Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Open Search

Weekly Report from Cloud App Discovery

Once you have set up the Cloud App Discovery feature then the service will send admins a weekly report with new apps and a one-button click to start managing them.

Here is what I used last week:

weekly digest
If you click manage appliation then users may log onto these apps with their Azure AD creds
0

Education Licenses and Administration Licenses on same tenant

Hey, are you a municipality, county or another complex organization? Do you have education users and corporate users and want all of them to be in the same Azure AD?

Good news for you. It’s possible!

edu and corp
And I have here Both E3 and Education (E1) for students.

Here is how you do it.

  1. You do not have Office 365/EMS or Azure AD

    • Create a EDUCATION trial here: NORWEGIAN TRIAL ENGLISH TRIAL
    • Add your education domain to verify EDU status
    • Buy EDU Licenses and The CORP licenses should also be in the same list under “Purchase Services”

  2. You have a CORP tenant that you need EDU licenses on.

    • Email your License supplier hand have them reach out to your local Microsoft Education Team.
    • The local MSFT EDU team can tag your tenant as EDU. YOu need to provide them with your tenant name: e.g. MYTENANT.onmicrosoft.com
    • Wait 48 hours after the MSFT EDU team has submitted the request.

Here is proof that it works:

buy
I can select between EDU and CORP plans

Limitations,risks and warnings.

  1. Risks include students having access to the entire GAL
    • Do a GAL segregation please.
  2. Volume License plans – it has not been tested and no one knows how exactly it will pan out with the agreement you have. So be warned the deployment of licenses may take a LOOOOOOONG time.
  3. You do this at your own risk at the moment and there is no guarantee it will work in the end either.
  4. This scenario works fine when you buy licenses in the portal (MOSP) shown. The problems arrive when you use a partner which sells you licenses. And that applies for most of you.

Some benefits:.

  1. Only need 1 AD with 1 Azure AD Connect
  2. 1 ADFS environment
  3. 1 portal
  4. 1 GAL or Two 🙂

 

 

0

AzureAD knows which SaaS services you REALLY use

In Azure AD you have this service called Cloud App Discover. It consist of an agent you install on a local machine and a web service which polls the data and visualizes it.

Take a look at this:

azure ad knows
Azure Cloud App Discovery Report

This service is a great way to discover what your employees/users/students/family really uses and how much they use it. e.g. You have bought Google apps, but your users use OneDrive or Box.

You can read more here: https://azure.microsoft.com/nb-no/documentation/articles/active-directory-cloudappdiscovery-whatis/

I did not know I even used all these services. And best of all you can manage them with Azure AD which means you can use your Office 365 credentials to logon to these services.

apps
Here are the aggregated results for all agents and all users. Click on the numbers to access the data.

 

Here is how you set up cloud discovery on a local machine:

settings
Click Settings
manage agent
Click Manage Agent
download agent
Click “Download”
local files
You get a ZIP package with a CERT file. Click the MSI file.

Remember that if you want to distribute this application you need to include the CERT file as well.

0

Help, Azure AD says my credentials Leaked!

So, waking up to leaked credentials can be frustrating. Probably since you do not know how exactly they got leaked. Fortunatly Azure AD have some sugestions on what to do.

Read more about leaked credentials here:

https://blogs.microsoft.com/cybertrust/2015/06/18/the-risk-of-leaked-credentials-and-how-microsofts-cloud-helps-protect-your-organization/

This is what it looks like in Azure Identity Protection and how you mitigate the impact:

control panel
A very high risk, click the risk to see what it is.

 

what happened
Here you see what it was all about, click on the event to se which user

 

who had it leaked
here you see the user. click on the user to get actions on what to do

 

what to do.
Here is what yo can do

 

solutions
Here is what I did to mitigate the event.

 

I simply requested the user for a password change. Keep in mind that the malware that did this might have stolen all other passwords as well. It might also be active on the target device, så MFA might be something you should consider.

Also have the user change passwords on all other services he uses!

And, have him wipe his device!

2

Adding a Success Plan Owner to Fasttrack

In order to be eligible for the adoption funds you need to have a success plan owner on your success plan and that owner need to be from the customer email-domain.

