Quantcast
Channel: TechNet Blogs
Viewing all 36188 articles
Browse latest View live

O365 Tidbit – Working with CISO and securing

September 18, 2018, 1:30 am
$
0
0

Hello All,

As you dive further into your O365 tenant and look to start rolling out the services you will have to work with your security officers to insure that you are compliant with that group.

Microsoft has provided several resources

  1. Microsoft Trust Center
  2. Penetration Testing Rules of Engagement
  3. Microsoft Cloud Bounty Program

For an example if you look at the Microsoft Trust Center it contains a long list of audit reports that cover both O365 and Azure, with more reports beings added every week.  And looking at the Penetration Testing Rules of Engagement it will help you understand what you can and cannot do during Penetration testing…but hold it why would you not let me doing certain steps  in pen testing that I already perform in my Enterprise?  What you have to remember is that you are on shared hardware and shared networks and as you want others to not ruin your experience and thus we expect you not to ruin others experience, what this means is there are certain tests that cannot be performed as they potentially could cause performance or security issues.

More information to look at:

  1. Microsoft Bounty Program - Cloud
  2. Microsoft Cloud Red Teaming

Wow…you mean you can get paid for hacking Microsoft.  Well yes but you have to record it, report it, and make sure you provide an eligible submission.

If you look at the Red Teaming whitepaper it discusses Microsoft’s strategy and execution of Red Teaming and live site penetration testing against Microsoft managed cloud infrastructure, services and applications. You will learn how Microsoft simulates real-world breaches, conducts continuous security monitoring and practices security incident response to validate and improve the security of Microsoft Azure and Office 365.

Pax

Search

Dude – why isn’t a mailbox being provisioned/created in Exchange Online after licensing?

September 18, 2018, 7:03 am
$
0
0

I've run into this scenario several times, and I wanted to share a common cause for this situation (as well as how to fix it!).

Consider the following scenario:

You previously migrated a user mailbox from On-Premises to Exchange Online. Sometime later, the Exchange Online license was removed and the license was left off the user for more than 30 days.

or

You previously migrated a user mailbox from On-Premises to Exchange Online and never applied a license. No license was applied for more than 60 days.

Both of these scenarios result in the mailbox being disconnected. In the first case, the mailbox is disconnected immediately, but the mailbox remains in a special hidden state in the database for 30 days. After 30 days, the mailbox is purged from the database, and is no longer recoverable. In the second case, the mailbox remains active for 30 days, during the "grace period". After 30 days with no license, the mailbox is disconnected by a process called "License Reconciliation". This is just a fancy term for Azure running a process against unlicensed users and signaling each service to take the appropriate steps. For Exchange Online, License Reconciliation means we have an unlicensed mailbox, and the action taken is to disconnect the mailbox.

In any event, the net result is a mailbox that gets disconnected and later purged.

Where the problem rears its ugly head is if you end up deciding to apply an Exchange Online license later on. You are probably thinking "Hey, if I apply an Exchange Online license, I'll get a new mailbox no problem!" That would seem to be logical, but unfortunately logic doesn't always prevail and in this case, no mailbox is provisioned.

You see, when a mailbox is migrated from On-Premise to Exchange Online, the value of the attribute msExchRemoteRecipientType gets updated to reflect that the mailbox was migrated. You can see this with the Get-RemoteMailbox output from On-Premises Exchange Management Shell.

Name RecipientTypeDetails RemoteRecipientType
UserNoMailbox RemoteUserMailbox Migrated

 

A RemoteRecipientType of Migrated equates to a value of 4. The AD attribute is msExchRemoteRecipientType.

Anyways, back to our story. When the RemoteRecipientType value is set to Migrated, Exchange Online will never provision a *New* mailbox, no matter how hard you try. You could say that is a failing on the part of Exchange Online. After all, the service should do what you tell it, right? 🙂

So how do we fix this? And before you ask, NO it isn't as easy as just editing the msExchRemoteRecipientType attribute value in AD (I tried! It doesn't work!)

I put together the following steps to get you out of this situation.

  1. Set the Powershell Format enumeration limit to unlimited (to ensure no attribute values are cut off)
    $formatenumerationlimit = -1
    For those not familiar, the Exchange Management Shell has an enumeration limit which can result in some values being cut off, which is evidenced by the trailing …) at the end of a value.
  2. Get-RemoteMailbox “user identity” | fl
    This is so you have a record of all current attributes. If you want to save it to a text file or CSV or something else, knock yourself out.
  3. Disable-RemoteMailbox
    This will remove all Exchange attributes (including Archive guid)
  4. Run Dirsync delta sync from your AAD Connect server
    Start-ADSyncSyncCycle -PolicyType delta
    This will sync and remove the Exchange Online Mailuser
  5. Enable-RemoteMailbox “user identity” -RemoteRoutingAddress user@contoso.mail.onmicrosoft.com
    This will set the remote recipient flags to "ProvisionMailbox" and the Exchange Guid will be blank (all 0's)
  6. Run Dirsync delta sync.
    Start-ADSyncSyncCycle -PolicyType delta
    Since the Exchange guid is no longer populated, as long as the Exchange Online license is assigned a new mailbox will be provisioned. HALLELUJAH!
  7. Optionally, provision an Archive mailbox
    Enable-RemoteMailbox "user identity" -Archive
    *Note* - if a previous archive guid was present, and the archive mailbox still somehow exists, you may see a provisioning error referencing not being able to disable the old archive guid. If you encounter this error, you can try setting the archive guid on the remote mailbox to the old one.
    The validation error can be exposed to you in PowerShell by running the following command from MSOL PowerShell
    (Get-MsolUser -UserPrincipalName upnofuser).errors.errordetail.objecterrors.errorrecord.errordescription
    If there is a validation error, and it is the archive, it will show you the new archive guid and the old one.
  8. Set-RemoteMailbox “user identity” -ArchiveGuid “old archive guid”After confirming that the Exchange Online mailbox is successfully provisioned, you can stamp the Exchange Guid on the on-premises Remote mailbox object. This is really only required if you think you might have to Offboard the mailbox back to On-Premises, but I like to set it for the sake of being consistent.
  9. Set-RemoteMailbox “user identity” -ExchangeGuid “Exchange guid value from new Exchange Online mailbox”
  10. Re-stamp any attributes that were previously stamped, such as custom attributes, or additional email addresses (compare with the Get-RemoteMailbox from step 2)

It is entirely possible that the logic of Exchange Online will at some point change, and render this guidance useless. Until then, I hope this helps with you to understand why this happens, and how to fix this condition.

Known Issue: PIN Prompt for Intune Managed Apps

September 18, 2018, 9:29 am
$
0
0

Intune App Protection Policies (APP, also known as MAM) introduced a product enhancement to request the user PIN when biometric information changes on iOS (TouchID/FaceID) to further protect organizational data. The change introduced a bug that causes Intune APP to incorrectly detect a biometric change and prompt the user with a PIN challenge. This PIN challenge will only occur when switching between two APP managed apps and if the apps have adopted the SDK with this bug.

 

The bug was introduced in the Intune APP SDK for iOS v. 8.1.0. The bug has been fixed in the Intune APP SDK for iOS v 9.0.1. App teams adopt the new SDK and then run the apps through their testing and release processes. We will update this post when we hear all the new app teams have adopted the new SDK.

 

Millones utilizan las herramientas de privacidad de GDPR de Microsoft para controlar sus datos

September 18, 2018, 10:34 am
$
0
0

Por: Julie Brill, vicepresidenta corporativa y consejera general jurídica adjunta en Microsoft.

Desde que la Regulación General de Protección de Datos (GDPR, por sus siglas en inglés) de la Unión Europea tomó efecto el 25 de mayo de 2018, más de 5 millones de personas de 200 países han utilizado las nuevas herramientas de privacidad de Microsoft para gestionar sus datos. Y sobre una base absoluta y per capita, el número más grande de personas viene de los Estados Unidos, un país que no es cubierto por GDPR de manera formal, lo que demuestra el deseo de los consumidores norteamericanos por un mayor control sobre sus datos personales.

Hasta hace poco, nuestro entendimiento de la privacidad en los Estados Unidos no había cambiado mucho desde que Louis Brandeis, gran experto legal norteamericano y juez de la Suprema Corte de Justicia, la definió en 1890 como el “derecho a ser dejado en paz”. Por más de un siglo, preservar ese derecho se centraba en protecciones legales diseñadas para asegurar que otras personas no puedan acceder a las ideas y la información que no queremos compartir.

Pero conforme la gente depende más y más en la tecnología para expresar sus ideas, conectar con amigos y familia, manejar sus negocios, y gestionar su salud y sus finanzas, y mientras más y más de nuestras interacciones son capturadas y almacenadas de manera digital, la manera en la que pensamos acerca de la privacidad ha cambiado. En lugar de enfocarnos tan solo en el derecho a ser dejados en paz, la gente quiere interactuar de manera libre y segura a través de la tecnología digital sin perder control sobre cómo sus datos son recolectados y utilizados.

Cada vez más, este deseo de mantener control de la información personal se ve reflejado en leyes modernas de privacidad como un aspecto esencial del derecho a la privacidad. Hemos visto que esto ha comenzado a verse reflejado en decisiones de parte de la Suprema Corte de los Estados Unidos, y en los últimos meses, en legislaciones históricas aprobadas por el estado de California. Es por eso que la GDPR es tan importante, porque establece un fuerte estándar para la privacidad y protección de los datos al capacitar a la gente a decidir qué sucede con sus datos.

En Microsoft, también reconocemos que la privacidad es un derecho humano fundamental. Hemos defendido la legislación nacional de privacidad en los Estados Unidos desde 2005 y hemos sido promotores entusiastas de GDPR desde que fue propuesta por primera vez en 2012. También creemos que los nuevos derechos en el centro de GDPR establecen principios importantes que son igual de relevantes fuera de la Unión Europea. Llamados “Derechos de Datos del Interesado” (Data Subject Rights), incluyen el derecho a saber qué datos son recolectados, corregir esos datos, y eliminarlos o moverlos a otro lugar.

Es por esto que cuando la GDPR de Europa entró en efecto en mayo de 2018, Microsoft anunció que extenderíamos los Derechos de Datos del Interesado, los derechos en el corazón de GDPR que dan a la gente de los Estados Unidos un mayor control de sus datos, a todos nuestros clientes consumidores alrededor del mundo. Esto no era requerido por la GDPR, pero elegimos hacerlo porque creemos de manera firme que ayudar a poner a la gente en control de sus datos es lo correcto. Para conseguir esa meta, construimos un tablero de privacidad donde nuestros clientes pueden gestionar sus ajustes de privacidad, ver los datos que hemos almacenado, y eliminar esos datos si así lo desean. Esto incluye datos que van desde historial de navegación y búsqueda a actividad de ubicación, películas y TV vistas a través de la aplicación de Microsoft o servicio, y datos de salud de Microsoft Health.

En los cuatro meses posteriores, más de 5 millones de personas de más de 200 países se han registrado en el tablero de privacidad de Microsoft para gestionar su información. No es de sorprender que muchos de nuestros clientes en los Estados Unidos, donde GDPR es ahora la ley, se han involucrado de manera activa con nuestro tablero de privacidad. Sin embargo, ha sido sorprendente ver el fuerte interés y nivel de involucramiento alrededor del mundo.

Los primeros 20 países donde los usuarios han accedido a los controles de privacidad de Microsoft para gestionar sus datos personales de mayo a septiembre de 2018.

El nivel más alto de involucramiento vino de los clientes de Estados Unidos donde alrededor de 2 millones de personas utilizaron nuestro tablero de privacidad para gestionar sus datos. También incluidos en los principales 10 países para visitas per capita fueron Japón, con casi 400 mil; Brasil, con cerca de 200 mil; y China y México, cada uno con cerca de 135 mil clientes que se registraron para gestionar sus datos.

La información de nuestro tablero de privacidad nos dice dos cosas importantes y que están relacionadas:

Primero, hay un alto nivel de interés entre los consumidores alrededor del mundo por tener control sobre sus datos personales.

Segundo, los consumidores norteamericanos no son la excepción, pues se involucran de manera activa con las herramientas de control que se les brindan. Este hecho descarta la noción de que los norteamericanos se preocupan menos acerca de su privacidad que los europeos. También confiere una mayor urgencia en la necesidad por una legislación federal que brinde herramientas y protecciones que faciliten a los consumidores norteamericanos el poder ejercer control sobre sus datos personales a través del ecosistema.

Para asegurar que los beneficios de una nueva generación de innovación tecnológica están disponibles para y benefician a todos, las leyes modernas de privacidad que mejor reflejen cómo la gente utiliza hoy la tecnología, son esenciales. Mantenemos nuestro exhorto al gobierno de los Estados Unidos a avanzar con la legislación que proteja el derecho a la privacidad a través de un control más fuerte de la información personal.

Workflow Manager Addendum MP for SQL Aliases

September 18, 2018, 12:24 pm
$
0
0

 

A SQL Alias is kinda like wearing disguise glasses...

 

From a security perspective, you can make things difficult for attackers by specifying a SQL alias and different port for SQL.

 

 

 

Symptom - discovery fails for WFM pack

 

Trying to monitor and figure out what the real database name, instance, etc. can be a challenge.

A couple of years ago, I was able to find an example for one customer where the registry key shed light on the alias.

 

The workflow manager management pack has a DataSourceModuleType "Microsoft.WorkflowManager.Addendum.v1.WFCommandExecuterDataSource", where this change successfully retrieved the sql server name.

This datasource uses the PowerShell script (WorkflowPSDiscovery.ps1)

 

This function was changed in one example

# Get computer name from splitted dataSource
function GetPrincipalName {
param(
$ADDomain,
$ss
)

#$ssWithoutPort = $ss[0].split(',')
#if (-not $ssWithoutPort[0].Contains('.'))
#{
# $ssWithoutPort[0] = $ssWithoutPort[0] + "." + $ADDomain.Name
#}
#$principalName = $ssWithoutPort[0]

$key = 'HKLM:SOFTWAREMicrosoftMSSQLServerClientConnectTo'
$sqlfromalias = (Get-ItemProperty -Path $key -Name $ss).$ss
$sqlserverstr = $sqlfromalias.Split(',')
$sqlserver = $sqlserverstr[1]
$principalName = $sqlserver

return $principalName
}

 

 

Ran into this discovery issue a second time, and the function didn't solve the failure.

Real quick - a shout out and my thanks to Chuck Hughes and Mike Sadoff, for their time and testing this more robust discovery method.

 

 

 

Added logic to fix the assumed InstanceName ($instname) - Most likely why my first function worked (configuration had default SQL instance name of MSSQLSERVER )

Added GetSqlAlias function to help decode the disguise

 

My thanks to Chuck Hughes and Mike Sadoff, for their time and testing this more robust discovery method.

 

Gallery download here

 

Don't forget to override the original workflow manager discovery!

Microsoft.WorkflowManager.v1.Addendum.WFPSDiscovery

Ignite 2018: Matt’s list of recommended sessions

September 18, 2018, 5:43 pm
$
0
0

Microsoft Ignite 2018 is right around the corner, September 24 – 28 in Orlando Florida. While there are over 1591 sessions, I wanted to share with you the list of sessions that I will either be attending in-person or watching the on-demand version later when I get home. Please feel free to use this list to help create your personal schedule, or on-demand viewing list later. Also, be sure to follow me on Twitter @SosemanMatt and LinkedIn for updates while at Ignite. Here's my recommendations from Ignite 2017 Enjoy!

