O365Undo v0.3 released!

July 7, 2016 JosL 3 Comments

O365Undo is a great script you can use to roll back actions of your user(s) in Office 365. Most likely, actions your user wasn’t aware of but were actually done by a CryptoLocker or by RansomWare.

These nasty virusses can cause havoc on your mapped or synced Sharepoint Online or Onedrive for Business libraries in the form of file level encryption or file name obfuscation.

Do not forget to enable the Unified Audit Log

June 29, 2016 JosL 3 Comments

Office 365 and all related services have various forms of auditing options, it’s a pain to monitor and configure them all.

A while back, Microsoft unified these auditing logs into the Unified Audit Log. The Unified Audit Log for Office 365 is super easy to configure.

For all my customers I always enable this free feature, it is pretty much the only way you can have a RPO of 0 when you need to undo changes / deletes or restore data, and gives you a very nice and compliant audit log of everything your users and admins do in your environment.

In addition, it allows me to help you automatically reverse nasty CryptoLocker actions like mass file and folder renames and restore previous versions in bulk.

edit: you can also enable the audit log programatically

OneDriveMapper

OneDriveMapper v2.35 released!

June 22, 2016 JosL 4 Comments

Version 2.35 of OneDriveMapper has been released.

Just a few minor changes:

Support for MFA authenticator app in Office 365
Fixed a minor bug where a username prompt could appear twice
Reports maximum file size upload from WebDav regkey
Checks for an @ in the login name

Get the new version here

Powershell, Sharepoint Online

Auditing your Sharepoint Online site collections

June 22, 2016 JosL Leave a comment

As, generally, we want to know what goes on in our environment, I like to enable Auditing wherever I can. Sharepoint is a more and more important resource where we store our data. Auditing can be very useful if files dissapear, auditors need specific information, or worse, cryptolockers rename all your files.

As setting audit logging through the interface is well documented, I wanted to share the Powershell way of doing this, assuming you’ve already installed the Sharepoint Client Components:


[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") | Out-Null [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime") | Out-Null

$Context = New-Object Microsoft.SharePoint.Client.ClientContext("INSERT YOUR SITE URL HERE")
$secPassword = ConvertTo-SecureString "YOUR PASSWORD" -AsPlainText -force
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials("YOUR LOGIN",$secpassword)
$Context.RequestTimeout = 16384000
$Context.Credentials = $Credentials
$Context.Load($Context.Web)
$Context.Load($Context.Site)
$Context.ExecuteQuery()

#set audit logging for the site collection to ALL
$Context.Site.Audit.AuditFlags = "All"
$Context.Site.Audit.Update()
$Context.ExecuteQuery()

OneDriveMapper, Powershell

OnedriveMapper v2.34 released!

June 15, 2016 JosL Leave a comment

Version 2.34 of OneDriveMapper has been released.

Now attempts to automatically add the required trusted site entries
Attempts to automatically start the WebDav service if not running and user is local admin
A number of small checks and automatic corrections for user faulty input / setup
from now on all versions will be released as .ps1 instead of .zip