Important update for Azure Active Directory Connect – Version 1.1.553.0

Microsoft released Azure Active Directory Connect version 1.1.553.0 on June 26, 2017. More importantly, they published an important security advisory one day later.

Microsoft Security Advisory 4033453 – Vulnerability in Azure AD Connect Could Allow Elevation of Privilege explains,

The [ADD Connect version 1.1.553.0] update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts. The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.

Microsoft highly recommends all customers update to version 1.1.553.0 or later to mitigate this vulnerability, even if you don’t use the optional password writeback feature. If you are unable to update immediately, the article above describes mitigation steps you can consider.

  • If the AD DS account is a member of one or more on-premises AD privileged groups, consider removing the AD DS account from the groups.
  • If an on-premises AD administrator has previously created Control Access Rights on the adminSDHolder object for the AD DS account which permits Reset Password operation, consider removing it.
  • It may not always be possible to remove existing permissions granted to the AD DS account (for example, the AD DS account relies on the group membership for permissions required for other features such as Password synchronization or Exchange hybrid writeback). Consider creating a DENY ACE on the adminSDHolder object which disallows the AD DS account with Reset Password permission using Windows DSACLS tool.

Expta

European Skype for Business User Group Meeting about Office 365 PSTN calling

On April 6 i was attending the Dutch Skype for Business user groups event at  Microsoft Netherlands. Especially for those present in the Netherlands, we will explain the new telephony capabilities Netherlands in Office 365 (PSTN calling).

The agenda:

17: 30-18: 00 Registration

18:00 to 18:30 Skype for Business Online developments in the Netherlands (van Houttum, MVP)

18:30 to 18:45 Welcome and Key Note Session

18:45 to 19:10 Session 1 (Nordic)
Cloud PBX – Options (AA CQ CCE and more) (Lasse Nordvik Wedo, MVP), support from (Stale Hansen, MVP)

19:10 to 19:35 Session 2 (Germany)
Online Dial Pans with CloudPBX (Thomas Poett, MVP)

19: 35- 20:00 Session 3 (UK)
Trusted Server API SfB (Tom Morgen and Ben Lee, MVPs)

8:00 p.m. to 20:15 BREAK

20:15 to 20:40 Session 4 (Benelux)
Teams in O365 (Johan Delimon, MVP) with support from (van Houttum, MVP)

20:40 to 21:05 Session 5 (Italy)
Hybrid Skype4B Best Practice for Cloud PBX with PSTN Connectivity (Alessandro Appiani, MVP)

If you want to look the session back: https://join-emea.broadcast.skype.com/skype4b-ug.de/9dab4d2cc4074a25b7ab83ddbfe57821/nl-NL/

Zerto Virtual Replication

Zerto Virtual Replication Ends Hypervisor Vendor Lock-In

Zerto Virtual Replication (ZVR) is the first hypervisor-based replication solution to offer enterprise-class cross-hypervisor replication, disaster recovery, data protection and workload mobility. With ZVR, IT departments can automatically convert Hyper-V VMs to VMware, convert VMware VMs to Hyper- V, & convert Hyper-V to AWS for increased flexibility and cost savings.

Important notice about certificate expiration for Exchange 2013 Hybrid customers

If you’re running Exchange 2013 and you’ve configured a hybrid deployment with Office 365, this post contains important information that might impact you. Please evaluate this information and take any necessary action before April 15, 2016.

On April 15 2016, the Office 365 TLS certificate will be renewed. This certificate is used by Office 365 to provide TLS encryption between Office 365 and external SMTP servers. The new certificate, which will help improve the security of mail sent to and from Office 365, will be issued by a new Certificate Authority and it will have a new Issuer and Subject.