Tip: Every year I spend ~200 hours watching Ignite sessions while running on the treadmill every evening or on an early Saturday morning to ensure I stay up to speed and keep my skills sharp. These sessions are addicting, and fun! They inspire me to go out and learn more, lab up a scenario, and gives me great stories to share with my peers, customers and partners.Click each session to be taken directly to that session's page on the Microsoft Ignite website.

My Session: BRK3135 - Learn more about security and compliance for Microsoft Teams (Also working the Microsoft Secure Score booth throughout the week, come see me and connect!)

Must See:

THR2303 - How to Shift: Modern Desktop Deployment with Brad Anderson

GS008 - Microsoft security: How the cloud helps us all be more secure

GS006 - Modern teamwork: Transform collaboration and communications with Microsoft 365

GS004 - Simplify your IT management and level up with Microsoft 365

BRK3221 - Combat advanced cyber attacks with Microsoft Cloud App Security

BRK2158 - Elevate the security for all your cloud apps and services with the Microsoft CASB - Cloud App Security

KEY04 - Transform your workplace with Microsoft 365

BRK2295 - Sprint's Microsoft 365 deployment acceleration strategies

BRK3401 - Azure Active Directory security insights with Conditional Access, Identity Protection, and reporting

BRK2468 - Security for your digital transformation

Office 365

BRK2102 - Better teamwork, together: SharePoint and OneDrive integration with Microsoft Teams

BRK2094 - The future of Yammer: Vision and roadmap

BRK2070 - New in Microsoft 365: Leadership engagement featuring live events

BRK2077 - Workplace Analytics & MyAnalytics: A review of data privacy and GDPR compliance

BRK2160 - The time for Teams: Scenarios to realize the value of Microsoft Teams

BRK2143 - Improving Health Team Collaboration using Microsoft Teams

BRK2140 - Accelerating GDPR compliance with Microsoft 365

BRK3398 - Best practices for a successful Video and Voice deployment on Microsoft Teams

BRK2440 - Citrix and Microsoft: Driving the future of work in the modern workplace, today!

BRK1059 - Enabling Firstline Workers with Microsoft Teams

BRK2393 - Get more done with Planner!

BRK2164 - The best (Outlook driven) day of your life

BRK2004 - The future of threat protection: Become efficient, cost effective, and more secure with Office 365 Threat Intelligence

BRK4002 - Securing your Office 365 environment from advanced phishing campaigns with Office 365 Advanced Threat Protection

Enterprise Mobility + Security

BRK3272 - Authentication and passwords: The good, the bad, and the really ugly!

BRK3401 - Azure Active Directory security insights with Conditional Access, Identity Protection, and reporting

BRK3285 - Deep dive into evolution of Windows app management with Intune

BRK3006 - Defend against mobile threats and increase user productivity with Intune-managed Edge browser

BRK2018 - Efficiently manage security with Microsoft

BRK3241 - Enable Azure Active Directory Conditional Access to secure user access while unlocking productivity across Microsoft 365

BRK2157 - Ensure comprehensive identity protection with Microsoft 365

BRK2157 - Ensure comprehensive identity protection with Microsoft 365

BRK3029 - Lessons from the field: protecting corporate data on any device with Microsoft Intune

BRK3103 - Manage and secure iOS and MacOS devices and apps with Microsoft Intune

BRK3117 - SecOps and incident response with Azure Advanced Threat Protection: Protect, detect, and respond

BRK4001 - Secure enterprise productivity with Office 365 threat protection services including EOP, ATP, and Threat Intelligence

Windows 10 Enterprise

BRK3018 - Deploying Windows 10 in the enterprise using traditional and modern techniques

BRK3038 - Windows 10 in S mode: Why you should care and how it works

BRK3039 - Windows 10 and Microsoft Office 365 ProPlus lifecycle and servicing update

BRK3017 - What's new in Windows 10 mobile device management (MDM)

BRK3211 - Ask the experts: Successfully deploying, servicing, and managing Windows 10

BRK2420 - Beat the Windows 10 deployment clock

BRK3019 - Delivery Optimization deep dive: How to reduce internet bandwidth impact on your network

BRK3014 - Modern deployment with Windows Autopilot and Microsoft 365 (Part 1 of 2)

BRK3015 - Modern deployment with Windows Autopilot and Microsoft 365 (Part 2 of 2)

BRK2002 - Modern desktop deployment and management with Microsoft 365

金融情報システムセンター (FISC) からの新安全対策基準 (第9版) にいち早く対応するマイクロソフトのクラウドサービス【9/19 更新】

September 18, 2018, 6:00 pm
$
0
0

 

2018年3月に金融情報システムセンター (FISC) から「金融機関等コンピュータシステムの安全対策基準・解説書」の第9版が公表されました。マイクロソフトでは、「FISC 安全対策基準 第 9 版」に対するする各クラウド サービスの対応状況に関して、クラウド事業者としてマイクロソフトが実施済みの対応、ご利用頂くお客様側での実施が必要な対応について整理したチェックリスト・ホワイトペーパーを提供しています。お客様は、本ドキュメントを参照頂くことで、お客様側が対応すべき範囲に絞った効率的な対応が可能になります。

また、マイクロソフトでは、他の主要グローバル クラウド ベンダーに先駆けて第 9 版への対応を確認しました。2018 年 9 月現在、対外的に第 9 版への対応を表明している主要グローバル クラウド ベンダーはマイクロソフトのみとなります。マイクロソフトでは、今後とも金融機関のお客様に安心してクラウドサービスをご利用いただくために、新しい安全対策基準へのいち早い対応を進めていく予定です。

 

関連情報

 

 

コベルコシステム HI-KORT 365 for Operations/Finance

September 18, 2018, 9:35 pm
$
0
0

[提供: コベルコシステム株式会社]

Dynamics 365 for Finance & Operations 会計テンプレート

 

多彩な機能を備え、企業規模を問わず複雑な要件にも対応できる新時代のERP、Dynamics 365の会計機能に日本独自の商習慣に対応したアドオン機能などを追加。「HI-KORT 365 for Operations/Finance」として提供しています。

日本特有の商習慣に対応した各種機能を追加したテンプレートで、お客様要件を短納期で実現します。

 

 

■解決される課題

当社がこれまでにERP導入してきた250社以上のお客様で培ってきた実績経験やノウハウをもとに、日本独自の商習慣に対応した債権・債務・手形を含む豊富な機能をご用意しています。

本テンプレートはサブスクリプションモデル(月額課金)となっており、初期導入費を抑える事ができ、Dynamics 365のバージョンアップにも対応しておりますので、長く安心してご利用頂けます

 

■料金(税抜)

お問い合わせください。

 

 

 

 

Search

Teaching Girls A.I. On 125th Anniversary of Women’s Suffrage In New Zealand

September 19, 2018, 2:25 am
$
0
0

suffrage 125 logo mowFor a small country at the bottom of the world, New Zealand has been a world leader and a world beater in many different areas. This week, we are celebrating the 125th anniversary of 19th September 1893 when the Electoral Act 1893 was passed, giving all women in New Zealand the right to vote.  As a result of this landmark legislation, New Zealand became the first self-governing country in the world in which all women had the right to vote in parliamentary elections. (Source: Ministry for Culture and Heritage)

That's a big deal and the New Zealand curriculum has a similarly far-sighted vision by promoting STEM, with changes to the Digital Technologies Curriculum by including two new strands:

  • Computational Thinking
  • Designing and Developing Digital Outcomes

The Minister for Education, Chris Hipkins said in 2018:

The digital curriculum is about teaching children how to design their own digital solutions and become creators of, not just users of, digital technologies, to prepare them for the modern workforce.

The reality, however, is that many young women do not foresee a future career in these areas. Each March, Microsoft celebrates women in tech with the #MakeWhatsNext initiative which this year focused on inspiring young women to be the inventors of future technologies:

 

kate sheppard

Kate Sheppard (1848-1934) Source

In previous years, Microsoft has called out the need to change the current trend that sees only 6.7% of women graduate with STEM degrees (based off data from the USA).

In the spirit of Kate Sheppard, the most prominent leader of the Suffragette movement in New Zealand, it's time we ensured that all women are equipped with the necessary skills and inspired to explore a career that will almost invariably involve technology in some capacity.

In January 2018 LinkedIn published a blog post confirming that technology is here to stay in their list of skills required for the most in demand jobs:

Technology is here to stay. Year-over-year technology jobs and skills have dominated these lists, and that’s a trend that’s likely here to stay. All jobs are likely going to require some technical skills in the future, so make sure to brush up on the basics.

When you look at the top 10 skills identified by LinkedIn you can see the strong prevalence of technology:

  1. Cloud and Distributed Computing
  2. Statistical Analysis and Data Mining
  3. Middleware and Integration Software
  4. Web Architecture and Development Framework
  5. User Interface Design
  6. Software Revision Control Systems
  7. Data Presentation
  8. SEO/SEM Marketing
  9. Mobile Development
  10. Network and Information Security

This is hardly surprising when you consider the biggest companies by market capitalization are now completely dominated by technology:

So - it's one thing to know of the skills required, it's an entirely different proposition to teach these in an interesting and engaging manner. What is the solution?

Alice Envisions The Future:

Today I had two serendipitous events occur:

  1. I watched Jourdan Templeton from the Aware Group deliver a presentation highlighting the power of Azure Cognitive Services, demonstrating how it can make sense of unstructured data through the use of computer vision, sentiment analysis and PowerBI - it was truly impressive.
  2. I learnt of the work my colleague Oliver Zofic from Slovenia had completed recently with his Alice Envisions the Future project.

For this project, Oliver created seven challenges aimed at encouraging young women to explore the power of Artificial Intelligence (A.I.) and Machine Learning (M.L) through the use of Office365 and a range of powerful cloud technologies from Microsoft. These seven challenges are:

  1. Office365: Create a collaboration hub using Microsoft Teams for the groups of girls to share resources through the use of OneNote, Planner and FlipGrid.
  2. Custom Vision Service: through the use of www.customvision.ai create an image classification tool to distinguish images of cats and dogs - an easy introduction into the world of computer vision.
  3. Azure Machine Learning: using the topic of breast cancer, students create and train a ML model to make a two class prediction model using Azure Machine Learning Studio
  4. Build a Bot: Using Microsoft QnA Maker students build and deploy a bot that takes a natural language query and runs it through a bank of FAQ on breast cancer.
  5. Cognitive Services - Facial Recognition: Using Azure's powerful Cognitive Services, students build an app that can detect faces and emotion.
  6. Internet of Things & Raspberry Pi: IoT is almost as big of a buzz word as AI and ML and in this challenge students use the online Raspberry Pi simulator to connect to the Azure IoT Hub to understand how devices at the edge can stream data to the cloud
  7. Create a Vlog: A fun way to finish the day, the girls are required to create a video record of their learning and post it to FlipGrid (recently acquired by Microsoft and integrated directly into Microsoft Teams).

Get Started & Give It A Go:

The keys to the ignition to get started learning A.I. are:

  1. Office365 username / password - this is a requirement to log into most of the cloud services listed above (there is no cost for most of these, or a temporary / limited access can be obtained).
  2. Download the seven challenges from here. (please note - in Challenge Three there is a reference to downloading the breast cancer data from the University of Wisconsin Hospitals. This link is no longer valid, however the data is included in the link above as part of the download called breast-cancer-wisconsin.data).

For a while I've been trying to get my oldest daughter (14yrs) interested in coding and data related fields but to date, she has shown limited interest. Today, I introduced her to Challenges #2 and #3 and left her to it - she loved it. When asked for some feedback she shared:

I found it really interesting, the tools have a good user interface - I don't know much about coding but the instructions were for the most part easy to follow and the tools were cool. Overall, I had fun and felt like I'd done something worthwhile.

I also created the image detection tool using CustomVision.ai and it didn't take me long to build out a working model:

The images I used to train my model, accurately tagging dogs and cats respectively

Running a test against my model - identified this new picture with 99.9% probability as being a dog!

My Point of View:

Without doubt, many of the most sought after skills in the workforce are going to include those around data, analysis, modelling, interpretation and all combined towards solving some of the biggest problems in the world today. Just this week I learnt of a young kiwi woman working on a solution that will disperse fog at airports, a problem of very real significant when you consider fog costs airlines over $1.8M and impacts over 135,000 travelers per hour

Last week at The New Paradigm, an education event co-hosted by HP and Microsoft at which I presented, I listened to Elise Beavis talk about her role as a performance engineer at Emirates Team New Zealand. Elise spoke candidly about her wish that she had been introduced to coding at high school, rather than waiting until university to learn the fundamentals. From the speakers page:

Having sailed since age 9, Elise saw studying engineering as a pathway to combine her love of sailing with her interest in maths and physics. She was accepted into the accelerated pathway and graduated with first class honours. The week after finishing her final engineering science exam, Elise started working at Emirates Team New Zealand. During the 35th America’s Cup, as the youngest full time employee, she worked in a number of areas including aerodynamics, designing 3D printed components, running VPP’s and modelling how the boat would fit in the plane to be flown up to Bermuda. Since winning the cup, Elise has been involved with developing the new class of boat and writing the AC75 class rule. She is now working on the design of ETNZ’s first AC75.

The sooner we can introduce students to technology like those in the seven challenges from Oliver, the better equipped they will be to succeed in the rapidly advancing world they will be entering on leaving school.

Scripting SCOM Registry key tweaks

September 19, 2018, 5:35 am
$
0
0

 

Time to tune!

 

 

Had some requests to script the registry tweaks for SCOM

 

Starting off with Holman's blog entry ...

 

TechNet Gallery download here

 

Save .txt file as .ps1

 

On SCOM Management server(s)

Close out any SCOM Console session (to prevent SDK errors)

Run as administrator in PowerShell window

Restart SCOM services

restart-service omsdk; restart-service healthservice; restart-service chost

Verify services running

get-service omsdk; get-service healthservice; get-service chost

La nueva imperativa para los negocios: Una estrategia unificada de seguridad en la nube

September 19, 2018, 9:22 am
$
0
0

Por: Equipo del blog de Microsoft Cloud Perspectives

Conforme más negocios comienzan a explorar los beneficios de mover a la nube datos y aplicaciones que tienen en instalaciones físicas, tienen que repensar sus enfoques tradicionales con respecto a la seguridad de los datos. Los cibercriminales no sólo han comenzado a desarrollar ataques más sofisticados, también el número de empleados y usuarios que pueden acceder, editar y compartir datos han incrementado el riesgo de contar con brechas de seguridad. De hecho, Gartner indica* que “durante 2022, 95 por ciento de las fallas e incidentes de seguridad en la nube serán culpa de los clientes. Los CIO pueden combatir esto a través de implementar y establecer políticas sobre propiedad, responsabilidad y aceptación de riesgos en la nube. También deben estar seguros de seguir un enfoque de ciclo de vida respecto al gobierno de la nube y establecer planes de monitoreo y gestión central para cubrir la complejidad inherente de uso de nube múltiple”.

En lugar de apoyarse en un mosaico de soluciones de seguridad de terceros que no siempre se hablan entre ellas, que de manera potencial dejan a los sistemas vulnerables ante ataques, las compañías han comenzado a adoptar una defensa de seguridad de nube unificada, de principio a fin. De manera típica, esto involucra elegir un proveedor de nube que pueda integrar controles de seguridad directo en los sistemas y procesos corporativos existentes. Cuando estos controles abarcan toda la infraestructura de TI, facilitan la protección de los datos y mantienen la confianza del usuario al ofrecer mayor compatibilidad, mejor desempeño y mayor flexibilidad.

