SharePoint

Configure preferred geo data location in Office 365

 

GDPR had me thinking about Multi-Geo in Office 365

By default, Office 365 resources for your users are located in the same geo as your Azure AD tenant. So, if your tenant is located in North America, then the users’ Exchange mailboxes, OneDrive is also located in North America. For a multinational organization, this might not be optimal for various reasons.

Reasons such as

  • Performance and
  • Data residency requirements for data-at-rest

Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 data-center geographies (geos) and gives customers the ability to store their Exchange and OneDrive data, at-rest, on a per-user basis, in their chosen geos

By setting the attribute preferredDataLocation, you can define a user’s geo

A list of all geos for Office 365 can be found here or long URL format: https://products.office.com/en-us/where-is-your-data-located?geo=All

These values can be set in your Office 365 tenant via PowerShell or Azure AD Connect.

In PowerShell – 

# Connect to Office 365 – by Jermal Smith (@jermsmit)
Set-ExecutionPolicy RemoteSigned
# Get-Credential – You will be asked for username / password
$credential = Get-Credential
# Import-Module MsOnline
Import-Module MsOnline
# If this step fails in error – Install-Module MsOnline
# Connect to MsolService using supplied credentials
Connect-MsolService -Credential $credential

Then use the command: Set-MsolCompanyAllowedDataLocation followed by service type and location.

Ref: https://docs.microsoft.com/en-us/powershell/module/msonline/set-msolcompanyalloweddatalocation?view=azureadps-1.0

After you have assigned Data Locations you can then set users to the location by issue the following example command:

Set-MsolUser -UserPrincipalName jsmith@jermsmit.com -PreferredDataLocation EUR

Then confirming with:

Get-MsolUser -UserPrincipalName jsmith@jermsmit.com | Select PreferredDataLocation

The above works well for new users, but for existing user’s you will need to trigger a migration with the following command:

Start-SPOUserAndContentMove -UserPrincipalName jsmith@jermsmit.com -DestinationDataLocation EUR

Ref: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/start-spouserandcontentmove?view=sharepoint-ps

Lastly… “To be eligible for Multi-Geo, you must have at least 5,000 seats in your Office 365 subscription” As this is just getting released I am confident more information will be known soon.

 

 

Office 365: Use Content Search to delete unwanted Emails from Organization

Office 365: Use Content Search to delete unwanted Emails from Organization

As an admin you can use the Content search located under Security & Compliance to search for and delete email message from select or all mailbox in your organization.  This is particularly useful to remove high-risk emails such as:

  • Message that contains sensitive data
  • Messages that were sent in error
  • Message that contain malware or viruses
  • Phishing message

 

To start the process, we begin with creating a content search:

  1. Log into your Office 365 protection center – https://protection.office.com
  2. Click on Search & investigation, then select Content search
  3. From Content search click on the “New” Icon
  4. Enter a name for this search job
  5. Select either specific mailboxes or “all mailboxes”
  6. Select “Search all sites”, public folders are an option depending on your search criteria
  7. Click Next
  8. Enter in keywords to search of leave blank to search for all content
  9. Add Conditions – In my example I am looking for a subject (ex. Microsoft account unusual sign-in activity)
  10. Click Search

 

The search will start and results will be displayed in the right pane.

When completed you a preview the results and export to computer as a report.

Now the you have generated a search you can move to deleting the content you had searched for.

To do this we will need to connect to the Security & Compliance Center using remote PowerShell.

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session -AllowClobber -DisableNameChecking

$Host.UI.RawUI.WindowTitle = $UserCredential.UserName + ” (Office 365 Security & Compliance Center)” 

 

Once successful authenticated, and connected to the compliance center you can creation a new action to delete the items found in our previous search.

This is done by using the following example:

New-ComplianceSearchAction -SearchName “Phishing” -Purge -PurgeType SoftDelete


$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

New-ComplianceSearchAction -SearchName “RE: Account Confirmation” -Purge -PurgeType SoftDelete

New Phishing Scam Using Microsoft Office 365

*** Attention Required ***

It seems that the bad guys are at it once again with an attempt to collect information by phishing credentials from those of us using Office 365 for corporate emails.  The characteristics of this particular attack the hackers intention is to deceive Office 365 users into providing their login credentials”.

