Privileged Identity Management

Privileged Identity Management, or PIM as many say.
This is way higher your security in your environment.
You can give a user a role, and that role user can apply for (depending on your setup) and that role will last X hours after that will go away and you will need to apply for it again. A good way to avoid someone is a Global administrator 24/7 for example.


So how can you apply for a role?
First, you need to go into porta.azure.com and then go to Privileged Identity Management, after that you can look to left in the menu bar, you will find like the image, there you can see all roles that have been given too you.

PIM – My roles


Back to menu Privileged Identity Management, now you might want to know how to give Roles to someone, go Manage, then Azure AD roles.
After having done that you can go to Roles like the image below.
Page after that you will search for the role and pick it and add a user.
– To do this you need to be a Global Administrator.

PIM – Roles


Maybe you want to change for how long a role should last?
Back to menu Privileged Identity Management, now you might want to know how to give Roles to someone, go Manage, then Azure AD roles.
Go into Settings as Image below

PIM – Settings


Search for a specific role, and go into settings
Here you can edit for how long-duration specific access role can be applied for, like Image below, change it and save it.

PIM – Duration hours


Thank you for your time.

Get a list of Exchange mailbox with forwarding

Are you looking for a way to find out how to get hold of all mailbox that has forward in their mailbox and where it’s going?

Get-Mailbox | Where {($_.ForwardingSMTPAddress -ne $null) -or ($_.ForwardingAddress -ne $null)} | Select Name, ForwardingSMTPAddress, ForwardingAddress, DeliverToMailboxAndForward | format-Table -AutoSize

| format-Table -AutoSize, in the end, might not be needed, but for me I feel so much easier to read the information I get back when I can read the entire email address.

Remove Azure Role Assignment

How to remove users Access Management from Top level

First, make user you have full access in azure,
Then go to Azure AD, then to Properties

Change from No to Yes
When this is done, you can run this PowerShell command

Remove-AzRoleAssignment -SignInName first.lastname@company.com -RoleDefinitionName "User Access Administrator" -Scope "/"

This will remove the user’s access from the top level.
Make sure your user account change back your access right.

Cant edit SAML Basic configuration

Do you have trouble edit SAML basic configuration?

It would not happen you are running dark mode in Azure?

Basic SAML Configuration white

As you see the “edit pen” is black so you cant see it.
If the background is black

Basic SAML Configuration black

I hope this information could help you if you run into this problem with cant edit SAML basic configuration.

o365 Publish to Organisation

Do you have something you want to publish to the entire organization instead of trying to install local on everyone and force or hunt down that everyone does that? Follow these few steps.

First, you need to login on o365 Admin portal as Global Administrator
Then go to Settings (might hide in the bottom to the left click “show more”)
Click on Add-ins in the new menu under Settings.

Pick what you want to deploy to everyone

Pick what you want to deploy

Then you pick who will receive it
You can pick everyone or a specific person or group, I recommend start small before you pick the entire organization, so you can discover if something goes wrong.

Pick who will receive the deployment

Save/publish your settings after that you do not need to do anymore.

Module MSOnline Powershell

So you want to use Powershell to do things in o365 MSOnline?

First of you need to import MSOnline

Import-Module Connect-MsolService

#Before it was
Import-Module MSOnline

Then after that, you can start using for example

get-msoluser -UserPrincipalName mailbox@technologynexus.onmicrosoft.com | select PasswordNeverExpires

And many other commands that come with the import of MSOnline

Don’t forget that you need to connect to Azure with PowerShell before you can start using the commands.

Manage admin roles o365

To manage Admin roles in o365 you need the first login on o365

Look up the user in office365
Pick the user, look at the roles, click on handle roles.
You can pick what the user should be an admin over.

Now you can pick if the user should be an admin over a specific part of o365 or maybe Global admin?

So now you know how to manage admin roles o365

Subscription Report in Azure

How to create a readable Subscription Report

Now start the Microsoft Exchange Online Powershell Module to connect with PowerShell to your Exchange (if you are not sure how to visit Powershell Connect to office365)

  1. Connect-IPPSSession -UserPrincipalName first.lastname@companydomain.com -ConnectionUri https://ps.compliance.protection.outlook.com/PowerShell-LiveID -AzureADAuthorizationEndPointUri https://login.microsoftonline.com/common
  2. Import-Module AzureRm (if you have not imported this Module)
  3. Connect-AzureRmAccount
  4. $usageData = Get-UsageAggregates
  5. $usage = $usageData.UsageAggregations | Select-Object -ExpandProperty Properties
  6. $usage | Group-Object MeterCategory | Format-Table Count,Name

Make sure you run it on correct Subscription

If you want to know on what Subscription ID you are on

(Get-AzureRmContext).Subscription

You want to change to another Subscription ID

If you want to pick another SubscriptionId, you need to find out the ID
Here is an example of a fake ID

Select-AzureRmSubscription -SubscriptionId 49cf15d-88d-4a1-111-15ec9df8b5

O365 GDPR

Do you have a problem with GDPR in O365?
So someone wants all records of them should be removed from Microsoft Exchange or/and Sharepoint?

Importantly we do not take responsibility for using our guide, it might not be the same for you. As there are two different environments and Microsoft 0365 is constantly changing in its environment.

First, you need to be Exchange Administrator

Create a search on https://protection.office.com/
The “name you pick” for the search is very important, so you need to remember it. When the search is completed can take a while you can process. (if you are not sure how to visit Export PST File o365 follow that guide so reach start export then you can stop and go back here.

Now start the Microsoft Exchange Online Powershell Module to connect with PowerShell to your Exchange (if you are not sure how to visit Powershell Connect to office365)

#Then your run 
Connect-IPPSSession -UserPrincipalName Your@emailaccount.com -ConnectionUri https://ps.compliance.protection.outlook.com/PowerShell-LiveID -AzureADAuthorizationEndPointUri https://login.microsoftonline.com/common 

#With this commmand you get all comliance search
get-complianceSearch 


Now the next step is very important you can remember to want you named your search and you can find it in the list you got when you run
get-compliancesearch.


New-ComplianceSearchAction -SearchName "name you pick" -Purge -PurgeType softdelete

#PurgeType
#softdelete can be recovered
#harddelete can not be recovered


When that’s done you can run
get-compliancesearchaction

To see status how is it going, is it gone, deletion is done
I hope that will help you with your GDPR in O365 Problem.

If you want to read some about it.

https://docs.microsoft.com/1
https://docs.microsoft.com/2


How to remove Star Leaf recorded Videos

Login on StarLeaf portal Portal.starleaf.com
Or open StarLeaf app

When you are in the portal, go to

There you can find all video recordings you are responsible for.

Click on to download the recording you want to save

Click on to delete the recording


REMEMBER DELETED RECORDING CAN’T BE RESTORED