Protección que siempre es compatible

Un sistema holístico, de advertencia y detección de amenazas soportado por la nube puede ser diseñado para trabajar de manera fluida a través de cada recurso de un ambiente de TI. Por ejemplo, las soluciones integradas de gestión de seguridad pueden dar a los equipos de TI la capacidad de monitorear de manera constante todo el sistema desde una ubicación centralizada, en lugar de evaluar de manera manual las diferentes máquinas. Esto les permite detectar más pronto las amenazas, brindar monitoreo de identidad, y más, todo sin ningún problema de compatibilidad.

La compañía de transporte de contenedores, Mediterranean Shipping Company (MSC) ha recorrido este camino. Como muchos negocios, el ambiente de TI de MSC está esparcido a través de una variedad de ubicaciones, redes y tecnologías, como embarcaciones de contenedores, redes de camiones, y oficinas. Su estrategia previa de seguridad empleaba un mezcla de soluciones de terceros que de manera continua enfrentaba problemas de compatibilidad entre diferentes componentes, lo que daba a los atacantes una gran superficie de sondeo. Esto hizo a MSC vulnerable a amenazas como ataques sin malware (fileless attacks), phishing y ransomware. Sin embargo, incluso después de hacer la transición a una solución unificada de seguridad en la nube, ha sido capaz de protegerse contra ataques a través de una protección que se integra sin complicaciones a su ambiente existente.

Desempeño confiable, de manera más eficiente

Mientras más complejo se vuelva un ambiente de TI, más tiempo pasan los empleados en pruebas, mantenimiento y reparación de soluciones de seguridad de terceros. Un enfoque unificado de seguridad en la nube mejora el desempeño no sólo al brindar una estrategia de defensa en capas que sea consistente, también al automatizarla a través de toda la infraestructura de TI. En MSC, las actualizaciones de software y de seguridad ahora son llevadas a cabo de manera automática en implementadas sin retrasos, a través de la nube. La información acerca de posibles amenazas y brechas puede ser compartida de manera rápida a través de dispositivos e identidades, lo que acelera los tiempos de respuesta y recuperación para que los empleados puedan enfocarse en otros problemas.

Seguridad con flexibilidad para crecer

La escalabilidad es otro factor que impulsa la adopción. Un ambiente de nube puede escalar de manera sencilla para acomodar los picos de tráfico, usuarios adicionales, o aplicaciones con uso intensivo de datos. Un mosaico de soluciones de seguridad de terceros tiende a no ser tan ágil. En MSC, los controles de seguridad están integrados en múltiples niveles de la infraestructura de TI, desde el sistema operativo a la capa de aplicaciones, y puede cambiar su tamaño de manera dinámica para cumplir con las nuevas necesidades del negocio. Por ejemplo, los controles continuos de cumplimiento de normas pueden ser establecidos para monitorear actividades regulatorias y detectar vulnerabilidades conforme estas crecen.

Un enfoque unificado de seguridad: convertirse en el estándar

Las mejores soluciones de seguridad se desempeñan de manera silenciosa en segundo plano, para proteger a los usuarios sin que estos lo noten. La seguridad unificada de nube realiza esto a la vez que reduce los recursos requeridos para mantener las cosas en funcionamiento de manera fluida. “Una vez que cuentas con una verdadera defensa a profundidad, hay menos probabilidad de tener que determinar un usuario e impactar su productividad porque tienes que cambiar la imagen de una máquina infectada”, comentó Aaron Shvarts, jefe de seguridad en MSC Technology North America.

Después de mover sus cargas de trabajo a Azure y actualizar sus soluciones previas de seguridad de terceros a la protección nativa de Windows Defender, MSC ahora cuenta con una estrategia de defensa que se adapta a la complejidad de su negocio. Conozcan más acerca de las soluciones de seguridad de Azure y cómo Microsoft puede ayudarles a implementar seguridad unificada a través de su nube.

*Gartner, Smarter with Gartner, Is the Cloud Secure?, 27 de marzo 2018, https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/

Support Tip: Ignite 2018

September 19, 2018, 9:31 am
$
0
0

Heading to Ignite? Do you have Intune support questions? Intune Support-as-a-Feature experts (including many of the folks behind the @IntuneSuppTeam and this blog) will be at Ignite and would be happy to answer any Intune supportability questions you have. The team will be helping our peers in engineering staff the Intune booth on the show floor. Feel free to bring questions on active cases, share recent support experiences, or provide service communications feedback. If we don’t have an expert at the booth that can help you right away, we’ll be there all week and will be happy to follow-up in between sessions. Not every ticket or question can be resolved in person, but it’s always good to make the connection. See you at Ignite!

 

Infrastructure + Security: Noteworthy News (September, 2018)

September 19, 2018, 10:20 am
$
0
0

Hi there! Stanislav Belov here to bring you the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Microsoft Azure
Azure AD B2B Collaboration support for Google IDs is now in public preview
The B2B Google federation allows organizations to invite Gmail users to use their Google identity to sign in to Azure AD. Google is the first third-party identity provider that Azure AD supports.
Microsoft Authenticator companion app for Apple Watch now in public preview
We heard our customers loud and clear—they want support for the Microsoft Authenticator app on Apple Watch. So, that's why I'm thrilled to announce we are starting to roll out the public preview of the Microsoft Authenticator companion app for Apple Watch and plan to release to general availability within the next few weeks. This experience will allow you to approve sign-in notifications that require PIN or biometric on your Watch without having to use your phone. The Microsoft Authenticator app on Apple Watch supports Microsoft personal, work, and school accounts that are set up with push notifications. All supported accounts automatically sync to the Watch.
Azure subscription and service limits, quotas, and constraints
This document lists some of the most common Microsoft Azure limits, which are also sometimes called quotas. This document doesn't currently cover all Azure services. Over time, the list will be expanded and updated to cover more of the platform. Please make sure you check against these limitations before deploying a new Azure resource to avoid potential pitfalls.
How to choose the right encryption technology for Azure SQL Database or SQL Server
Transparent Data Encryption (TDE) and Always Encrypted are two different encryption technologies offered by SQL Server and Azure SQL Database. Generally, encryption protects data from unauthorized access in different scenarios. They are complementary features, and this blog post will show a side-by-side comparison to help decide which technology to choose and how to combine them to provide a layered security approach.
Windows Server
PowerShell is open sourced and is available on Linux

Today's customers live in a multi-platform, multi-cloud, multi-OS world – that's just reality. This world brings new challenges and customers need tools to make everything work together. Microsoft is working company-wide to deliver management tools that empower customers to manage any platform, from anywhere, on any device, using Linux or Windows. This shift to a more open, customer-obsessed approach to deliver innovation is one of the things that makes me most excited to come to work every day.
Migrating Roles and Features in Windows Server

This article contains links to information and tools that help guide you through the process of migrating roles and features to Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. Many roles and features can be migrated by using Windows Server Migration Tools, a set of five Windows PowerShell cmdlets that was introduced in Windows Server 2008 R2 for easily migrating role and feature elements and data.
Upgrade Domain Controllers to Windows Server 2016

This topic provides background information about Active Directory Domain Services in Windows Server 2016 and explains the process for upgrading domain controllers from Windows Server 2012 or Windows Server 2012 R2.
Windows Client
Helping customers shift to a modern desktop

IT is complex. And that means it can be difficult to keep up with the day-to-day demands of your organization, let alone deliver technological innovation that drives the business forward. In desktop management, this is especially true: the process of creating standard images, deploying devices, testing updates, and providing end user support hasn't changed much in years. It can be tedious, manual, and time consuming. We're determined to change that with our vision for a modern desktop powered by Windows 10 and Office 365 ProPlus. A modern desktop not only offers end users the most productive, most secure computing experience—it also saves IT time and money so you can focus on driving business results.
Security
Two seconds to take a bite out of mobile bank fraud with Artificial Intelligence

The future of mobile banking is clear. People love their mobile devices and banks are making big investments to enhance their apps with digital features and capabilities. As mobile banking grows, so does the one aspect about it that can be wrenching for customers and banks, mobile device fraud.
Microsoft Threat Modeling Tool GA Release
The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.
How Security Center and Log Analytics can be used for Threat Hunting
If you need to do threat hunting, there are several considerations that you should consider. You not only need a good analyst team, you need an even larger team of service engineers and administrators that worry about deploying an agent to collect the investigations related data, parsing them in a format where queries could be run, building tools that help query this data and lastly indexing the data so that your queries run faster and actually give results. ASC and Log Analytics take care of all of this and will make hunting for threats much easier. What organizations need is a change in mindset. Instead of being just alert driven, they should also incorporate active threat hunting into their overall security program.
Protecting user identities
Microsoft 365 security solutions help you protect users and corporate accounts. By making identity the control plane, Microsoft 365 offerings manage identities as the first step to providing access to corporate resources and restricting users who are high risk. Tools like single sign-on (SSO), Multi-Factor Authentication (MFA), and Windows 10 Hello for Business help you secure access. Additionally, there are actions you can take if an identity is compromised and ways to lock down or wipe devices to protect sensitive data in case of loss or theft.
Small businesses targeted by highly localized Ursnif campaign
Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a net as possible to increase the pool of potential victims. But attacks that create a lot of noise are often easier to spot and stop. Cyber thieves are catching on that we are watching them, so they are trying something different. Now we're seeing a growing trend of small-scale, localized attacks that use specially crafted social engineering to stay under the radar and compromise more victims.
Office VBA + AMSI: Parting the veil on malicious macro
Macro-based threats have always been a prevalent entry point for malware, but we have observed a resurgence in recent years. Continuous improvements in platform and application security have led to the decline of software exploits, and attackers have found a viable alternative infection vector in social engineering attacks that abuse functionalities like VBA macros. Microsoft, along with the rest of the industry, observed attackers transition from exploits to using malicious macros to infect endpoints. Malicious macros have since showed up in commodity malware campaigns, targeted attacks, and in red-team activities.
Vulnerabilities and Updates
Microsoft on September 11, 2018, released security updates to provide additional protections against malicious attackers. As a best practice, Microsoft encourages customers to turn on automatic updates. More information about this month's security updates can be found in the Security Update Guide.
Support Lifecycle
The next End of Support deadline is October 9, 2018. The following products and Service Packs will NO longer be supported after this date:
  • SQL Server 2012 SP3
  • Enterprise Desktop Virtualization (MED-V) 1.0
  • Windows 10 Mobile (released in Aug. 2016)
  • Expression Studio 2
Extended Security Updates for SQL Server and Windows Server 2008/2008 R2: Frequently Asked Questions (PDF)

On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Don't let your infrastructure and applications go unprotected. We're here to help you migrate to current versions for greater security, performance and innovation.
Microsoft Premier Support News
Onboarding Accelerator – Implementing Visual Auditing Security Tool is a 5-Day Engagement and delivered by a Microsoft Premier Field Engineer (PFE). Visual Auditing Security Tool (VAST) is a cloud-based PowerBI dashboard solution that provides security professionals visibility about the many of the most common types of security weaknesses in an IT environment. It also provides specific, actionable KPI-based metrics to measure your organization's effectiveness in mitigating well-established, known attack playbooks.
The Architectural Service – Microsoft Azure: Cloud Ready Datacenter service helps to assess the current state of your on-premises environment, perform a gap-analysis with focus on your architectural capabilities, and ensure that the IT environment is cloud-ready. This 4-day service includes Remediation Planning Services that provides a step-by-step roadmap to enabling your environment and teams to be cloud ready. This assessment provides you with a recommendation report and overall plan of action to correct existing network and server configurations that are incompatible with hybrid cloud architecture.
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.

Office 365: Challenges with Distribution Groups for Migrated Mailboxes and a Script Based Solution

September 19, 2018, 10:21 am
$
0
0

===========================================================================================

Group Migration Script v1.0 –> https://github.com/timmcmic/DLConversion/blob/master/src/DLConversion.ps1

===========================================================================================

Distribution groups are an excellent way to organize multiple recipients under a single address.  Like Exchange Server on-premises, Office 365 supports mail-enabled distribution groups, security groups, and dynamic distribution groups.  When Active Directory and Exchange are used on-premises, distribution groups are typically created in the on-premises Active Directory and Azure Active Directory Connect is used to maintain and replicate the distribution groups to Office 365.

Generally, there are two types of administration models that use distribution groups (which can co-exist or be used exclusively):

1. The first model uses centralized administration for all configuration and membership changes. When a member needs to be added or removed, the help desk or an admin typically processes the request.  When co-existing with Office 365 this type of administration model is very effective.  With all changes originating on premises – Azure AD Connect can easily replicated them into the Azure AD where Office 365 workloads can process them.

2. The second model delegates some or all to the user that owns the distribution group. In this model, Outlook is used for management of the distribution group.  In a hybrid configuration, this model often creates management challenges. Outlook processes the membership changes by modifying membership on the domain controller provided to the user’s mailbox by Active Directory. After the membership change is made, Azure AD Connect pushes the requested changes to Azure AD where Office 365 workloads can process them. Office 365 mailboxes receive their list of domain controllers from Exchange Online, which prevents distribution group synchronized from on-premises from being modified in Office 365. Therefore, anyone whose mailbox has been migrated to Office 365 can no longer managed distribution groups. The same is also true for administrators that attempt to manage the distribution group in Office 365.

When asked how to allow migrated mailboxes to manage distribution groups that are owned by the mailboxes the answer is to migrate the distribution groups to Office 365. For some, this involves manually deleting and recreating the distribution groups. Others have also found scripts to do this, but they don’t always address all the attributes associated with a distribution group and instead focus on simple attributes like proxy addresses, membership, name, etc.

In this post, I’ll show you a script that addresses these concerns and allows you to migrate distribution groups to Office 365 with full fidelity. Before we get into the script, let’s look at some of the challenges encountered when attempting to migrate distribution groups.

Group Membership

Distribution groups created on-premises are managed using AD tools or Exchange management tools. When managing distribution groups with Exchange tools, membership rules are enforced (for example, a member can be added only if the object is mail-enabled). This can include mail contacts, mail users, and mailboxes. Groups and users, both mail-enabled and not, can be added using Exchange tools.  AD tools are more forgiving, though; the administrator can add any valid AD object to the group membership (for example, a contact that is not mail-enabled could be added to the distribution group, although this would have no effect on mail flow).

Exchange Online has a set of rules for objects that are replicated from Azure AD to Exchange Online Active Directory.  If an object is not mail-enabled, it is not represented in Exchange Online AD. This includes any groups that are members of an on-premises distribution group but not mail-enabled.  An exception to this rule is user accounts. User account objects are replicated to Exchange Online even if they are not mail-enabled.

When migrating distribution groups, all objects that are not mail-enabled or users must be filtered out. Here is an example of a distribution group that contains a mix of members.

PS C:> Get-DistributionGroupMember -Identity Migrate

Name              RecipientType
----              -------------
Domain Users      Group
Journal Mailbox   UserMailbox
Brian Murphy      MailContact
Timothy McMichael MailUser
Migrate1          MailUniversalSecurityGroup
Migrate2          MailUniversalDistributionGroup
Team Manager      User
Dynamic           DynamicDistributionGroup
Test Contact      Contact


Users and Groups

For users and groups to be members of a distribution group they must exist in Office 365.  There are common scenarios where Organizational Units are intentionally excluded from replication to Azure Active Directory.  Before migrating any distribution groups you must ensure that the members exist in Office 365.  If they don’t, attempts to create the distribution group through automation will fail.  Since it is possible for groups to have other group as members, any type of migration of a group to Office 365 will require removal of the on-premises group. If the groups that are members are not migrated first, their membership in that group would be lost.