This change has the potential to stop hybrid mailflow between Office 365 and your on-premises Exchange servers if one of the following conditions applies to you:

  • Your on-premises Exchange servers are running Exchange 2013 Cumulative Update 8 (CU8) or lower.
  • You’ve upgraded the Exchange 2013 servers that handle hybrid mailflow to Exchange 2013 CU9 or higher. However, since upgrading to CU9, you HAVE NOTre-run the Hybrid Configuration wizard (either from the Exchange Admin Center or via the direct download link).

If one of the previous conditions applies to your organization, hybrid mailflow between Office 365 and your organization will stop working after April 15, 2016unless you complete the steps below.

Note: This only affects hybrid mailflow. Regular mailflow and TLS encryption is NOT affected.

How to keep hybrid mail flowing (MUST be completed before 4/15/2016)
Let the new Hybrid Configuration wizard do it for you

You can use the latest Hybrid Configuration wizard (HCW) to configure your Exchange 2013 servers to work with the new TLS certificate. Just follow these steps:

  1. If the Exchange 2013 servers handling hybrid mailflow are running Exchange 2013 CU8 or lower, follow the instructions in Updates for Exchange 2013 to install the latest cumulative update on at least one server.
  2. After you install the latest cumulative update, download the new HCW application and run the wizard following the instructions here .

Note: For information on which releases of Exchange are supported with Office 365, see Hybrid deployment prerequisites.

Manual update

If you can’t upgrade Exchange 2013 to latest cumulative update right now (although we would like to remind you of our support policy), you can manually configure your servers to work with the new TLS certificate. On each Exchange 2013 server that’s used for hybrid mailflow, open the Exchange Management Shell, and run the following commands:

$rc=Get-ReceiveConnector |where {$_.TlsDomainCapabilities -like “*<I>*”}

Set-ReceiveConnector -Identity $rc.Identity -TlsDomainCapabilities “mail.protection.outlook.com:AcceptCloudServicesMail

http://blogs.technet.com/b/exchange/archive/2016/02/19/important-notice-about-certificate-expiration-for-exchange-2013-hybrid-customers.aspx

Cumulative Update 8 for Exchange Server 2013

The Exchange team is announcing today the availability of Cumulative Update 8 for Exchange Server 2013. The Cumulative Update Package and UM Language Packsare now available on the Microsoft Download Center. Cumulative Update 8 represents the continuation of our Exchange Server 2013 servicing and builds upon Exchange Server 2013 Cumulative Update 7. The release includes fixes for customer reported issues, minor product enhancements and previously released security bulletins. A complete list of customer reported issues resolved can be found in Knowledge Base Article KB3030080. Customers running any previous release of Exchange Server 2013 can move directly to Cumulative Update 8 today. Customers deploying Exchange Server 2013 for the first time may skip previous releases and start their deployment with Cumulative Update 8 directly.

We would like to call your attention to a few items in particular about the Cumulative Update 8 release:

  • Calendar and Contact Modern Public Folders favorites added in Outlook are now accessible in OWA
  • Batch Migration of Public Folders to 2013 improves migration throughput and PF migration experience
  • Smoother migration for EAS clients to O365 with automatic profile redirect upon successful Hybrid migration to O365 (EAS client must support HTTP 451 redirect)

For the latest information and product announcements please read What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Cumulative Update 8 includes Exchange related updates to Active Directory schema and configuration. For information on extending schema and configuring the active directory please review the appropriate TechNet documentation. Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., CU8) or the prior (e.g., CU7) Cumulative Update release.

Moving to Office 365/Exchange Online? A good idea?

Reducing IT costs: Especially in challenging economic times, organizations need to cut costs wherever possible—but without reducing capabilities.

Increasing predictability of IT costs: Replacing or upgrading on-premises IT systems can require significant one-time capital expenditures.

Increasing user productivity: Users face growing volumes of email, and need tools to help them manage it more efficiently.
Enhancing collaboration: Increasingly mobile and distributed workers need technology that helps them work together wherever they are.

