Category Archives: Office 365

ADFS, Office 365

Office 365 fallback from ADFS to Password Sync with ADFS down

Leave a comment

Because I’ve been asked too many times and keep having to look up the commands, I’m just going to throw them here for reference. If your ADFS farm, federated with Office 365, goes down for some reason and is no longer reachable, the Microsoft way of unfederating your Office 365 logon domain won’t work, as the set-msoladfscontext command won’t be able to reach your ADFS machine.

Simply setting the domain’s authentication mode from Federated to Managed will also do the trick and allow your users to login with their synced passwords:

Import-Module MSOnline
Connect-MsolService
Set-MsolDomainAuthentication -Authentication Managed -DomainName yourlogondomain.com
Exchange Online, O365Undo, Office 365

Programmatically enabling or disabling the Unified Audit Log in Office 365

Leave a comment

For our enrollment process of customers in Office 365, we enable the Unified Audit Log by default, as this has a great number of benefits.

At first, the only way to do this was through the UI, but now we can enable the Unified Audit Log with the following  Powershell command in the Exchange Online Remote Shell:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled:$True

Or to disable the Unified Audit Log through Powershell:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled:$False

Note that disabling the Unified Audit Log can only be done through Powershell.

Office 365, Security

Do not forget to enable the Unified Audit Log

3 Comments

Office 365 and all related services have various forms of auditing options, it’s a pain to monitor and configure them all.

A while back, Microsoft unified these auditing logs into the Unified Audit Log. The Unified Audit Log for Office 365 is super easy to configure.

For all my customers I always enable this free feature, it is pretty much the only way you can have a RPO of 0 when you need to undo changes / deletes or restore data, and gives you a very nice and compliant audit log of everything your users and admins do in your environment.

In addition, it allows me to help you automatically reverse nasty CryptoLocker actions like mass file and folder renames and restore previous versions in bulk.

edit: you can also enable the audit log programatically

Office 365, OneDrive for Business, Powershell, Sharepoint Online

O365AntiCryptoLocker, restores the previous version of your files in Sharepoint Online or Onedrive for Business

14 Comments

Note: O365Undo is also free and can probably help you fix your crytolocker problem more precisely as it is the next version of O365AntiCryptoLocker

O365AntiCryptoLocker

At OGD we sometimes have to deal with users that got infected with CryptoLockers and have both automated and controlled systems in place to prevent damage or restore data to any fileshares. An infection on Sharepoint Online or Onedrive has not yet happened, but eventually it of course will and I like to fix things before they break.

As Sharepoint Online and Onedrive for Business natively use versioning on files, you basically have no real risk of losing data to Cryptolockers, your RPO (Restore Point Objective) is 0. However, restoring the previous versions of files is quite a lot of work if done manually, so your RTO (Restore Time Objective) could be weeks or more.

Unless of course, you use Powershell. I’ve written a script that will restore the most current previous version of any file in a given Document Library.

Download: O365AntiCryptoLocker

Example usage for a Onedrive site:

.\O365AntiCryptoLocker.ps1 -siteURL "https://o365mig-my.sharepoint.com/personal/test1_o365mig_onmicrosoft_com" -login "mylogin" -password "mypassword" -libraryTitle "Documents"

Or for a Sharepoint Online Site:

.\O365AntiCryptoLocker.ps1 -siteURL "https://o365mig.sharepoint.com/site1" -login "mylogin" -password "mypassword" -libraryTitle "Documents"

You’ll need the Sharepoint Client Components installed, and you’ll have to have sufficient permissions on the library and its files.