Multivalued Attributes

Distribution groups have several multi-valued attributes that require consideration before migrated.  The attributes managedBy, moderatedBy, acceptMessagesOnlyFromSendersOrMembers, grantSendOnBehalfTo, rejectMessagesFromSendersOrMembers, and bypassModerationFromSendersOrMembers, for example, store their member references as distinguished names of objects.  Here is a sample output:

PS C:> $a=Get-DistributionGroup migrate
PS C:> $a.managedBy
domain.local/Organization/Users/Officers/Timothy McMichael
domain.local/Organization/Users/Officers/Bill Smith
PS C:> $a.moderatedBy
domain.local/Organization/Users/Officers/Timothy McMichael
PS C:> $a.AcceptMessagesOnlyFromSendersOrMembers domain.local/Organization/Users/Officers/Bill Smith
domain.local/ConvertedDL/Migrate1
PS C:> $a.BypassModerationFromSendersOrMembers
domain.local/ConvertedDL/Migrate1
PS C:> $a.RejectMessagesFromSendersOrMembers
domain.local/ConvertedDL/Migrate2
PS C:> $a.GrantSendOnBehalfTo
domain.local/Organization/Users/Officers/Timothy McMichael

If these attributes were extracted as arrays and then used with Office 365, the references would not work because the DNs of the objects stored in Office 365 needs to reference the DN of the object in Exchange Online. 

The managedBy attribute is a shared attribute with Active Directory, and it can be set to a non-mail-enabled user.  In Exchange Online, only a valid recipient object can be entered in the managedBy field.  Thus, before you can convert the distribution group, you must ensure that all members of the managedBy field are Exchange Online recipients.

The remaining multi-valued attributes can only be set via Exchange cmdlets, which ensures that the objects are mail-enabled user objects.

Proxy / Email Addresses

The email addresses field is a multi-valued attribute.  If the proxy addresses are not in use on another object in Exchange Online, they can be moved to the new distribution group.  Note, that it is important to preserve the Reply To functionality.  Migrated distribution groups don’t really change – they have the same name, same proxy addresses, and same members.  But the nickname cache in Outlook uses the distinguished name of the group (which points to on-premises).  If a user were to address an email to the migrated group by selecting the group from nickname cache, the message would NDR.

Other Attributes

Other attributes of a distribution group are mostly text based, allowing them to be exported and imported as text. There are also several Boolean values that can be translated to the equivalent on the new distribution group, including custom attributes.

Group Migration Script

The group migration script described in this post considers all the factors presented above. Executing the script starts by preparing some pre-requisites.

Prerequisites

The first pre-requisite is to establish an Organizational Unit (OU) within Active Directory that is not synchronized to Azure Active Directory. This OU will be where the group objects will be moved during the conversion process. The conversion process in v1 of the script retains the original distribution group.  The distinguished name of this group will need to be recorded as it will be a script variable.

The second pre-requisite involves creating a secure credentials XML file that can be used by the script. The administrator must note the file names and the path where they are stored. These are variables within the script that must be updated, or the administrator can match the files contained in the script.  Create one file for on-premises credentials and one file for cloud credentials. If using XML files is not your preferred method of handling credentials, you can modify the script to prompt for credentials or consider storing credentials using other methods supported by PowerShell.

$cred = get-credential

$cred | export-cliXML –path c:Scriptscredentials.xml

One caveat to using these files is that they are signed to the user and machine on which they were created.  Therefore, all admins using the script have to create their own sets of files.

The third pre-requisite is to ensure that the PSLOGGING module from the PowerShell Gallery is installed. This module is necessary to create files that record operations along with clean-up and logging when an error has occurred.

install-module PSLOGGING

The fourth pre-requisite is to configure Basic authentication on a local PowerShell directory.  By default, Basic authentication is not enabled in on-premises, which limits the ability to create a “remote” PowerShell session to on-premises Exchange server. Administrators often work around this by identifying one server where Basic authentication is enabled or by enabling Basic authentication on all PowerShell virtual directories behind a load-balanced name.  Whether a single server or multiple servers are used, it is a requirement to establish an SSL session to the name provided, which means there must be a public certificate installed on the specified endpoint.

Get-PowerShellVirtualDirectory –server <SERVERNAME> | Set-PowerShellVirtualDirectory –basicAuthentication:$TRUE

The last pre-requisite is to review the variables contained within the script for any necessary modifications. Variables that are recommended for the admin to adjust are noted with ###ADMIN### in front of their definition. These variables include PowerShell URLs, paths, and file names.

Script Mechanics

With the pre-requisites covered, let’s dive into the mechanics of how the script works and review the individual functions.

The process starts by gathering the credentials XML files and preparing them for use in subsequent functions. The success or failure of these operations is largely dependent on ensuring the credentials stored in the files are accurate and that the associated variables with the files have been updated successfully.

The script then proceeds to create the necessary PowerShell sessions for operations to be performed.  There are three PowerShell sessions created:

1. The first session is to an on-premises server where commands will operate against on-premises recipient objects.

2. The second session is to Office 365 where Office 365 recipient commands will be executed.

3. The third session is to the Azure AD Connect server, which will be used to invoke synchronization as recipient objects are modified.

To activate the on-premises and Office 365 PowerShell sessions, they must be imported.  When importing remote PowerShell sessions, you can often have the same cmdlets returned in each session.  In this case, there is definite overlap between Exchange and Exchange Online.  To avoid any confusion when importing the Office 365 PowerShell session we append the cmdlets with O365.  This effectively takes a cmdlet like Get-Recipient and makes it Get-O365Recipient. PowerShell is smart enough to detect the correct cmdlet and invoke it within the appropriate session.

After the underlying PowerShell sessions are started, the script exports all properties of the on-premises distribution group and all properties of the Office 365 distribution group to variables for later use.  The Office 365 distribution group should match the on-premises group as the source of authority for the Office 365 group is on-premises.

After the data has been extracted, the script performs a safety check against the distribution group, which reviews the directory synchronization flag of the distribution group in Office 365. If this flag is set to FALSE, it indicates that the distribution group is cloud-only.  If this scenario occurs, the script is automatically ended. The script can only be so smart, and it uses the SMTP address of the on-premises distribution group to locate the replicated copy in Office 365. Because it’s possible for a group in Office 365 and on-premises to share the same address even though they are not directory synchronized, the script must stop because if it continued, the Office 365 group would be removed and replaced with the on-premises group which could have unintended consequences.

After the safety check is complete, the script records and exports the information for the on-premises and Office 365 groups to XML files defined by the administrator. XML output allows us to retain full fidelity of the multivalued attributes in case something goes wrong, or we need to manually correct a failure condition.

The last portion of data collection (membership) and backup then proceeds. Membership is obtained and written to a variable that will be used in later operations. It is also exported to XML file to ensure that we have a copy of the information prior to starting any of the conversion activities.

With all the pertinent information stored within variables and backup XML files, the next step is processing this information. In the previous section, I outlined some of the challenges in working with this data.  There can be non-mail-enabled objects that need to be accounted for – these will not have primary SMTP addresses. There are mail-enabled objects that need to be accounted for but may be stored as distinguished names on certain attributes. Knowing that we need to account for all these differences forces us to develop a method to translate those individual users and recipients to objects that can be located in Exchange Online. To that end, we know that we can locate recipients via their primary SMTP address or a user account through the user principal name. So, the script iterates through all the multi-valued attributes and attempts to normalize the data into references that can be found in Exchange Online. If the object is a recipient class, we record the primarySMTPAddress of the object.  If the object is a non-mail-enabled user, we record the userPrincipalName of the object.  For each multi-valued attribute this culminates in an individual array of references that will allow us to find the objects in Exchange Online.

When the arrays of normalized data have been built we need to validate that the objects can be found in Exchange Online. The script looks for objects in Exchange Online using Get-Recipient and Get-User cmdlets in the Office 365 PowerShell. If the object is found, the recipient or user is valid and is synchronized by Azure AD Connect.  If an object is not found, the process stops and allows the administrator to correct any issues. Groups can also be members of distribution groups, so the script reviews all groups that are members and determines if they have been migrated to Office 365. Assuming all users are found, and all member groups have been migrated, it is safe to proceed with the migration.

The first step in finalizing the migration is to move the distribution group to the OU that does not synchronize. As the script proceeds, Azure AD Connect will see this as a group deletion and eventually remove it from Office 365.  The removal from Azure AD will propagate to Exchange Online Active Directory, resulting in the distribution group becoming deleted.

To ensure that all domain controllers show that the group was moved to the OU, repadmin is used to force replication across all domain controllers in the domain.  If your domain is very large, consider changing this function to a list of domain controllers or to a single domain controller.  You can also comment out the function and just increase the wait time to allow for normal replication to occur.

With domain replication underway/completed, next is to remove the distribution group from Azure AD. This process uses a remote PowerShell session to perform a delta synchronization.  A delta synchronization may already be in progress, so the script is designed to retry every 1 minute until it can assure that at least one delta sync was triggered by the script.  A delta sync can take several minutes to run depending on the size of the environment, and it only removes the group from Azure AD. The forward synchronization process will detect the groups removal from Azure AD and synchronize the change to Exchange Online.  Because there really is no way to monitor progress once the delta synchronization is issued, the script begins issuing calls to Azure AD for the group. If the call is successful, the group still exists, and the script waits 1 minute between attempts, looping until the group is not found (basically, an error occurs locating the group, which confirms the group is no longer in Office 365).

Once the group has been removed the script can now create the new replacement group using the base settings.  Next, all the non-multivalued attributes of the distribution group are set, including email addresses, custom attribute, extension attributes, and other Boolean variables that control mail flow, delivery, etc.  Next, multi-valued attributes are set by using the normalized arrays that were built previously. After all attributes have been addressed, the new distribution group in Office 365 now mirrors the original distribution group on-premises.

The final step is to gather all the settings of the new distribution group and export them to XML, which serves as a record of the operation. At the end of the script, all created PowerShell sessions are removed in preparation for the next migration.

Frequently Asked Questions

Q:  How can I prevent PowerShell sessions from timing out?

A:  There is really no method to prevent the PowerShell settings from timing out.  During testing, we determined that the operation that ran the longest was building the array of normalized SMTP addresses for the distribution group membership.  When the PowerShell session to Office 365 was left open during this process it would often be closed before we were ready to proceed with other portions.  It was also determined that when processing long arrays (for example, adding all the distribution group membership), the session may time out.  To overcome this, we routinely reset the session to Office 365 after portions of the script that took more time to process data.

Q:  Can the script be run in bulk?

A:  It is possible to feed the script a list of proxy addresses for distribution groups to migrate by calling the script multiple times.  The process through would repeat in terms of domain controller replication, Azure AD Connect synchronization, etc.  The original design of the script approached this from the perspective of servicing one-off requests for migration and not necessarily bulk migrations or conversions.

Q:  Is the script efficient?

A:  Efficiency is always relative…is it more efficient then trying to do all of this by hand and manage all the attributes? Certainly. The script must rely on several processes that do not necessarily have any guaranteed timelines.  For example, we can’t predict how long a delta sync or forward sync will take.  Thus, it’s not possible to give you a 100% accurate estimate of how long it takes to migrate a distribution group.  There is also a great deal of logging that occurs during the script which adds some overhead, but given the nature and importance of distribution groups, having the additional information is important.

Q:  What is the largest distribution group size that was tested?

A:  The script was validated using a distribution group with 10,000 members and had a minimum of 10 members in each of the multi-valued attributes.

Q:  How long did it take to migrate a group with 10,000 members?

A:  A little more than 3 hours:

Days              : 0
Hours             : 3
Minutes           : 6
Seconds           : 57
Milliseconds      : 768
Ticks             : 112177687252
TotalDays         : 0.129835286171296
TotalHours        : 3.11604686811111
TotalMinutes      : 186.962812086667
TotalSeconds      : 11217.7687252
TotalMilliseconds : 11217768.7252

Q:  What happens to mail flow during the migration process?

A:  It depends.  The distribution group is maintained on-premises during this entire process.  If messages enter the on-premises environment first and are addressed to the distribution group, you can expect that expansion will occur and message delivery will happen. The group in Office 365 is in flux during the entire migration process.  If the group is missing and a message is received, it may NDR.  If the group has been created but member addition is in-progress, then only some of the members may receive it.  I recommend that you provide warnings to distribution group owners that mail flow will be affected during the transition.

Q:  If the distribution group is a mail-enabled security group, and that group has been assigned permissions to Office 365 workloads, what happens during the conversion?

A:  Permissions would be lost.  The script only works because the group is deleted – and this would be processed by other workloads as a group deletion.

Q:  Do I have to keep the on-premises distribution group post-migration?

A:  It depends.  If messages are processed through the on-premises environment, there needs to be a corresponding mail-enabled object.  We are looking into automating the conversion of the group to a mail contact in a future version of the script to allow for mail flow to continue.

Q:  Dynamic distribution groups are not replicated by Azure Active Directory Connect.  How does the script handle dynamic distribution groups?

A:  Administrators must manually create dynamic distribution groups in Office 365.  The script intentionally does not treat dynamic distribution groups differently then a normal recipient.  In this case we detect a member and record the primary SMTP address.  When we run the recipient test against Office 365 by primary SMTP address – the recipient is returned and the script can proceed.  If the recipient is not found the script will fail.

Sample Invocations

===============================================================================

Attempting to convert the distribution group Migrate without ignoring invalid managers or invalid members.  The group to be converted IS NOT located in Office 365.  An error is generated and the script stops.

PS C:Scripts> .ConvertDL.ps1 -dlToConvert Migrate -ignoreInvalidDLMember:$FALSE -ignoreInvalidManagedByMember:$FALSE



     Directory: C:Scripts




Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/18/2018   7:17 PM              0 DLConversion.log
***************************************************************************************************
Started processing at [09/18/2018 19:17:22].
***************************************************************************************************



Running script version [1.0].



***************************************************************************************************



This function imports the on premises secured credentials file....
The on premises credentials file was imported successfully.



This function imports the Office 365 secured credentials file....
The Office 365 credentials file was imported successfully.



This function creates the powershell session to on premises Exchange....
The powershell session to on premises Exchange was created successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function creates the powershell session to AAD Connect....
The powershell session to AAD Connect was created successfully.



This function imports the powershell session to on premises Exchange....
WARNING: The names of some imported commands from the module 'tmp_y0ib5tyw.pmz' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_y0ib5tyw.pmz
Path              : C:Usersadmin.domainAppDataLocalTemptmp_y0ib5tyw.pmztmp_y0ib5tyw.pmz.psm1
Description       : Implicit remoting for https://webmail.domain.com/powershell

Guid              : 1dfe9d4c-8ca2-4de2-aa8c-8e0281af907c
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_y0ib5tyw.pmz
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-ADPermission, Add-ADPermission], [Add-AvailabilityAddressSpace,
                     Add-AvailabilityAddressSpace], [Add-ContentFilterPhrase, Add-ContentFilterPhrase],
                     [Add-DatabaseAvailabilityGroupServer, Add-DatabaseAvailabilityGroupServer]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to on premises Exchange was imported successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_rt1gncnz.op4' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_rt1gncnz.op4
Path              : C:Usersadmin.domainAppDataLocalTemptmp_rt1gncnz.op4tmp_rt1gncnz.op4.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : f829f0b4-a669-4e18-a789-4afa9e4e9bd0
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_rt1gncnz.op4
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



This function collects the on premises distribution list configuration....
The on premises distribution list information was collected successfully.



This function collects the Office 365 distribution list configuration....

