’t have Visio for the web option available yet, I could add a tab for Visio and pick a file (not that I had any). However, on the tenant that had Visio for the web had the option on the web based version of Microsoft Teams, but not the Teams client. This was on preview version 1.4.00.29480 (64-bit) (and I checked for updates), but a ‘standard’ version of Teams in the same tenant, different user, had the Visio option. Your results may vary!

In the Microsoft Mechanics video, they pointed out that using Visio as a pseudo whiteboard due to it’s sharing capabilities was a really good point. It adds to some of the solutions the product can solve – a virtual whiteboard that may be much easier to use, rather than trying to draw squares, circles and lines with a mouse.

There is a ‘Beginner tutorial for Visio’ content that covers “Visio on the web” is not actually “Visio for the web” as far as I can tell after going through some of the instructions that don’t work. There’s also other references to ‘Visio for the web’ such as this one https://techcommunity.microsoft.com/t5/visio-blog/we-heard-you-diagramming-is-even-easier-in-visio-for-the-web/ba-p/1670427 , so hopefully some of the naming gets cleared up.

There doesn’t really seem to be any content that I could find, to share with end users on Visio for the web basics. If you find something, please share!

Microsoft Teams – Routing calls to unassigned numbers

Posted on by Adam Fowler

A new feature has turned up today in Microsoft Teams – the long awaited ability to route unassigned numbers. This was available in Skype for Business On-premises, and is great for misdials or when someone departs the firm, their calls can be sent to someone else, such as reception. There’s no ongoing work or maintenance required either, once a number is unassigned, it can be picked up by these rules.

The documentation is light at the moment and it’s in preview, but it does work. Note that I’ll cover the call redirect option, but there’s also an option to redirect calls to a pre-recorded message in WAV format.

First, make sure your MicrosoftTeams PowerShell module is at least 2.5.1. The latest live version at the time of writing is 2.6.0 so you don’t need to worry about preview module versions – just the PowerShell command:

Update-Module Microsoft Teams

will update. You can check the version afterwards with this command:

Get-Module MicrosoftTeams | Format-Table Name,Version

Once your MicrosoftTeams module is up to date, and if you’re redirecting the call to a user, auto attendant or calling group, you’ll first need to get the ObjectID. Here’s Microsoft’s example for a resource account:

$RAObjectId = (Get-CsOnlineApplicationInstance -Identity [email protected]).ObjectId

However, if you’re redirecting to a normal user account, use this command instead:

$UserObjectId = (Get-CsOnlineUser -Identity [email protected]).ObjectId

Once you have the $UserObjectID value set, it’s time to create the Unassigned Number Treatment. The possible options for this command are documented here and again here’s an example:

New-CsTeamsUnassignedNumberTreatment -Identity Unassigned1 -Pattern "^\+618xxxxxx\d{2}$" -TargetType User -Target $UserObjectId -TreatmentPriority 2

I’ll break down a few of these values.

Identity: This needs to be a unique value for the treatment and can be a descriptive name.

Pattern: This is where you define the number pattern. In my example above, I’m wanting the number to match what I’ve defined up to the last two digits, which can be anything.

TargetType: This needs to be defined as User, ResourceAccount or Announcement for the Target.

Target: This is the ObjectID from the first command.

TreatmentPriority: This needs to be a unique number for each treatment, and has an order preference in case of overlap in rules. I’m using 2 above purely because it’s the second one, and have no plans on overlapping rules.

Once the New-CsTeamsUnassignedNumberTreatment command has completed, it won’t apply immediately – in my testing it took roughly 15 minutes.

I’m really glad this feature is now available – and I expect others have also been waiting for it to be available, or weren’t aware it was even an option.