Moin.

PowerShell Language Modes are a way to restrict the functionality of PowerShell to increase the security of a system. Of course, this is only one small piece in a larger security strategy, so this alone is not sufficient protection for a system. At the same time, it’s also a double-edged sword: Advantage: we remove a powerful tool from potential attackers. Disadvantage: We as administrators can no longer use PowerShell properly on a system either....

I had this weird issue with a Exchange Server environment: The company had an Exchange Server 2016 DAG and migrated all User Mailboxes to Exchange Online. I then installed a fresh Exchange Server 2019 for Recipient Management and SMTP-Relay. To use the Exchange Server 2019 Hybrid License, I did not create a Mailbox Database. I removed all remaining System Mailboxes and Arbitration Mailboxes from the Exchange 2016 Servers. I decomissioned the DAG and uninstalled Exchange from the old Servers....

Just a quick note if you want to use ntfy.sh with Home Assistant. Setup I added the following section to my /config/configuration.yaml file: 1 2 3 4 5 6 7 8 9 10 11 12 13 shell_command: ntfy: > curl -X POST --url 'https://ntfy.sh/{{ topic }}' --data '{{ message }}' --header 'X-Title: {{ title }}' --header 'X-Tags: {{ tags }}' --header 'X-Priority: {{ priority }}' --header 'X-Delay: {{ delay }}' --header 'X-Actions: {{ actions }}' --header 'X-Click: {{ click }}' --header 'X-Icon: {{ icon }}' Usage To send send a notification, I use this YAML action in an Automation....

I’ll try to keep it short: If you want to manage Exchange Online via Azure Automation, Managed Identities is what you should use (as of early 2023). Legacy approach In the past, RunAs Accounts or Plaintext Credentials (🤢) were also commonly used for this purpose, but this is now considered deprecated. RunAs accounts will be discontinued by fall 2023. And I don’t have to say anything about plaintext passwords, do I?...

Here’s a quick tip on howto enable or disable the Staging Mode in Azure AD Connect via PowerShell. Sadly there is no native Cmdlet in the style of Set-ADSyncStagingMode or something like that. In this article I’ll first explain the approach and then later on list the full command block you can use. So feel free to skip below to the end of the post. The following PowerShell Cmdlets have to get executed on the Azure AD Connect Server....

I had an issue with a broken Exchange Server 2016 CU23. Or rather it was not fully installed. It was just a test environment, but I thought it would be useful or interesting to drill down on that issue. I’ll guide you through my troubleshooting steps / thought process. Try to continue Setup First I tried to resume the setup. The setup fails early - at Step 1 of 13: Stopping Services....

Here’s a quick tip on howto remove Git Branches that were already merged (thus not necessary to keep around anymore) locally on Windows, using PowerShell. Assuming that you do have Git for Windows installed. Execute these commands on your own risk. List all merged branches You can list all merged Git Branches by running: 1 git branch --merged Exclude current branch and “main” branch Then we |-pipe it into the following, to exclude the currently selected branch (marked with an asterisk *) and the main branch....

Apparently it’s not that easy to get the amount of members of a group with the Microsoft Graph API. We need to specify the additional header ConsistencyLevel: eventual to use the Advanced Query Capabilities. Then we can use the Query parameter $count. Alternatively I found that I could also add it as an URL query parameter instead. That would be &ConsistencyLevel=eventual. Example Queries Replace the Group ID (02bd9fd6-8f93-4758-87c3-1fb73740a315) with your desired Azure Active Directory Group ID....

In my opinion the official Microsoft Documentation lacks of any clear information on where to configure the allowed MFA methods for Azure AD. So if you’re also wondering on how to configure the allowed Multi-Factor-Authentication methods for Microsoft 365, you’ve come to right place. So as of 2022-02-02 you’ll find the settings here: Short answer It’s still in the classic MFA Azure AD Portal, here: https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx Long answer If you don’t trust me or that link above, you can manually click through to the right place:...

Just a short PowerShell snippet to list all users with administrative roles in a Microsoft 365 (or Azure AD) environment. In the Admin Portals you can usually only list all the users with a specific role, not all users with any admin role. Prerequisites You need the Azure AD PowerShell for Graph module installed, and you need to connect to your Azure AD tenant. Install the Azure AD PowerShell for Graph module (if you don’t have it yet) Connect to your tenant by executing Connect-AzureAD PowerShell Code to list all admins Read the following snippet, make sure it’s not malicious or stupid, then execute it....