The operation couldn't be performed because object 'Migrate' couldn't be found on
'CO1PR06A002DC02.NAMPR06A002.prod.outlook.com'.
     + CategoryInfo          : NotSpecified: (:) [Get-DistributionGroup], ManagementObjectNotFoundException
     + FullyQualifiedErrorId : [Server=MWHPR06MB2446,RequestId=bef7d47e-8d2d-4c75-a6d4-40264dee7723,TimeStamp=9/18/2018
7:17:47 PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException]
F71693B4,Microsoft.Exchange.Management.RecipientTasks.GetDistributionGroup
     + PSComputerName        : outlook.office365.com
The operation couldn't be performed because object 'Migrate' couldn't be found on
'CO1PR06A002DC02.NAMPR06A002.prod.outlook.com'.
     + CategoryInfo          : NotSpecified: (:) [Get-DistributionGroup], ManagementObjectNotFoundException
     + FullyQualifiedErrorId : [Server=MWHPR06MB2446,RequestId=bef7d47e-8d2d-4c75-a6d4-40264dee7723,TimeStamp=9/18/2018
     7:17:47 PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] F71693B4,Microsoft.Exchange.Management.Rec
   ipientTasks.GetDistributionGroup
     + PSComputerName        : outlook.office365.com



ERROR: The Office 365 distribution list information could not be collected - exiting.
ERROR: The operation couldn't be performed because object 'Migrate' couldn't be found on 'CO1PR06A002DC02.NAMPR06A002.prod.outlook.com'.
This function cleans up all powershell sessions....
All powershell sessions have been cleaned up successfully.




***************************************************************************************************
Finished processing at [09/18/2018 19:17:47].
***************************************************************************************************

===============================================================================

===============================================================================

Attempting to convert the distribution group Migrate without ignoring invalid managers or invalid members.  The group contains another distribution or security group that is not mail enabled.  An error is generated and the script stops.

PS C:Scripts> .ConvertDL.ps1 -dlToConvert Migrate -ignoreInvalidDLMember:$FALSE -ignoreInvalidManagedByMember:$FALSE



     Directory: C:Scripts




Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/19/2018   2:11 PM              0 DLConversion.log
***************************************************************************************************
Started processing at [09/19/2018 14:11:07].
***************************************************************************************************



Running script version [1.0].



***************************************************************************************************



This function imports the on premises secured credentials file....
The on premises credentials file was imported successfully.



This function imports the Office 365 secured credentials file....
The Office 365 credentials file was imported successfully.



This function creates the powershell session to on premises Exchange....
The powershell session to on premises Exchange was created successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function creates the powershell session to AAD Connect....
The powershell session to AAD Connect was created successfully.



This function imports the powershell session to on premises Exchange....
WARNING: The names of some imported commands from the module 'tmp_rmsylwqo.1zq' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_rmsylwqo.1zq
Path              : C:Usersadmin.domainAppDataLocalTemptmp_rmsylwqo.1zqtmp_rmsylwqo.1zq.psm1
Description       : Implicit remoting for https://webmail.domain.com/powershell

Guid              : bb38fffd-b692-41c6-bb7f-ac49fe3a006b
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_rmsylwqo.1zq
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-ADPermission, Add-ADPermission], [Add-AvailabilityAddressSpace,
                     Add-AvailabilityAddressSpace], [Add-ContentFilterPhrase, Add-ContentFilterPhrase],
                     [Add-DatabaseAvailabilityGroupServer, Add-DatabaseAvailabilityGroupServer]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to on premises Exchange was imported successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_4korcvyz.ikr' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_4korcvyz.ikr
Path              : C:Usersadmin.domainAppDataLocalTemptmp_4korcvyz.ikrtmp_4korcvyz.ikr.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 1a019be1-7a24-410f-b38e-37dbcc282021
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_4korcvyz.ikr
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



This function collects the on premises distribution list configuration....
The on premises distribution list information was collected successfully.



This function collects the Office 365 distribution list configuration....
The Office 365 distribution list information was collected successfully.



This function validates a cloud DLs saftey to migrate....
The DL is safe to proeced for conversion - source of authority is on-premises.



This function writes the on prmeises distribution list configuration to XML....
The on premises distribution list information was written to XML successfully.



This function writes the Office 365 distribution list configuration to XML....
The Office 365 distribution list information was written to XML successfully.



This function collections the on premises DL membership....
The DL membership was collected successfully.



This function writes the on prmeises distribution list membership configuration to XML....
The on premises distribution list membership information was written to XML successfully.



This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



Begin processing a DL membership array.
This function builds an array of DL members or multivalued attributes....

ERROR: Domain Users
ERROR: A non-mail enabled or Office 365 object was found in the group.
ERROR: Script invoked without skipping invalid DL Member.
ERROR: The object must be removed or mail enabled.
ERROR: EXITING.
This function cleans up all powershell sessions....
All powershell sessions have been cleaned up successfully.




***************************************************************************************************
Finished processing at [09/19/2018 14:11:55].
***************************************************************************************************

===============================================================================

===============================================================================

Attempting to convert the distribution group Migrate without ignoring invalid managers or invalid members.  The group contains another mail enabled distribution group that has not been migrated to Office 365.  The script automatically stops as all sub groups need to be migrated prior to top level groups.  The script was also run with –ignoreInvalidDLMembers TRUE – all non-mail enabled members or members not represented in Office 365 ar automatically ignored.

PS C:Scripts> .ConvertDL.ps1 -dlToConvert Migrate -ignoreInvalidDLMember:$TRUE -ignoreInvalidManagedByMember:$FALSE



     Directory: C:Scripts




Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/19/2018   2:22 PM              0 DLConversion.log
***************************************************************************************************
Started processing at [09/19/2018 14:22:24].
***************************************************************************************************



Running script version [1.0].



***************************************************************************************************



This function imports the on premises secured credentials file....
The on premises credentials file was imported successfully.



This function imports the Office 365 secured credentials file....
The Office 365 credentials file was imported successfully.



This function creates the powershell session to on premises Exchange....
The powershell session to on premises Exchange was created successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function creates the powershell session to AAD Connect....
The powershell session to AAD Connect was created successfully.



This function imports the powershell session to on premises Exchange....
WARNING: The names of some imported commands from the module 'tmp_b11x0ew3.20l' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_b11x0ew3.20l
Path              : C:Usersadmin.domainAppDataLocalTemptmp_b11x0ew3.20ltmp_b11x0ew3.20l.psm1
Description       : Implicit remoting for https://webmail.domain.com/powershell

Guid              : 3c49dbae-b2af-428e-9be4-94ffc63126a4
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_b11x0ew3.20l
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-ADPermission, Add-ADPermission], [Add-AvailabilityAddressSpace,
                     Add-AvailabilityAddressSpace], [Add-ContentFilterPhrase, Add-ContentFilterPhrase],
                     [Add-DatabaseAvailabilityGroupServer, Add-DatabaseAvailabilityGroupServer]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to on premises Exchange was imported successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_ti245wqn.qju' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_ti245wqn.qju
Path              : C:Usersadmin.domainAppDataLocalTemptmp_ti245wqn.qjutmp_ti245wqn.qju.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 4c2cf1a7-0042-4595-9025-98728851b5ed
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_ti245wqn.qju
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



This function collects the on premises distribution list configuration....
The on premises distribution list information was collected successfully.



This function collects the Office 365 distribution list configuration....
The Office 365 distribution list information was collected successfully.



This function validates a cloud DLs saftey to migrate....
The DL is safe to proeced for conversion - source of authority is on-premises.



This function writes the on prmeises distribution list configuration to XML....
The on premises distribution list information was written to XML successfully.



This function writes the Office 365 distribution list configuration to XML....
The Office 365 distribution list information was written to XML successfully.



This function collections the on premises DL membership....
The DL membership was collected successfully.



This function writes the on prmeises distribution list membership configuration to XML....
The on premises distribution list membership information was written to XML successfully.



This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



Begin processing a DL membership array.
This function builds an array of DL members or multivalued attributes....
Processing mail enabled DL member:
Journal Mailbox
Processing mail enabled DL member:
Brian Murphy
Processing mail enabled DL member:
Timothy McMichael
Processing mail enabled DL member:
Migrate1
Processing mail enabled DL member:
Migrate2
Processing non-mailenabled DL member:
Team Manager
Processing mail enabled DL member:
Dynamic

The following object was intentionally skipped - object type not replicated to Exchange Online
Test Contact
Processing mail enabled DL member:
NotReplicated
The following SMTP address was added to the array:
journal@domain.org
The following SMTP address was added to the array:
brian@domain.com
The following SMTP address was added to the array:
tmcmichael@domain.org
The following SMTP address was added to the array:
Migrate1@domain.org
The following SMTP address was added to the array:
Migrate2@domain.org
The following SMTP address was added to the array:
teammanager@domain.org
The following SMTP address was added to the array:
Dynamic@domain.org
The following SMTP address was added to the array:
notreplicate@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_2cmzyxkm.gbx' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_2cmzyxkm.gbx
Path              : C:Usersadmin.domainAppDataLocalTemptmp_2cmzyxkm.gbxtmp_2cmzyxkm.gbx.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 455ba332-1b14-49d2-891d-1701e6fdea84
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_2cmzyxkm.gbx
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
journal@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
brian@domain.com
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
tmcmichael@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate1@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate1@domain.org
False
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate2@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate2@domain.org
True

ERROR: A distribution list was found as a sub-member or on a multi-valued attribute.
ERROR: The distribution list has not been migrated to Office 365 (DirSync Flag is TRUE)
ERROR: All sub lists or lists with permissions must be migrated before proceeding.
This function cleans up all powershell sessions....
All powershell sessions have been cleaned up successfully.


***************************************************************************************************
Finished processing at [09/19/2018 14:23:08].
***************************************************************************************************

===============================================================================

===============================================================================

Attempting to convert the distribution group Migrate without ignoring invalid managers or invalid members.  The group contains a mailbox recipient that is not represented in Office 365.  Although the ignoreInvalidDLMember is set to $TRUE – since the object should be a valid object present in Office 365 the script stops.  (In this case the user is in an OU that is not synchronized to Office 365).

PS C:Scripts> .ConvertDL.ps1 -dlToConvert Migrate -ignoreInvalidDLMember:$TRUE -ignoreInvalidManagedByMember:$FALSE



     Directory: C:Scripts




Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/19/2018   2:27 PM              0 DLConversion.log
***************************************************************************************************
Started processing at [09/19/2018 14:27:17].
***************************************************************************************************



Running script version [1.0].



***************************************************************************************************



This function imports the on premises secured credentials file....
The on premises credentials file was imported successfully.



This function imports the Office 365 secured credentials file....
The Office 365 credentials file was imported successfully.



This function creates the powershell session to on premises Exchange....
The powershell session to on premises Exchange was created successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function creates the powershell session to AAD Connect....
The powershell session to AAD Connect was created successfully.



This function imports the powershell session to on premises Exchange....
WARNING: The names of some imported commands from the module 'tmp_tvpecjxl.5ga' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_tvpecjxl.5ga
Path              : C:Usersadmin.domainAppDataLocalTemptmp_tvpecjxl.5gatmp_tvpecjxl.5ga.psm1
Description       : Implicit remoting for https://webmail.domain.com/powershell

Guid              : 0985f143-cf95-4102-87d9-030408dd4bc8
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_tvpecjxl.5ga
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-ADPermission, Add-ADPermission], [Add-AvailabilityAddressSpace,
                     Add-AvailabilityAddressSpace], [Add-ContentFilterPhrase, Add-ContentFilterPhrase],
                     [Add-DatabaseAvailabilityGroupServer, Add-DatabaseAvailabilityGroupServer]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to on premises Exchange was imported successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_i4ivhhbw.2tu' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_i4ivhhbw.2tu
Path              : C:Usersadmin.domainAppDataLocalTemptmp_i4ivhhbw.2tutmp_i4ivhhbw.2tu.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 86d813da-91e6-4e12-a369-577d696f60f4
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_i4ivhhbw.2tu
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



This function collects the on premises distribution list configuration....
The on premises distribution list information was collected successfully.



This function collects the Office 365 distribution list configuration....
The Office 365 distribution list information was collected successfully.



This function validates a cloud DLs saftey to migrate....
The DL is safe to proeced for conversion - source of authority is on-premises.



This function writes the on prmeises distribution list configuration to XML....
The on premises distribution list information was written to XML successfully.



This function writes the Office 365 distribution list configuration to XML....
The Office 365 distribution list information was written to XML successfully.



This function collections the on premises DL membership....
The DL membership was collected successfully.



This function writes the on prmeises distribution list membership configuration to XML....
The on premises distribution list membership information was written to XML successfully.



This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



Begin processing a DL membership array.
This function builds an array of DL members or multivalued attributes....
Processing mail enabled DL member:
Journal Mailbox
Processing mail enabled DL member:
Brian Murphy
Processing mail enabled DL member:
Timothy McMichael
Processing mail enabled DL member:
Migrate1
Processing non-mailenabled DL member:
Team Manager
Processing mail enabled DL member:
Dynamic
The following object was intentionally skipped - object type not replicated to Exchange Online
Test Contact
Processing mail enabled DL member:
NotReplicated
The following SMTP address was added to the array:
journal@domain.org
The following SMTP address was added to the array:
brian@domain.com
The following SMTP address was added to the array:
tmcmichael@domain.org
The following SMTP address was added to the array:
Migrate1@domain.org
The following SMTP address was added to the array:
teammanager@domain.org
The following SMTP address was added to the array:
Dynamic@domain.org
The following SMTP address was added to the array:
notreplicate@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_rysbip4g.faj' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_rysbip4g.faj
Path              : C:Usersadmin.domainAppDataLocalTemptmp_rysbip4g.fajtmp_rysbip4g.faj.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 95f11f7e-d775-4d52-8cb5-b4ba67dd7e35
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_rysbip4g.faj
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
journal@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
brian@domain.com
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
tmcmichael@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate1@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate1@domain.org
False
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
teammanager@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Dynamic@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....

Testing user in Office 365...
notreplicate@domain.org

The operation couldn't be performed because object 'notreplicate@domain.org' couldn't be found on
'CO1PR06A002DC02.NAMPR06A002.prod.outlook.com'.
     + CategoryInfo          : NotSpecified: (:) [Get-Recipient], ManagementObjectNotFoundException
     + FullyQualifiedErrorId : [Server=MWHPR06MB2446,RequestId=f6a99890-192d-4630-b244-337d6c706c97,TimeStamp=9/19/2018
     2:28:03 PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 5A65645E,Microsoft.Exchange.Management.Rec
   ipientTasks.GetRecipient
     + PSComputerName        : outlook.office365.com



ERROR: The recipients were not found in Office 365 - exiting.
ERROR: The operation couldn't be performed because object 'notreplicate@domain.org' couldn't be found on 'CO1PR06A002DC02.NAMPR06A002.prod.outlook.com'.
This function cleans up all powershell sessions....
All powershell sessions have been cleaned up successfully.




***************************************************************************************************
Finished processing at [09/19/2018 14:28:04].
***************************************************************************************************

===============================================================================

===============================================================================

Attempting to convert the distribution group Migrate without ignoring invalid managers or invalid members.  The managed by attribute was set through Active Directory Users and Computers and a non-mail enabled object was selected.  IgnoreInvalidManagedByMember is set to $FALSE – therefore the script ends because managed by cannot be established.  The managedBy recipient would need to be removed or ignoreInvalidManagedByMember set to $TRUE.

PS C:Scripts> .ConvertDL.ps1 -dlToConvert Migrate -ignoreInvalidDLMember:$TRUE -ignoreInvalidManagedByMember:$FALSE



     Directory: C:Scripts




Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/19/2018   2:35 PM              0 DLConversion.log
***************************************************************************************************
Started processing at [09/19/2018 14:35:02].
***************************************************************************************************



Running script version [1.0].



***************************************************************************************************



This function imports the on premises secured credentials file....
The on premises credentials file was imported successfully.



This function imports the Office 365 secured credentials file....
The Office 365 credentials file was imported successfully.