The user sees a fake Office 365 login page, which requests their credentials. Once the Office 365 usernames and passwords have been compromised, the hackers can:

  • Send emails to other users in the victim’s address book, asking them for anything, sending fake invoices, sending more phishing emails, etc.
  • Access the user’s OneDrive account, to download files, install more malware, infect files with malware, etc.
  • Access the users SharePoint account, to download files, install more malware, etc.
  • Steal company intellectual property or other customer information such as customer SSNs, credit card numbers, email addresses, etc.

One of the characteristic of this recent attack is an email being sent with an embedded image which resembles an Microsoft Office Word document containing a link back to a site with a fake Office 365 logon page.  In addition to this the site URL ends in php?userid= syntax.

I have provided the following YouTube video to illustrate the interaction of the fake Office 365 logon page.

Link: https://youtu.be/wHxkzxGF4JY

 

Advice:

It’s an important part of your responsibility to be cautious when accessing emails even from known senders to ensure its legitimate by reviewing the email to ensure that its legitimate.

If in doubt do not open the email and reach out to the sender to ensure they sent you the email.  If you self-determine an email to be suspicious immediately report incidents as soon as they happen.

 

Here are a few guidelines below that could be followed.  Please review:

 

Check the sender.

Sometimes, cybercriminals and hackers will fake (or “spoof”) the sender of an email. If the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, something may be suspicious.

Check for (in)sanity.

Many typical phishing emails are mass-produced by hackers using templates or generic messages. While sophisticated attacks may use more convincing fake emails, scammers looking to hit as many different inboxes as possible may send out large numbers of mismatched and badly written emails. If the email’s content is nonsensical or doesn’t match the subject, something may be suspicious.

Check the salutation.

Many business and commercial emails from legitimate organizations will be addressed to you by name. If an email claims to come from an organization you know but has a generic salutation, something may be suspicious.

Check the links.

A large number of phishing emails try to get victims to click on links to malicious websites in order to steal data or download malware. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Beware of shortened links like http://bit.ly, http://goog.le, and http://tinyurl.com. If an email links to a suspicious website, something may be suspicious.

Don’t let them scare you.

Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, something may be suspicious.

Don’t open suspicious attachments.

Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. If you get an unexpected or suspicious attachment in an email, something may be suspicious.

Don’t believe names and logos alone.

With the rise in spear phishing, cybercriminals may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo you recognize doesn’t mean that it’s trustworthy. If an email misuses logos or names, or contains made-up names, something may be suspicious.

If you still aren’t sure, verify!

If you think a message could be legitimate, but you aren’t sure, try verifying it. Contact the alleged sender separately (e.g., by phone) to ask about the message. If you received an email instructing you to check your account settings or perform some similar action, go to your account page separately to check for notices or settings.

 

 

Using Get-SPWebTemplate to list available site templates in SharePoint 2013

In this tech-short we will go over a simple yet effective way to list out the available site templates in SharePoint 2013.

Using the New-SPSite PowerShell cmdlet allows you to specify the name of a template to use. In my case I was unaware of the name of available templates in my SharePoint installation.  Using the Get-SPWebTemplate command to produce a list for me.

Steps

  1. Open the SharePoint 2013 Management Shell
  2. The the following command: Get-SPWebTemplate | Sort-Object “Name”

The results are a list Templates which could be used in this environment.

 

If you wanted to do the same with PowerShell locally or remote the following steps can be taken.

Open PowerShell and issue the following commands:

  1. New-PSSession -ComputerName SharePoint
  2. Add-PSSnapin Microsoft.SharePoint.Powershell
  3. Get-SPWebTemplate | Sort-Object “Name”

SharePoint Server 2016 IT Preview

The SharePoint Server 2016 preview is now available to download from the Microsoft website:

http://www.microsoft.com/en-us/download/details.aspx?id=48712

Note: Windows Server 2012 R2 is required

Brief on Install Instructions

  1. Review SharePoint Server system requirements
  2. Download and install full-featured software for a 180-day trial
  3. When prompted, use the following product key: NQTMW-K63MQ-39G6H-B2CH9-FRDWJ