PowerShell

Configure preferred geo data location in Office 365

 

GDPR had me thinking about Multi-Geo in Office 365

By default, Office 365 resources for your users are located in the same geo as your Azure AD tenant. So, if your tenant is located in North America, then the users’ Exchange mailboxes, OneDrive is also located in North America. For a multinational organization, this might not be optimal for various reasons.

Reasons such as

  • Performance and
  • Data residency requirements for data-at-rest

Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 data-center geographies (geos) and gives customers the ability to store their Exchange and OneDrive data, at-rest, on a per-user basis, in their chosen geos

By setting the attribute preferredDataLocation, you can define a user’s geo

A list of all geos for Office 365 can be found here or long URL format: https://products.office.com/en-us/where-is-your-data-located?geo=All

These values can be set in your Office 365 tenant via PowerShell or Azure AD Connect.

In PowerShell – 

# Connect to Office 365 – by Jermal Smith (@jermsmit)
Set-ExecutionPolicy RemoteSigned
# Get-Credential – You will be asked for username / password
$credential = Get-Credential
# Import-Module MsOnline
Import-Module MsOnline
# If this step fails in error – Install-Module MsOnline
# Connect to MsolService using supplied credentials
Connect-MsolService -Credential $credential

Then use the command: Set-MsolCompanyAllowedDataLocation followed by service type and location.

Ref: https://docs.microsoft.com/en-us/powershell/module/msonline/set-msolcompanyalloweddatalocation?view=azureadps-1.0

After you have assigned Data Locations you can then set users to the location by issue the following example command:

Set-MsolUser -UserPrincipalName jsmith@jermsmit.com -PreferredDataLocation EUR

Then confirming with:

Get-MsolUser -UserPrincipalName jsmith@jermsmit.com | Select PreferredDataLocation

The above works well for new users, but for existing user’s you will need to trigger a migration with the following command:

Start-SPOUserAndContentMove -UserPrincipalName jsmith@jermsmit.com -DestinationDataLocation EUR

Ref: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/start-spouserandcontentmove?view=sharepoint-ps

Lastly… “To be eligible for Multi-Geo, you must have at least 5,000 seats in your Office 365 subscription” As this is just getting released I am confident more information will be known soon.

 

 

Tech News: VMware PowerCLI 10.0.0! Released

VMware just released PowerCLI 10.0.0. and before you ask; I thought they were just on version 6?  I wondered the same and here is the answer: The decision to move to version ten was a marketing choice as the PowerCLI project recently celebrated its 10th birthday.

Let’s get into the how to install or update to the latest

Requirments:

The only pre-requisite is to have PowerShell Core 6.0 installed. This adds support for Mac OS and Linux.

Installation Steps:

  1. Get yourself to a powershell prompt with administrative privileges
    In my case, I am on Windows 10 and prefer to use PowerShellISE
  2. Enter the following: Install-Module -Name VMware.PowerCLI -Scope CurrentUser
    This will initiate the install of the latest PowerCLI modules.

    If you receive a warning, use the -Force comamnd:

    “WARNING: Version ‘6.5.1.5377412’ of module ‘VMware.PowerCLI’ is already installed at ‘C:\Users\sysadmin\Documents\WindowsPowerShell\Modules\VMware.PowerCLI\6.5.1.5377412’. To install version ‘10.0.0.7895300’, run Install-Module and add the -Force parameter, this command will install version ‘10.0.0.7895300’ in side-by-side with version ‘6.5.1.5377412’.”

  3. Next enter: Set-PowerCLIConfiguration -InvalidCertificateAction Ignore

    This version of PowerCLI changes the way certificates are handled when connecting to a vCenter server or ESXi host with the Connect-VIServer cmdlet. If your connection endpoint is using an invalid certificate (self-signed or otherwise), PowerCLI would previously return back a warning. The handling has been updated to be more secure and now return back an error.If you are using an invalid certificate, you can correct the error with the ‘Set-PowerCLIConfiguration’ cmdlet. The parameter needing to be configured is ‘InvalidCertificateAction’ and the available settings are Fail, Warn, Ignore, Prompt, and Unset.

For more info ref: https://blogs.vmware.com/PowerCLI

 

 

Install VMware Tools Windows Server 2016 Core

I just completed my install of Windows Server 2016 Core as a guest in my VMware Lab. Now that this has been completed the next step is for me to install the VMware tools so that I can take advantage of various features; specifically, template deployment with customization options

About:VMware:Tools: VMware software tools enhance the performance of the guest operating system and improve the management of the virtual machine guests operating systems.

How to install:

  1. Select your VM from vCenter and select ‘Guest OS > Install VMware Tools
    This mounts the VMware CD Image containing the installation files
  2. Inside the guest machine type ‘powershell’
    This will drop you from the command shell to powershell prompt
  3. Next type the command Get-PSDrive
    This will return the drives attached to the system
  4. Change to the drive that the VMware tools are currently mounted
    In my case, this was drive letter “D”
  5. Issue the command .\setup64.exe to start the install process

    Note: issuing just setup.exe or setup64.exe will end in an error as Windows poweshell does not load commands such as this by default 
  6. Follow the steps of the VMware tools installer and restart when completed.

 

Ref: http://jermsmit.com/howto-install-vmware-tools-on-windows-server-2102-r2-server-core/

Hyper-V Virtualization: Turning Hyper-V On and Off

I recently started using Hyper-V on my Windows 10 workstation to task advantage of using technologies such as Docker that leverages Hyper-V to run its container images.  I also run VMware Player for running virtual machines.

The following commands make it a simpler task to toggle Hyper-V on and off again.

To Turn Hyper-V off, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype off

To turn Hyper-V back on, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype on (or auto start)

 

Note:  Quick method to check the status of Hyper-V – Get-WindowsOptionalFeature -Online -FeatureName *hyper*

Microsoft: Meltdown and Spectre Check via PowerShell

Like many folks around the world, I was wondering if this Meltdown and Spectre flaw would impact my computers and virtual machines.  Microsoft has started to release emergency fixes for Windows 10 and its been said that Windows 8 and legacy 7 will also receive patches.

Microsoft has released a PowerShell script that lets users check whether they have protection in place.

Steps to take:

  1. Open PowerShell (I like to use PowerShell ISE)
  2. Run PowerShell as as Administrator.
  3. Type Install-Module SpeculationControl and press Enter.
  4. When the installation completes, type Import-Module SpeculationControl and press Enter.
  5. Type Get-SpeculationControlSettings and press Enter.

In the list of results that’s displayed, you’re looking to see that a series of protections are enabled — this will be listed as True.  Ref: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Should reassemble 

Speculation control settings for CVE-2017-5715 [branch target injection]

  • Hardware support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

  • Hardware requires kernel VA shadowing: True
  • Windows OS support for kernel VA shadow is present: True
  • Windows OS support for kernel VA shadow is enabled: True
  • Windows OS support for PCID optimization is enabled: True