Activating RMS in Office 365

Microsoft Azure Rights Management provides a comprehensive policy-based enterprise solution to help protect your valuable information, no matter whom you share it with.

These policies help improve data security using both Both Information Rights Management and Office 365 Message Encryption

To activate rights management:

  1. Log into Office 365 with an account which has been assigned an administrator role. To do this simply go to the portal site:
  2. Click on admin to enter the Office 365 admin center via the admin app icon

  3. In the left pane, expand the service settings
  4. Click on Rights Management to enter the Rights Management dashboard
  5. Here on the dashboard, click on Manage
  6. Click on Activate to active Rights Management

For additional options and steps please have a log over on technet


Thanks for visiting – jermal

Tech Short: Change Password VMware vCenter 6

The day would come where I would need to change my password in vCenter… Today was that day; Thankfully vCenter places am informative notice of your expiring password.

Here is how you can change your password using vCenter 6:

Log into vCenter 6

  1. Click Home.
  2. Click Administration.
  3. Click Single Sign-On > Users and Groups.
  4. Click the Users tab.
  5. Right-click the affected user account, selecting edit user
  6. Enter in the current password, followed by your new (it could be the same, I don’t ever recommend this practice)
  7. Click OK to save changes.


I hope you enjoyed this techshort, thanks for visiting – jermal

Disable Windows Firewall Server Core

Server Core now installed and what is the first command I choose to run in PowerShell

Its a command to disable all firewall profiles:


Windows 10 Enterprise 2015 LTSB, What’s That?

If you pondered on what is “LTSB”. Here is some “shared” info for you.

What is the Long Term Servicing Branch?

“Windows 10 uses a new approach to providing updates to users. Traditionally Microsoft would release a version of Windows and then provide updates such as security and bug fixes, but not add any major, new functionality. Every few years Microsoft would release a new version of Windows that contains updates and new features but this meant customers would always have to wait years for new functionality. With Windows 10, Microsoft is giving users greater choice in how they receive new features with the introduction of a long-term servicing branch (LTSB) and a current branch (CB) version.

The LTSB is similar to how versions are delivered today with a new one delivered every couple of years and in between each new version Microsoft will provide security updates, bug fixes and so on. Alternatively, customers can choose to use the CB method which provides security updates, bug fixes, and new features every few months.

When each LTSB is released it will converge with the currently existing CB, allowing customers to transition from CB to LTSB, in the event they decide they no longer want to receive updates so frequently. Customers using LTSB will be able to upgrade between LTSB builds and likely one additional time prior LTSB (current Windows 8.1 would count as a LTSB).”

source of info shared here

To sum this up in a short way:
The Long Term Servicing Branch versions of Windows 10 act like older versions of Windows in that you will still receive security patches and bug fixes through Windows Update but you will not receive enhancements and new feature upgrades.

Office 365: Self Service of Distribution Groups

The ability to self service the creation of distributions groups has been a feature for quite some time in my Exchange experiences.  Now that I am in Office 365 / Exchange Online this functionally is no longer available for synced groups. This now forces the enlistment of the support department to facilitate all mortification for the end user.

Looking into this to get an understanding as to why this is, I’ve learned that if you’re an Office 365 Exchange Online customer and currently utilizing Directory Synchronization (DirSync) between an on-premise Active Directory and Office 365’s Azure Active Directory you will face such incidents as the objects on the Office 365 are in read only mode and are updated via the synchronization that has been put in place

You are even given a a little message when you attempt to make modification to groups:  The action ‘Update-DistributionGroupMember’, ‘Identity,Members’, can’t be performed on the object ‘Group Name’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

Now aware of this limitation that exist around group modification due to them being read only how do I work like this? I have the following two ideas to work with.


One method is to go old school and use the Use the ‘Find Users, Contacts and Groups’ tool to allow group modification. However there is an issue regarding the fact that the computer used needs to be a member of the domain and at the time of change also connected to the on premise domain network (internal or via vpn).

Note: After changes have been made the condition of waiting for Directory Synchronization (DirSync) to complete its sync cycle must take place.  This can take up to 3 hours time.



The Second method is to change all Directory Synchronization (DirSync) Distribution Group Objects to the Azure Active Directory and make the On-Clound


Another case of Monday morning spam/malware

– message body –

Dear Customer :

Your statement is attached. Please remit payment at your
earliest convenience.

Thank you for your business – we appreciate it very



– end of message –

 – message also has a file attachment –

– inside of the zip file is an executable –


Virus Found: Win32/Kryptik.DBCZ trojan

– end –

Please note:  The company associated with the domain used for this email may not have any knowledge of this email being sent out as its clearly forged.

The best suggestion is to delete this if your spam / malware /antivirus solution has not.