This function creates the powershell session to on premises Exchange....
The powershell session to on premises Exchange was created successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function creates the powershell session to AAD Connect....
The powershell session to AAD Connect was created successfully.



This function imports the powershell session to on premises Exchange....
WARNING: The names of some imported commands from the module 'tmp_u2zod0xm.0jy' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_u2zod0xm.0jy
Path              : C:Usersadmin.domainAppDataLocalTemptmp_u2zod0xm.0jytmp_u2zod0xm.0jy.psm1
Description       : Implicit remoting for https://webmail.domain.com/powershell

Guid              : 2a209690-a2fd-4d0e-89e9-e52df5c5573e
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_u2zod0xm.0jy
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-ADPermission, Add-ADPermission], [Add-AvailabilityAddressSpace,
                     Add-AvailabilityAddressSpace], [Add-ContentFilterPhrase, Add-ContentFilterPhrase],
                     [Add-DatabaseAvailabilityGroupServer, Add-DatabaseAvailabilityGroupServer]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to on premises Exchange was imported successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_i53fb2xz.uuu' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_i53fb2xz.uuu
Path              : C:Usersadmin.domainAppDataLocalTemptmp_i53fb2xz.uuutmp_i53fb2xz.uuu.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 20a82db7-7a4b-4034-95bc-6934f15f4c7b
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_i53fb2xz.uuu
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



This function collects the on premises distribution list configuration....
The on premises distribution list information was collected successfully.



This function collects the Office 365 distribution list configuration....
The Office 365 distribution list information was collected successfully.



This function validates a cloud DLs saftey to migrate....
The DL is safe to proeced for conversion - source of authority is on-premises.



This function writes the on prmeises distribution list configuration to XML....
The on premises distribution list information was written to XML successfully.



This function writes the Office 365 distribution list configuration to XML....
The Office 365 distribution list information was written to XML successfully.



This function collections the on premises DL membership....
The DL membership was collected successfully.



This function writes the on prmeises distribution list membership configuration to XML....
The on premises distribution list membership information was written to XML successfully.



This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



Begin processing a DL membership array.
This function builds an array of DL members or multivalued attributes....
Processing mail enabled DL member:
Journal Mailbox
Processing mail enabled DL member:
Brian Murphy
Processing mail enabled DL member:
Timothy McMichael
Processing mail enabled DL member:
Migrate1
Processing non-mailenabled DL member:
Team Manager
Processing mail enabled DL member:
Dynamic
The following object was intentionally skipped - object type not replicated to Exchange Online
Test Contact
The following SMTP address was added to the array:
journal@domain.org
The following SMTP address was added to the array:
brian@domain.com
The following SMTP address was added to the array:
tmcmichael@domain.org
The following SMTP address was added to the array:
Migrate1@domain.org
The following SMTP address was added to the array:
teammanager@domain.org
The following SMTP address was added to the array:
Dynamic@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_l1gyiiem.qhr' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.



Name              : tmp_l1gyiiem.qhr
Path              : C:Usersadmin.domainAppDataLocalTemptmp_l1gyiiem.qhrtmp_l1gyiiem.qhr.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : ffbd7762-080a-48fa-88c0-d7cf5089d656
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_l1gyiiem.qhr
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace],
                     [Add-o365DistributionGroupMember, Add-o365DistributionGroupMember],
                     [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission], [Add-o365MailboxLocation,
                     Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
journal@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
brian@domain.com
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
tmcmichael@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate1@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate1@domain.org
False
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
teammanager@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Dynamic@domain.org
The recipients were found in Office 365.



Begin processing a ManagedBy array.
This function builds an array of DL members or multivalued attributes....
ERROR: domain.local/Users/Test Manager
ERROR: A non-mail enabled or Office 365 object was found in ManagedBy.
ERROR: Script invoked without skipping invalid DL Member.
ERROR: The object must be removed or mail enabled.
ERROR: EXITING.
This function cleans up all powershell sessions....
All powershell sessions have been cleaned up successfully.




***************************************************************************************************
Finished processing at [09/19/2018 14:35:45].
***************************************************************************************************

===============================================================================

===============================================================================

Attempting to convert the distribution group Migrate without ignoring invalid managers or invalid members.  The invoke includes both ignore values – allowing us to skip

PS C:Scripts> .ConvertDL.ps1 -dlToConvert Migrate -ignoreInvalidDLMember:$TRUE -ignoreInvalidManagedByMember:$TRUE



     Directory: C:Scripts




Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/19/2018   2:54 PM              0 DLConversion.log
***************************************************************************************************
Started processing at [09/19/2018 14:54:59].
***************************************************************************************************



Running script version [1.0].



***************************************************************************************************



This function imports the on premises secured credentials file....
The on premises credentials file was imported successfully.



This function imports the Office 365 secured credentials file....
The Office 365 credentials file was imported successfully.



This function creates the powershell session to on premises Exchange....
The powershell session to on premises Exchange was created successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function creates the powershell session to AAD Connect....
The powershell session to AAD Connect was created successfully.



This function imports the powershell session to on premises Exchange....
WARNING: The names of some imported commands from the module 'tmp_nkc0cq2u.nri' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_nkc0cq2u.nri
Path              : C:Usersadmin.domainAppDataLocalTemptmp_nkc0cq2u.nritmp_nkc0cq2u.nri.psm1
Description       : Implicit remoting for https://webmail.domain.com/powershell

Guid              : 63c5f70a-44fa-47ed-95ef-749afa5a5d44
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_nkc0cq2u.nri
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-ADPermission, Add-ADPermission], [Add-AvailabilityAddressSpace, Add-AvailabilityAddressSpace],
                     [Add-ContentFilterPhrase, Add-ContentFilterPhrase], [Add-DatabaseAvailabilityGroupServer,
                     Add-DatabaseAvailabilityGroupServer]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to on premises Exchange was imported successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_qxckji5q.2cy' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_qxckji5q.2cy
Path              : C:Usersadmin.domainAppDataLocalTemptmp_qxckji5q.2cytmp_qxckji5q.2cy.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 4428cefd-6fa1-4ed9-9e49-baae4c962b8d
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_qxckji5q.2cy
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



This function collects the on premises distribution list configuration....
The on premises distribution list information was collected successfully.



This function collects the Office 365 distribution list configuration....
The Office 365 distribution list information was collected successfully.



This function validates a cloud DLs saftey to migrate....
The DL is safe to proeced for conversion - source of authority is on-premises.



This function writes the on prmeises distribution list configuration to XML....
The on premises distribution list information was written to XML successfully.



This function writes the Office 365 distribution list configuration to XML....
The Office 365 distribution list information was written to XML successfully.



This function collections the on premises DL membership....
The DL membership was collected successfully.



This function writes the on prmeises distribution list membership configuration to XML....
The on premises distribution list membership information was written to XML successfully.



This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



Begin processing a DL membership array.
This function builds an array of DL members or multivalued attributes....
Processing mail enabled DL member:
Journal Mailbox
Processing mail enabled DL member:
Brian Murphy
Processing mail enabled DL member:
Timothy McMichael
Processing mail enabled DL member:
Migrate1
Processing non-mailenabled DL member:
Team Manager
Processing mail enabled DL member:
Dynamic

The following object was intentionally skipped - object type not replicated to Exchange Online
Test Contact
The following SMTP address was added to the array:
journal@domain.org
The following SMTP address was added to the array:
brian@domain.com
The following SMTP address was added to the array:
tmcmichael@domain.org
The following SMTP address was added to the array:
Migrate1@domain.org
The following SMTP address was added to the array:
teammanager@domain.org
The following SMTP address was added to the array:
Dynamic@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_1qvzwqrs.bux' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_1qvzwqrs.bux
Path              : C:Usersadmin.domainAppDataLocalTemptmp_1qvzwqrs.buxtmp_1qvzwqrs.bux.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 87c6283a-a172-48b8-b31c-d5b966941fd5
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_1qvzwqrs.bux
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
journal@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
brian@domain.com
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
tmcmichael@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate1@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate1@domain.org
False
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
teammanager@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Dynamic@domain.org
The recipients were found in Office 365.



Begin processing a ManagedBy array.
This function builds an array of DL members or multivalued attributes....

The following object was intentionally skipped - object type not replicated to Exchange Online
domain.local/Users/Test Manager
Processing Managed By member:
The following SMTP address was added to the array:
bmoran@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_swg5mjit.e3j' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_swg5mjit.e3j
Path              : C:Usersadmin.domainAppDataLocalTemptmp_swg5mjit.e3jtmp_swg5mjit.e3j.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : e769a4d9-fe17-4170-8634-ae2cecc1654c
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_swg5mjit.e3j
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
bmoran@domain.org
The recipients were found in Office 365.



Begin processing a ModeratedBy array.
This function builds an array of DL members or multivalued attributes....
Processing ModeratedBy, GrantSendOnBehalfTo, AcceptMessagesOnlyFromSendersorMembers, RejectMessagesFromSendersOrMembers, or BypassModerationFromSendersOrMembers member:
The following SMTP address was added to the array:
tmcmichael@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_qt1dzaih.egn' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_qt1dzaih.egn
Path              : C:Usersadmin.domainAppDataLocalTemptmp_qt1dzaih.egntmp_qt1dzaih.egn.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 086dd663-c6d8-45b9-9836-7745e03dd255
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_qt1dzaih.egn
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
tmcmichael@domain.org
The recipients were found in Office 365.



Begin processing a GrantSendOnBehalfTo array
This function builds an array of DL members or multivalued attributes....
Processing ModeratedBy, GrantSendOnBehalfTo, AcceptMessagesOnlyFromSendersorMembers, RejectMessagesFromSendersOrMembers, or BypassModerationFromSendersOrMembers member:
The following SMTP address was added to the array:
tmcmichael@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_asuxfjkc.4lz' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_asuxfjkc.4lz
Path              : C:Usersadmin.domainAppDataLocalTemptmp_asuxfjkc.4lztmp_asuxfjkc.4lz.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 53da7cd1-71c7-4510-aec5-d495c8c08987
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_asuxfjkc.4lz
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
tmcmichael@domain.org
The recipients were found in Office 365.



Begin processing a AcceptMessagesOnlyFromSendersOrMembers array
This function builds an array of DL members or multivalued attributes....
Processing ModeratedBy, GrantSendOnBehalfTo, AcceptMessagesOnlyFromSendersorMembers, RejectMessagesFromSendersOrMembers, or BypassModerationFromSendersOrMembers member:
Processing ModeratedBy, GrantSendOnBehalfTo, AcceptMessagesOnlyFromSendersorMembers, RejectMessagesFromSendersOrMembers, or BypassModerationFromSendersOrMembers member:
The following SMTP address was added to the array:
bmoran@domain.org
The following SMTP address was added to the array:
Migrate1@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_v3xtlz25.hej' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_v3xtlz25.hej
Path              : C:Usersadmin.domainAppDataLocalTemptmp_v3xtlz25.hejtmp_v3xtlz25.hej.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 019f80be-f9d7-4082-bf5b-955c059d170d
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_v3xtlz25.hej
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
bmoran@domain.org
The recipients were found in Office 365.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate1@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate1@domain.org
False
The recipients were found in Office 365.



Begin processing RejectMessagesFromSendersOrMembers array
This function builds an array of DL members or multivalued attributes....
Processing ModeratedBy, GrantSendOnBehalfTo, AcceptMessagesOnlyFromSendersorMembers, RejectMessagesFromSendersOrMembers, or BypassModerationFromSendersOrMembers member:
The following SMTP address was added to the array:
Migrate2@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_zmxben01.bs4' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_zmxben01.bs4
Path              : C:Usersadmin.domainAppDataLocalTemptmp_zmxben01.bs4tmp_zmxben01.bs4.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : f13bceb8-a02e-4242-aef7-b63f0adb27d6
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_zmxben01.bs4
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate2@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate2@domain.org
False
The recipients were found in Office 365.



Begin processing BypassModerationFromSendersOrMembers array
This function builds an array of DL members or multivalued attributes....
Processing ModeratedBy, GrantSendOnBehalfTo, AcceptMessagesOnlyFromSendersorMembers, RejectMessagesFromSendersOrMembers, or BypassModerationFromSendersOrMembers member:
The following SMTP address was added to the array:
Migrate1@domain.org



The array was built successfully.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_kqtp23ls.xwx' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_kqtp23ls.xwx
Path              : C:Usersadmin.domainAppDataLocalTemptmp_kqtp23ls.xwxtmp_kqtp23ls.xwx.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 31e5aaad-348d-4513-bc4c-01e4cdfb5bc9
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_kqtp23ls.xwx
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function validates that all objects in the passed array exist in Office 365....
Testing user in Office 365...
Migrate1@domain.org
The recipients were found in Office 365.



This function tests to see if any sub groups or groups assigned permissions have been migrated....
Now testing group...
Migrate1@domain.org
False
The recipients were found in Office 365.



This function moves group to the non-sync OU
The group has been moved successfully.



Gets active directory domain controllers...
Succesfully obtained domain controllers.



Gets active directory domain...
Succesfully obtained domain.



Replicates the specified domain controller...
Syncing partition: DC=domain,DC=local
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.



Successfully replicated the domain controller.



Replicates the specified domain controller...
Syncing partition: DC=domain,DC=local
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.



Successfully replicated the domain controller.



Replicates the specified domain controller...
Syncing partition: DC=domain,DC=local
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.



Successfully replicated the domain controller.



Invoking AADConnect Delta Sync Remotely
This function triggers the ad connect process to sync changes...



PSComputerName : azure-adconnect.domain.local
RunspaceId     : 764c99c8-6e48-415a-b319-9847cce42922
Result         : Success



The AD Connect instance has been successfully initiated.



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_ffoelvjn.lws' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_ffoelvjn.lws
Path              : C:Usersadmin.domainAppDataLocalTemptmp_ffoelvjn.lwstmp_ffoelvjn.lws.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 001ce520-4538-4f59-a5d4-710d8097b338
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_ffoelvjn.lws
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



Wating for original DL deletion from Office 365
Wating for original DL deletion from Office 365
Wating for original DL deletion from Office 365
The operation couldn't be performed because object 'Migrate@domain.org' couldn't be found on
'CO1PR06A002DC03.NAMPR06A002.prod.outlook.com'.
     + CategoryInfo          : NotSpecified: (:) [Get-Recipient], ManagementObjectNotFoundException
     + FullyQualifiedErrorId : [Server=DM6PR06MB4026,RequestId=1f8fe3eb-6b61-4564-be56-c8af5d303a3a,TimeStamp=9/19/2018 3:00:02 PM] [Fail
    ureCategory=Cmdlet-ManagementObjectNotFoundException] 24B7AD96,Microsoft.Exchange.Management.RecipientTasks.GetRecipient
     + PSComputerName        : outlook.office365.com



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_3hao5uao.he4' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_3hao5uao.he4
Path              : C:Usersadmin.domainAppDataLocalTemptmp_3hao5uao.he4tmp_3hao5uao.he4.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : f93cff62-1cce-4d83-bce9-991c54b5127e
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_3hao5uao.he4
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function creates the cloud DL with the minimum settings...
Universal
New! Office 365 Groups are the next generation of distribution lists.
Groups give teams shared tools for collaborating using email, files, a calendar, and more.
You can start right away using the New-UnifiedGroup cmdlet.