Here is how you as a PARTNER can do it:

1
Find the success plan and make sure it is all 100%
2
Click on 1. Business Case and wait for page to load. Then click teams

 

3
Make sure you have these roles

 

4
If you are missing Success Plan Owner , click add and add him.

 

5
Now go back up to the success plan and click the gear icon and Edit members

 

6
If you do not see a customer plan owner click add/edit members

 

7
Select the customer owner from the drop down list

 

8
Now you are ready to submit your offer request. Click on Offers and continue or “Learn more”

 

9
Associate the success plan which now has a owner

 

10
Attach any aditional files and click submit.

 

Customer Success Plan Owner now has to approve the project in the fasttrack portal.

0

Kite Surfing Finse

Finse must be one of the most perfect places to go Kite Surfing! You take the train from Oslo S and little over 4 hours later you walk of the station at Finse. You simply walk 10 meters and you are inside the finse 1222 hotel.

The Hotel is a bit pricy so try to go off season if you do not want to spend a lot of cash.

The wind and weather can be shifting and we went from no wind to 12 ms in the same day.

There is also not unlimited room here, so on a good day it might get crowded.

 

If you do not have a kite, thats okay. Just rent one here.

After you are done kiting, enjoy reading about the Star Wars filming here back in the 80s. They have Luke Skywalker’s hat on display.

 

 

0

Easy way to claim Fasttrack adoption funding

  1. http://fasttrack.microsoft.com
  2. Click Log In in top right corner
  3. Click the Sign in button again and Sign in with your Office 365/Azure AD account (you must have this)
  4. Wait for the site to load all the menus, takes some seconds
  5. Click “Search for a customer

    search for custoemr
    Search for a customer
  6. Then seach for the customer name. Green ball means that Fasttrack center is engaged, red pyramid means that we have not engaged the customersearch results
  7. Click the customer and click “Add me
  8. Now click on Offers and find the “FY16 EMS Adoption Offer” and click “Learn more
  9. If you have the competency to claim funds then click “Create Request” and start to fill out.
0

Deploy Office 365 MSI with Microsoft Intune

I have wrapped a EXE file (OfficeProPlus click 2 run)  in a MSI wrapper. I have used a Certificate and signed the MSI and now I am going to use Microsoft Intune to push out the installation on PC’s.

Go to manage.microsoft.com and click Apps->Select Apps->Click Add an App

Launch the software wizard and log on.

windows MDM installer beskrivelse

os krav

kommandoargumenter

summary
Click Upload and then wait

 

 

distribute
Select the software you want to distribute

 

admin
These users in this group will get this software

 

forced install
It will be forced to the device

 

asap
As soon as possible

 

group
These are the users in that group which will get this software
2

How to sign a MSI file for deployment with Microsoft Intune

If you want to use Microsoft Intune to deploy a MSI file it needs to be signed by a Code Signing Certificate. Most MSI’s from software vendors are signed already, but if you created a custom MSI (e.g. Office 365) by wrapping an EXE then you need to sign that MSI.

Using a MSI will enable Intune to push that software using the MDM channel. All MDM joined PC’s will be able to recieve this software.

Scenario this covers: I want to use Microsoft Intune to deploy apps and exe files to PC’s e.g. Office 2016/Custom Software

Step 1 – Buy or get a code certificate. If you do not have it, buy it here: https://www.digicert.com/code-signing/

Step 2 – Download and Install Windows 7 SDK to get the signtool.exe get the SDK from here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=8279
->Accept all defaults and do not change anything. It will prompt errors
->Check that you have the signtool.exe in this folder: C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin

Step 3 – Get your certificate exported in a PXF file. and put it in the same folder as your MSI file.

Step 4 – Run CMD as administrator and input this command:

“C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe” sign /v /f “c:\exemsi\HaukebergCert.pfx” /p “PASSWORD” /t http://timestamp.digicert.com /v “C:\exemsi\OfficeProPlus.msi

sign ok
The password has been removed

 

Now you are ready to deploy this MSI file through the MDM channel

Follow this guide to deploy the MSI file in Microsoft Intune MDM channel

 

IT DEV Connections
We are covering MDM channel here

Adapted from these posts:
http://www.identityfinder.com/kb/Enterprise-Documentation/823571
https://www.digicert.com/code-signing/signcode-signtool-command-line.htm

0

Blog at WordPress.com.

Up ↑