Microsoft Security Bulletin: Windows, IE, Exchange and Office

Microsoft has released their Advance Notification for the December 2014 security bulletins. There will be a total of seven bulletins, three of which will update critical vulnerabilities. 

Critical update affects Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008

The critical update also affect Exchange Email Product Line as well as Office 2010. Office 2013 and even Office Web Apps.

So it looks like there is a need to patch as soon as these are released.

Don’t forget to patch, and update your  MSRT (Malicious Software Removal Tool)

Source:  zdnet

For more info and details:  Microsoft Security Bulletin Advance Notification for December 2014

SHA-1 based SSL Certificates are being Phased Out

Hello friends,

The following post is to advice some of you that run public facing websites which use SSL.  Google Chrome  will start giving users Warning messages when accessing sites that use SHA-1 based SSL Certificates.

By the way – This is scheduled to start happening in under a month form now. And if you are like me and test SSL on sites you manage and visit you would notice that many are now flagging SHA-1 is insecure and lowering your sites ratings on security.

What is SHA-1

The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago.

Why change it now?

Well its not that its new news. SHA-1’s use on the Internet has been deprecated since 2011. However change across the world takes a bit more time.  And with the advancement of computing technology the ability to create  Collision Attacks. So companies such a Google and Projects such as Firefox, oh and Microsoft are all Sunsetting SHA-1.

What do this mean for me?

This means you need to have your certificates re-keyed through your SSL provider using a certificate signing request (CSR) with a SHA-256 signing hash if you don’t want people to get browser warnings.

But IIS doesn’t offer this?

You are correct it doesn’t.  If you are using  IIS,  regardless of what version of Windows OS (2003-2012) you only can generate SHA-1 certificates. So its time to embrace the power of Linux or simply OpenSSL to get the job done.

So my advice is that you start making the change, so that you don’t have to deal with the embarrassment of your customers and site visitors asking you why your SSL enabled site is reporting warnings.

Warning Example:  This site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it.

– Jermal

Ref Links:

Online Tool(s)

Check your SSL Sites –

Using built in Windows tool to secure wipe free disk space

So your working and had to make a backup copy of the CEO’s outlook data file onto your local computer. After your work on his or her mailbox you delete the backup.  So you think!

Now  we know this isn’t the true.

There is where CIPHER comes in.

Cipher is a command-line tool (included with Windows) that you can use to manage encrypted data. It can also be used to clean the white space (unused space) on your hard drive.

Let’s get to using this shall we

First open an command prompt as Administrator.

Type cipher /? to list the optial syntax for the command.  As you can see there is a lot this little tool can do.  More on this at another time.

So in my case I wanted to wipe all the free space in volume d:\ of my Windows system.  By typing cipher.exe /w:d <press enter> and I am now able to wipe the free space and any trace of my CEO’s backed up mailbox.

Now just sit back and wait until completed and your done.  Simple and effective.

Let’s recap

I wanted to delete the free disk space on my computer to remove the ability of data being recovered.

To do this I opened a command prompt (as administrator)
While in the command prompt typed in cipher /w:d (d being my drive)


Man-in-the-Middle (MITM)

You are on vacation or spending the weekend at the beach. Like normal your using your laptop or smartphone.  You may be computer savvy; so you don’t allow onlookers view you typing your secure passwords.

But its not those that you can see you need to worry about.

Its the person watching your network activity; logging every site you visit, logging you bank credentials,  email, home address , contacts (friend lists), and anything else s/he can obtain. The ultimate eavesdropper.

This persons mission; to steal data from you, about you. This is the man(or woman) in the middle (MITM).

The man-in-the-middle will use many tools and security vulnerabilities which are exploited to allow them to see your data as clear as looking at it on your screen.  More so they can see your passwords even when they are all dotted out from the naked eye.

The MITM can inject code into your session to redirect you to fake sites, they can even see what you are viewing in real time.

Attackers use non-secured log-ins to apps on your phone and web sites you visit to obtain data about you.

So how do I protect myself from this?

There are many solutions; the best methods are to always use applications (apps) on your phone that use secure connections to the services it connects to.  This may be a shock to you; many do not, and this is part of the problem.

Always use sites that are secured with HTTPS from start to finish.  Again, many do not, and this leaves you exposed.

If and when possible use a VPN (virtual private network) solution.

This is another form of protection as your communication is sent encrypted threw a network you trust to be more secure than the one you are presently on.

So best advice I can offer you is

  • Be aware of the sites you visit
  • Ensure the sites you use , are using SSL
  • Be sure the apps you choose to use, are using SSL
  • Get a VPN Solution
  • And change your passwords often
  • And don’t use the same password for everything