RunspaceId                             : 8ca722dd-6bea-470d-9fc9-36dc4c73148c
GroupType                              : Universal
SamAccountName                         : Migrate574691357943970
BypassNestedModerationEnabled          : False
IsDirSynced                            : False
ManagedBy                              : {domainAdmin}
MemberJoinRestriction                  : Closed
MemberDepartRestriction                : Open
MigrationToUnifiedGroupInProgress      : False
ExpansionServer                        :
ReportToManagerEnabled                 : False
ReportToOriginatorEnabled              : True
SendOofMessageToOriginatorEnabled      : False
AcceptMessagesOnlyFrom                 : {}
AcceptMessagesOnlyFromDLMembers        : {}
AcceptMessagesOnlyFromSendersOrMembers : {}
AddressListMembership                  : {Default Global Address List, All Recipients(VLV), Groups(VLV), All Groups(VLV)...}
AdministrativeUnits                    : {}
Alias                                  : Migrate
ArbitrationMailbox                     : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}
BypassModerationFromSendersOrMembers   : {}
OrganizationalUnit                     : nampr06a002.prod.outlook.com/Microsoft Exchange Hosted
                                          Organizations/domainSquad.onmicrosoft.com
CustomAttribute1                       :
CustomAttribute10                      :
CustomAttribute11                      :
CustomAttribute12                      :
CustomAttribute13                      :
CustomAttribute14                      :
CustomAttribute15                      :
CustomAttribute2                       :
CustomAttribute3                       :
CustomAttribute4                       :
CustomAttribute5                       :
CustomAttribute6                       :
CustomAttribute7                       :
CustomAttribute8                       :
CustomAttribute9                       :
ExtensionCustomAttribute1              : {}
ExtensionCustomAttribute2              : {}
ExtensionCustomAttribute3              : {}
ExtensionCustomAttribute4              : {}
ExtensionCustomAttribute5              : {}
DisplayName                            : Migrate
EmailAddresses                         : {SMTP:Migrate@domain.org}
GrantSendOnBehalfTo                    : {}
ExternalDirectoryObjectId              : d10bc5bd-01dc-4708-a98a-a9c2294149d6
HiddenFromAddressListsEnabled          : False
LastExchangeChangedTime                :
LegacyExchangeDN                       : /o=ExchangeLabs/ou=Exchange Administrative Group
                                          (FYDIBOHF23SPDLT)/cn=Recipients/cn=002d4cd657784b01bccf8b85e5c35519-Migrate
MaxSendSize                            : Unlimited
MaxReceiveSize                         : Unlimited
ModeratedBy                            : {}
ModerationEnabled                      : False
PoliciesIncluded                       : {}
PoliciesExcluded                       : {{26491cfc-9e50-4857-861b-0cb8df22b5d7}}
EmailAddressPolicyEnabled              : False
PrimarySmtpAddress                     : Migrate@domain.org
RecipientType                          : MailUniversalDistributionGroup
RecipientTypeDetails                   : MailUniversalDistributionGroup
RejectMessagesFrom                     : {}
RejectMessagesFromDLMembers            : {}
RejectMessagesFromSendersOrMembers     : {}
RequireSenderAuthenticationEnabled     : True
SimpleDisplayName                      :
SendModerationNotifications            : Always
UMDtmfMap                              : {emailAddress:6447283, lastNameFirstName:6447283, firstNameLastName:6447283}
WindowsEmailAddress                    : Migrate@domain.org
MailTip                                :
MailTipTranslations                    : {}
Identity                               : Migrate
Id                                     : Migrate
IsValid                                : True
ExchangeVersion                        : 0.10 (14.0.100.0)
Name                                   : Migrate
DistinguishedName                      : CN=Migrate,OU=domainSquad.onmicrosoft.com,OU=Microsoft Exchange Hosted
                                          Organizations,DC=NAMPR06A002,DC=prod,DC=outlook,DC=com
ObjectCategory                         : NAMPR06A002.prod.outlook.com/Configuration/Schema/Group
ObjectClass                            : {top, group}
WhenChanged                            : 9/19/2018 3:00:16 PM
WhenCreated                            : 9/19/2018 3:00:16 PM
WhenChangedUTC                         : 9/19/2018 3:00:16 PM
WhenCreatedUTC                         : 9/19/2018 3:00:16 PM
OrganizationId                         : NAMPR06A002.prod.outlook.com/Microsoft Exchange Hosted
                                          Organizations/domainSquad.onmicrosoft.com - NAMPR06A002.prod.outlook.com/ConfigurationUn
                                          its/domainSquad.onmicrosoft.com/Configuration
Guid                                   : b735426e-9551-4441-a710-803946ea176c
OriginatingServer                      : CO1PR06A002DC02.NAMPR06A002.prod.outlook.com
ObjectState                            : Unchanged



Distribution list created successfully in Exchange Online / Office 365.



This function updates the cloud DL settings to match on premise...
This does not update the multivalued attributes...
Distribution group properties updated successfully.



Processing DL Membership member to Office 365...
journal@domain.org
This function sets the multi-valued attributes
DLMembership
The mutilvalued attribute was updated successfully.
DLMembership



Processing DL Membership member to Office 365...
brian@domain.com
This function sets the multi-valued attributes
DLMembership
The mutilvalued attribute was updated successfully.
DLMembership



Processing DL Membership member to Office 365...
tmcmichael@domain.org
This function sets the multi-valued attributes
DLMembership
The mutilvalued attribute was updated successfully.
DLMembership



Processing DL Membership member to Office 365...
Migrate1@domain.org
This function sets the multi-valued attributes
DLMembership
The mutilvalued attribute was updated successfully.
DLMembership



Processing DL Membership member to Office 365...
teammanager@domain.org
This function sets the multi-valued attributes
DLMembership
The mutilvalued attribute was updated successfully.
DLMembership



Processing DL Membership member to Office 365...
Dynamic@domain.org
This function sets the multi-valued attributes
DLMembership
The mutilvalued attribute was updated successfully.
DLMembership



Processing Bypass Managed By member to Office 365...
bmoran@domain.org
This function sets the multi-valued attributes
ManagedBy
The mutilvalued attribute was updated successfully.
ManagedBy



Processing Moderated By member to Office 365...
tmcmichael@domain.org
This function sets the multi-valued attributes
ModeratedBy
The mutilvalued attribute was updated successfully.
ModeratedBy



Processing Grant Send On Behalf To Array member to Office 365...
tmcmichael@domain.org
This function sets the multi-valued attributes
GrantSendOnBehalfTo
The mutilvalued attribute was updated successfully.
GrantSendOnBehalfTo



Processing Accept Messages Only From Senders Or Members member to Office 365...
bmoran@domain.org
This function sets the multi-valued attributes
AcceptMessagesOnlyFromSendersOrMembers
The mutilvalued attribute was updated successfully.
AcceptMessagesOnlyFromSendersOrMembers



Processing Accept Messages Only From Senders Or Members member to Office 365...
Migrate1@domain.org
This function sets the multi-valued attributes
AcceptMessagesOnlyFromSendersOrMembers
The mutilvalued attribute was updated successfully.
AcceptMessagesOnlyFromSendersOrMembers



Processing Reject Messages From Senders Or Members member to Office 365...
Migrate2@domain.org
This function sets the multi-valued attributes
RejectMessagesFromSendersOrMembers
The mutilvalued attribute was updated successfully.
RejectMessagesFromSendersOrMembers



Processing Bypass Moderation From Senders Or Members member to Office 365...
Migrate1@domain.org
This function sets the multi-valued attributes
BypassModerationFromSendersOrMembers
The mutilvalued attribute was updated successfully.
BypassModerationFromSendersOrMembers



This function resets the Office 365 powershell sessions....
This function removes the Office 365 powershell sessions....
All powershell sessions have been cleaned up successfully.



This function creates the powershell session to Office 365....
The powershell session to Office 365 was created successfully.



This function imports the powershell session to Office 365....
WARNING: The names of some imported commands from the module 'tmp_w0eyp2oc.n3o' include unapproved verbs that might make them less
discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of
approved verbs, type Get-Verb.



Name              : tmp_w0eyp2oc.n3o
Path              : C:Usersadmin.domainAppDataLocalTemptmp_w0eyp2oc.n3otmp_w0eyp2oc.n3o.psm1
Description       : Implicit remoting for https://outlook.office365.com/powershell-liveID/

Guid              : 1d8d7722-910f-43e6-ad74-8a8bb4e0a2e8
Version           : 1.0
ModuleBase        : C:Usersadmin.domainAppDataLocalTemptmp_w0eyp2oc.n3o
ModuleType        : Script
PrivateData       : {ImplicitRemoting}
AccessMode        : ReadWrite
ExportedAliases   : {}
ExportedCmdlets   : {}
ExportedFunctions : {[Add-o365AvailabilityAddressSpace, Add-o365AvailabilityAddressSpace], [Add-o365DistributionGroupMember,
                     Add-o365DistributionGroupMember], [Add-o365MailboxFolderPermission, Add-o365MailboxFolderPermission],
                     [Add-o365MailboxLocation, Add-o365MailboxLocation]...}
ExportedVariables : {}
NestedModules     : {}



The powershell session to Office 365 was imported successfully.



All Office 365 powershell sessions have been refreshed.



This function collects the new office 365 distribution list configuration....
The on premises distribution list information was collected successfully.



This function collects the new office 365 distribution list member configuration....
The on premises distribution list information was collected successfully.



This function writes the new Office 365 distribution list configuration to XML....
The on premises distribution list information was written to XML successfully.



This function writes the new Office 365 distribution list membership configuration to XML....
The on premises distribution list information was written to XML successfully.



This function cleans up all powershell sessions....
All powershell sessions have been cleaned up successfully.

===============================================================================

Support Tip: Where to Schedule iOS Policies

September 19, 2018, 12:05 pm
$
0
0

The “Update policies for iOS” blade in Intune allows admins to force supervised iOS devices to automatically install the latest OS update, as outlined in our documentation here: Configure iOS update policies in Intune.

One of the settings- “Delay visibility of software updates”- allows admins to defer software update visibility to end user supervised iOS devices. We’re seeing an interpretation of this setting, where admins use it with the intent of blocking users from receiving updates on their iOS device. However, the original intent of the “Update policies for iOS” blade, which is to force updates, overrides this and an update is pushed to the device from the Intune service while not being visible to the end user.

For example, an admin goes to Software Updates > Update policies for iOS and creates a policy for iOS 12. “Delay visibility of software update (days)” is set to the default 30 days and they configure other settings as shown in the screenshot below, thinking that iOS 12 will not be pushed to devices for 30 days. However, due to the way these settings are configured, as soon as this policy is targeted to devices, the iOS 12 update will immediately be pushed out to those devices with the exception of Sunday, 10am -6pm in this case.

iOS update policy

 

Here are two scenarios you may come across and what you’d need to do in each case:

1. If you do not wish your end users to update to the latest version of iOS for a certain number of days, you should configure the “Days” setting to include all days of the week in addition to having your desired value in the “Delay visibility of software updates” field (see screenshot below).

iOS update policy2

2. If you wish to only delay visibility of updates to end users, do not create an update policy. Instead, upload a Custom Device Configuration with the following key-value pairs set:

<key>forceDelayedSoftwareUpdates</key>

<true />

<key>enforcedSoftwareUpdateDelay</key>

<integer>30</integer>

Let us know if you have any questions!

Search

Top 10 Networking Features in Windows Server 2019: #1 Container Networking with Kubernetes

September 19, 2018, 4:24 pm
$
0
0 
Share On: Twitter

This blog is part of a series for the Top 10 Networking Features in Windows Server 2019!
-- Click HERE to see the other blogs in this series.  This concludes our 
Top 10 List. We hope to see you at Ignite next week!

Look for the Try it out sections then give us some feedback in the comments!

In today’s increasingly competitive and fast-paced technology market, enterprises are constantly discovering amazing new ways to innovate and evolve. One such area with expanding interest in recent years is application modernization using containers and container orchestration. The numbers speak for themselves -- a recent press release (06/18) by Allied Market Research concluded that:

The global application container market was valued at $698 million in 2016, and is projected to reach $8.2 billion by 2025.

As applications are lifted-and-shifted from VMs to containers, IT Pros and Dev Ops teams require the same network management agility of Software-Defined Datacenter (SDDC). Kubernetes, the de facto container orchestration tool, addresses this gap under the umbrella of a standardized & open-sourced framework.

In Kubernetes version 1.9 with Windows Server, version 1709 we first announced beta for Windows Server containers. Now, with Windows Server 2019, we greatly improved usability of Kubernetes on Windows by enhancing platform networking resiliency and support of container networking plugins.

Additionally, customers deploying workloads on Kubernetes demand network security to protect both Linux and Windows services using embedded tooling. The Windows Networking team has been working closely with Tigera, who is an industry-recognized leader in this space, and is pleased to announce upcoming availability of Tigera Calico for Windows. Both companies are working jointly with TAP customers to deploy Calico on Windows in POC environments, with current focus on network policy enforcement. Network management using dynamic routing (BGP) and IPAM is also on Tigera’s roadmap, with forthcoming Calico CNI support on Windows.

Kubernetes + Windows Server 2019

The Windows Networking team (together with the Kubernetes community) has done tremendous work on both the platform and open-source front to enable a smooth interoperability between Windows and other first-class citizens belonging to the Kubernetes project.

Windows Server 2019 supports all the Kubernetes networking building blocks (“primitives”), such that you’re able to deploy mixed-OS Kubernetes clusters in the environment of your choice. Whether you’re looking for maximum control in your own on-premises datacenter, or conveniently getting it all provisioned on Azure infrastructure – all the networking pieces are ready for composing your own cluster now.

Here is a timeline summarizing the groundbreaking achievements that enabled Windows to pursue its very own "Kubistential" awakening:

Figure 1: Kubernetes improvements since Windows Server 2016

The major headline from the graphic above, is that Kubernetes for Windows is projected to GA with Kubernetes 1.13, including official support on Windows Server 2019. Considering that Kubernetes is the most actively discussed GitHub project in the world today, this means you have a really compelling new force gravitating you towards Kubernetes on Windows: both open-source community and platform-level support from Microsoft enterprise.

Equally exciting to us, is that customers and users are also beginning to see these incremental improvements:

"My windows node successfully joined the cluster and I’m able to schedule a pod on it.  Definitely a victory." 

– Nikhil Shampur, ESRI.

"To me, it’s great to see that Kubernetes on Windows is now working so smoothly!" 

- Ulrich Rabenstein, SAP, Developer

Let's make things more concrete through the lens of a (simplified) deployment example to demonstrate how Kubernetes features (all supported on Windows Server 2019) address the needs of an enterprise.

Deploying Kubernetes on Windows Server 2019: A reference example

Consider a Windows-based, .NET application consisting of an ordering service, location service, and identity service. Here are some basic, yet plausible example needs:

  1. I can safeguard confidential data by defining network security policies to control access to my workloads.
  2. I need a highly available system that is always accessible (zero downtime).
  3. My applications can scale with demand during high-traffic periods (Cyber Monday for example).
  4. My Windows services can communicate with my Linux services, and vice-versa.

Figure 2: Monolithic application

In theory, we could take this application and simply run it in a container, with each of these services communicating via shared networking and compute resources. However, in pursuit of technical benefits such as high cohesion and low coupling (see microservices architecture), work could also be done to refactor the application, and split it up into more manageable components.