Reducing IT administration: IT can be stretched thin and spend too much time managing hardware, updates, and upgrades.
Increasing reliability and availability of email: Email is a business-critical application, and many organizations face challenges keeping it running—especially with shrinking IT budgets.

Staying up-to-date with the latest technology: To stay competitive and recruit the next generation of talent, businesses need to have the latest functionality. But, upgrading on-premises software can be a significant undertaking.

1 Simplified Administration

Managing corporate email can be complex. With Exchange Online, many of the most time-consuming tasks are taken care of by Microsoft, including the management of hardware, updates, and upgrades. Additionally, Exchange Online delivers a streamlined administration experience, making it easier for IT administrators to configure and manage email services in ways that benefit the business.

2 Conclusion

The benefits of moving email to the cloud are clear; including lower costs, increased agility, simpler management, and higher-quality services. Exchange Online meets these expectations by delivering a wide-range of features and capabilities that support anywhere access, protection and compliance, and simplified administration.

But now the real world experience with Exchange Online

If your organization is using google DNS servers. You will be redirected to the Exchange Online servers in America not Dublin if you live in The Netherlands.

Exchange Online works the best if you use cached mode.

The Question is do you want is you using Microsoft Remote Desktop Services or Citrix XenDesktop or VMware Horizon (View)

Cached Exchange Mode in a Remote Desktop Session Host environment: planning considerations
Limits to using personal folders (.pst) files over LAN and WAN links.

My Conclusion:
Exchange Online is great for most organizations. Lower costs, increased agility, simpler management, and higher-quality services.

But is your organization using Microsoft Remote Desktop Services or Citrix XenDesktop or VMware Horizon (View). You need think twice for you migrate.

As IT admin you don’t want ost files locally on Remote Desktop or XenDesktop or VMware View Servers & Desktops or on your file server.

Saving money can mean angry & complaining customers….

Tune and optimize performance of your Office 365 connection

Microsoft has published a new course on Office 365 Performance Management at the Microsoft Virtual Academy, which contains 11 modules across planning and troubleshooting areas including:

  1. Office 365 Performance Management Course Introduction
  2. Office 365 Datacenters and Network
  3. Planning for Office 365 Internet Capacity – Exchange Online
  4. Planning for Office 365 Internet Capacity – Lync Online
  5. Planning for Office 365 Internet Capacity – SharePoint Online
  6. The Baselining Model for Internet Capacity Planning
  7. Best Practices & Real Customer Projects Planning Internet Capacity
  8. Planning for Office 365 Firewalls Whitelisting
  9. Performance Troubleshooting Process and Tools Used
  10. Performance Troubleshooting Tests
  11. Troubleshooting SharePoint Online Customizations

Microsoft Exchange 2013 Public Folder Directory Sync Support Scripts

Microsoft has recently updated the Microsoft Exchange 2013 Public Folders Directory Sync Support Scripts to version 15.00.1017.003.

Brief Description
Scripts to enable creation of public folder related objects in the O365 Active Directory and synchronization of public folder related Active Directory objects between on-premise and O365 directories.

Overview
Use this scripts if you need to do one of the following – – Initial creation of mail enabled public folder objects in the destination Active Directory for public folder migration from Exchange 2007 or 2010 to Exchange 2013 – Synchronization of mail enabled public folder objects from cloud to on-premise Active Directory – Synchronization of mail enabled public folder objects from on-premise to cloud Active Directory – Synchronization of public folder mailbox objects from cloud to on-premise Active Directory

Backup your Laptop using OneDrive

For my work i travel a lot with my laptop.
I do regular backups on intervals on my external drive’s. I hate continu thinking of making backups.
But i wanted a more regular backup. Everywhere where i come there is a internet connection. So why not backup in de cloud?

I looked at different online storage solutions.
OneDrive was the best for my.
I have now 200GB online backup storage.
Ik works reallly well. Syncing your data is freaking easy Smile. I love OneDrive Smileonedrive