Figure 3: Microservices application

In doing so, it quickly becomes apparent that the most effective way to redesign the architecture and standardize this distributed system, is through a container orchestrator. Why? Well, Kubernetes already provides native features that satisfy these requirements, it enhances portability in case of future changes, and there is no need to reinvent the wheel. Here's the Kubernetes solution:

  1. I can safeguard confidential data by defining network security policies to control access to my workloads.
    • Solution: Use the network policy feature that gives you a granular way to restrict traffic and isolate containers running your workloads.
      • (See an example of this on Windows Server 2019 here).
  2. I need a highly available system that is always accessible (zero downtime).
    • Solution: Use the deployment feature for health monitoring + automatic replication of your containers in case of failure.
      • (See an example of this on Windows Server 2019 here).
  3. My applications can scale with demand during high-traffic periods (Cyber Monday for example).
    • Solution: Use the service feature together with deployments to define a set of load-balanced pods that can easily be scaled to handle incoming network traffic.
      • (See an example of this on Windows Server 2019 here).
    • *Tip*: Stay tuned for a more automated version of this solution called HPA (horizontal pod autoscaling), also coming soon with Windows GA.
  4. My Windows services can communicate with my Linux services, and vice-versa.
    • Solution: See connecting application services about Kubernetes service discovery that allows services on any OS to communicate with each other via IP or name.
      • (See an example of this on Windows Server 2019 here).

Figure 4: Containerized application on Kubernetes

Notice how most of these requirements are not really unique to our simplified example, but applicable to many other domains. Lower maintenance outages thanks to a fault-tolerant solution designed with failure in mind, or a more responsive, light-weight infrastructure are universal needs.

Here is also a video that we took to demonstrate the aforementioned features in action:

Try it out today!

Ready to get started?  Great, let's take a look at the different avenues to get started today!

Option 1: Do-it-yourself deployment (on-premise)

Description

Perhaps the most challenging option to deploy (albeit giving you most control), is to just develop and deploy Kubernetes yourself on your own datacenter. This has the advantage that it reduces reliance on third parties and keeps proprietary data on your own infrastructure. For this, Windows supports Flannel CNI (in host-gateway mode) for route management, as well as Calico CNI for network policy enforcement. For maximum networking control, you can also just program static routes yourself and leverage the “wincni” container networking plugin.

Requires
  • You have a computer or VM (requires virtualization and MAC spoofing) running Windows Server 2019.
  • You have a computer or VM running a Linux OS which supports Kubernetes (needed for master node).
Ready to give it a shot!? Download the latest Insider build and try it out:
Flannel, recommended for starting out!      Wincni + manual route mangement      Calico (beta) for network policy enforcement
In the future
  • Simplified & scalable network configuration thanks to network management and IPAM provided by Calico CNI!
  • Overlay networking on Flannel!
  • DNS support for multiple namespaces!

 

Option 2: Deploy a Kubernetes cluster on Azure (acs-engine)

Description

Acs-engine is an open-source project from Azure that enables you to generate ARM (Azure Resource Manager) templates describing the size, shape, configuration, and version of your Kubernetes cluster. It can then use your template to generate and provision a cluster attached to a private Azure virtual network (Azure vNet) matching your desired description. This solution utilizes Azure CNI which was specifically developed for integration with the Azure vNet.

Requires
Ready to give it a shot!? Download the latest Insider build and: Try it out!
In the future
  • AKS (Azure Kubernetes Service) with Windows Server containers!

What's Next?

In addition to the options outlined above, we’ve partnered with RedHat to bring Windows Server containers to the RedHat OpenShift Container Platform (currently under private developer preview). This enterprise-grade container platform tailors particularly well to convenience-oriented IT Pros that want to forego complex deployment procedures (who doesn’t?!) while managing mixed-OS workloads through a familiar single pane of glass. Here are the most recent announcements from primary sources:

Key Takeaways

We covered motivations behind Kubernetes, what it is, as well as how-to deploy it. We also gave an overview of both the platform and open-source improvements since Windows Server 2016. Finally, we gave a brief teaser on what’s coming next in the Kubernetes world from a Windows standpoint.

Even though Kubernetes on Windows will GA soon, the road doesn’t end there. The Windows networking team is dedicated to continue working together with the open-source community to bring more Kubernetes networking goodness and CNI support to Windows. If you are curious about some of the technical platform work that enabled Kubernetes to run on Windows Server 2019 today, I’ll point you to these blog posts that already offer excellent insight:

Right now, much of the groundbreaking work is happening on upstream open-source bits, where anyone can contribute! If you want to stay up to date on any announcements, or want to make your voice heard, please join the dedicated Windows Kubernetes community at the #sig-windows meetups!

Thanks for reading!

David Schott

StepUp Technical Security Webinar Series for Microsoft 365 Business

September 19, 2018, 4:48 pm
$
0
0

TimTetrickPhoto

Tim Tetrick

 

image

Hello Microsoft Partners!

Your customers have heard the scary statistics: 55% of small businesses have been hit by cyberattacks, 60% who are attacked go out of business, and 58% of users accidentally share sensitive information.1 But while they want to safeguard their business, customers may not know where to start. Some may not be aware of their risk.

I wanted to let you know about this upcoming StepUp four-part technical training on how to keep your customers’ data and business safe with Microsoft 365 Business.

 

Analyze customer risk with Secure Score

Use Secure Score to assess a customer’s risk level and uncover vulnerabilities. Then start a conversation about how Microsoft 365 Business can help keep them secure.

Register here. Thursday, October 11, 2018

 

Guard against online threats and keep data secure

Learn how Office 365 Advanced Threat Protection & Data Loss Prevention protects customers from unknown malware and viruses and safeguards against harmful links. Discover Microsoft 365 Business features that help customers protect sensitive information, prevent inadvertent disclosure and stay compliant with business standards and industry regulations.

Register here. Thursday, October 18, 2018

 

Leverage the newest capabilities to protect from security threats

Windows Defender Exploit Guard helps you manage and reduce the attack surface of apps used by your customers. See how it works! Also, learn how Device Management Policies can help protect users from themselves.

Register here. Thursday, October 25, 2018

 

Protect and classify sensitive documents

See how Azure Information Protection (AIP) can help your customers classify and optionally, protect sensitive documents and emails by applying labels and encryption.

Register here. Thursday, November 1, 2018

 

After you attend these StepUp webinars, take the information you learn and start a security conversation with customers. You can help protect them from cybersecurity nightmares. They’ll be so thankful you did.

 

1CYBER SECURITY STATISTICS – Numbers Small Businesses Need to Know, Jan. 3, 2017

Windows 10 と Office 365 ProPlus の組み合わせのモダン デスクトップへの移行を支援する施策の発表【9/20 更新】

September 19, 2018, 6:00 pm
$
0
0

モダン デスクトップへの移行を支援する施策の発表

 

今月の初めに、Windows および Office を中心としたモダンデスクトップへの移行に関する発表がありました。今回の主な発表内容は以下3点になります。

  1. Desktop Analyticsの発表
  2. Desktop Assureの発表
  3. Windows/Officeに関するサービシングとサポートのアップデート

Windows 10およびOffice 365 ProPlus が生産性、セキュリティなどの面でお客様に最高の体験を提供できる組み合わせであることに変わりありません。今回のアナウンスでは、お客様に安心して最新の環境への移行をいただけるようにより柔軟な選択肢を提供することが目的となります。

1. Desktop Analytics の発表

Windows Analyticsを拡張した新たなクラウドサービスDesktop Analyticsが発表されました。Desktop Analytics は1) 組織内で実行されているアプリの一覧表の作成2) Windows 10Office 365 ProPlusの最新の機能更新プログラムと既存アプリケーションの互換性評価3) すべてのアプリケーションとドライバーをカバーするパイロットグループを最小限のデバイスで構成するという3つの機能によって、アップグレードの際のリスクを低減するものです。

詳細は、今月下旬に開催されるIgniteにて発表される予定です。

 

2.Desktop App Assure の発表

Windows 10Office 365 ProPlus のアプリケーションの互換性に関する問題に対処するための新サービス「Desktop App Assure」も発表されました。

Windows Insider Program 参加者による検証によると、99%のアプリケーションに対して互換性が確認されており、Windows 7で動作するほとんどのアプリケーションが Windows 10 とその後の機能更新プログラムでも動作します。もし、Windows 10 または Office 365 ProPlus を更新した後で互換性の問題が生じた場合は、FastTrack を通じてお知らせいただければ、マイクロソフトのエンジニアが問題解決までフォローいたします。

Desktop App Assureは、Windows 10 Enterprise、Windows 10 Education, Office 365 ProPlusのすべてのお客様に追加コストなしで提供されます。10月1日より北米でプレビュー開始、来年2月1日より全世界での提供開始予定です(日本でのリリースについては追ってアナウンスをさせていただきます)。こちらについても詳細はIgniteでの発表となります。

 

3.Windows/Officeに関するサービシングとサポートのアップデート

お客様にWindows 10およびOffice 365 ProPlusのへの移行をよりスムーズに進めていただくために、サービシングやサポートについてアップデートが発表されています。

 

  • Windows 10 SACのEnterpriseおよびEducation Edition のサービシングに関する変更
    • 現在サポートされている全てのWindows 10 EnterpriseおよびEducation Edition (1607, 1703, 1709, 1803)へのサポート期間はリリース日から30か月間
    • 今後、秋にリリースされる全てのWindows 10 EnterpriseおよびEducation Edition(1809以降)については、リリース日から30か月間のサポートを提供
    • 今後、春にリリースされる全てのWindows 10 EnterpriseおよびEducation Edition(1903以降)については、引き続きリリース日から18か月間のサポートを提供
    • Windows 10 Home, Windows 10 Pro, Office 365 ProPlusについては、引き続き18か月間のサポートを提供

 

製品 春リリース 秋リリース
Windows 10 Enterprise 18 か月 30 か月

(これまでは18 か月)
Windows 10 Education
Windows 10 Pro 18 か月
Windows 10 Home
Office 365 ProPlus

 

  • Windows 7の延長セキュリティ更新プログラム
    • Windows 7の延長サポートは2020年1月14日に終了しますが、今後有償のWindows 7延長セキュリティ更新プログラム(ESU20231まで提供します。
    • Windows 7 ESUはデバイス単位のライセンスでの販売となり1年ごとに価格が上昇します。
    • Windows 7 ESUはWindows 7 ProおよびWindows 7 Enterpriseのボリュームライセンスのすべてのお客様にご利用いただけます。ソフトウェアアシュアランス、Windows 10 EnterpriseまたはWindows 10 Educationの契約をお持ちのお客様にはディスカウントが適用されます。
    • 有効なWindows 7 ESUが適用されているデバイス上のOffice 365 ProPlusは2023年1月までサポートされます。

 

  • Windows 8.1およびWindows Server 2016上でのOffice 365 ProPlusへのサポート期間の見直し
    • オペレーティング システムの移行に伴って Office 365 ProPlus を既にお使いのお客様をサポートするため、Office 365 ProPlus に関する Windows のシステム要件を見直し、2 月に発表した内容の一部を変更します。
      • Office 365 ProPlusは、Windows 8.1 のサポートが終了する20231 まで、引き続き Windows 8.1 でサポートされます。
      • Office 365 ProPlus は、引き続き 202510まで Windows Server 2016 でサポートされます。

 

  • Office 2016からOffice 365サービスへの接続サポートの延長
    • 2020年10月13日よりOffice 365サービスに接続するにはメインストリームサポート期間中のOffice 365 ProPlusまたはOffice 2019クライアントが必要とされていました。
    • この方針を変更し、202310まで引き続きOffice 2016からOffice 365サービスへの接続をサポートします。

 

詳細情報

 

 

[セキュリティ基本対策 5 か条] 第 2 条 アクション センターで PC のセキュリティやメンテナンス状況に問題がないかを確認する

September 19, 2018, 7:31 pm
$
0
0

注: この内容は一般の方を対象とした記述にしています。

今日はセキュリティ基本対策 5 か条の第 2 条「アクション センターで PC のセキュリティやメンテナンス状況に問題がないかを確認する」についてご紹介します。

第 1 条  最新の状態で利用する
第 2 条  アクションセンターで PC のセキュリティやメンテナンス状況に問題がないかを確認する
第 3 条  アカウントやパスワードを管理する [Coming soon]
第 4 条  暗号化を行う [Coming soon]
第 5 条  バックアップの取得を設定する [Coming soon]

ビデオでもご確認確認いただけます

セキュリティ基本対策5か条 - 2. アクションセンターを確認する [YouTube]

 

アクションセンターとは?

アクション センターとは、PC のセキュリティや、メンテナンス状況を自動的に確認し、問題がある場合は、お知らせしてくれる機能です。たとえばこんな場合に通知が行われます。

  • マルウェア対策ソフトが最新の状態になっていない場合
  • Windows にセキュリティ更新プログラムが適用されておらず、最新の状態ではない場合
  • 自動バックアップが指定の日時に実行されなかった場合

 

基本のセキュリティ対策の確認方法

ファイアウォール、ウイルス対策、Windows SmartScreen など基本のセキュリティ対策がきちんと有効または OK になっているかを確認してください。

Windows 10 で確認するには、検索ボックスに「セキュリティとメンテナンス」と入力して [セキュリティとメンテナンス] を起動します。

Windows 10 のセキュリティとメンテナンス画面

(Windows 10 のセキュリティとメンテナンス画面)

 

Windows 7Windows 8.1 では Windows キーと A キーを同時に押下して [アクション センター] を起動します。

Windows 7/8.1 のアクション センター画面

(Windows 7/8.1 のアクション センター画面)

 

アクション センターで警告が表示されたら

アクション センターに警告が表示されている場合は、すぐにメッセージを確認し適切な対応を開始してください。

  1. 対応が必要な項目がある場合は、バルーンなどでメッセージが表示されます。

    Windows 7、8.1 の吹き出し

    (Windows 7、8.1 の吹き出し)

    Windows 10 の吹き出し

    (Windows 10 の吹き出し)

  2. Windows 7、8.1 では、吹き出しをクリックすると、アクションが必要な内容についてメッセージが表示されます。メッセージか、[アクション センターを開く] をクリックします。

    Windows 7、8.1 の吹き出し

    (Windows 7、8.1)

    Windows 10 では、吹き出しをクリックすると [Windows Defender セキュリティ センター] が起動します。

  3. [アクション センター] または [Windows Defender セキュリティ センター] で、対応が必要な項目が表示されます。
    • Ÿ赤の項目: 早急な対応が必要です。すぐに、表示されている内容を確認し、指示に従います。(例: マルウェア対策ソフトが最新ではなく、ウイルス感染の危険がある)
    • 黄の項目:早急に対応をする必要は必ずしもありませんが、デバイスが脆弱な状態になる可能性があるため設定することを推奨しています。(例:バックアップを取得して問題時に備える。SmartScreen の設定を有効にして悪意のあるサイトやダウンロードからデバイスを保護するために役立てる。)

    Windows 7、8.1 のアクション センターに対応が必要な項目が表示されている状態

    (Windows 7、8.1 のアクション センターに対応が必要な項目が表示されている状態)

    Windows 10 の Windows Defender セキュリティ センターに対応が必要な項目が表示されている状態

    (Windows 10 の Windows Defender セキュリティ センターに対応が必要な項目が表示されている状態)

【お客様事例】スポーツ観戦の楽しみを大きく拡張させる映像配信サービスをAzure 活用で株式会社EVCが実現【9/20更新】

September 19, 2018, 9:45 pm
$
0
0

プロ野球のパシフィック・リーグ加盟 6 球団により設立された合弁企業であるパシフィックリーグマーケティング株式会社の使命は、「プロ野球の新しいファンを増やすこと」。
この使命を果たすために、同社では 2012 年から、PC だけでなく、独自の有料動画配信サービス「パ・リーグTV」を運用してきました。そして 2018 年3 月 30 日のシーズン開幕を前にして、「パ・リーグTV」のシステム、サービスを刷新。さらに、「パ・リーグ.com」という新たな情報プラットフォームとなるアプリケーションも併せてリリースするなど、いつでも、どこでも、プロ野球をより深く楽しむことができる環境を、EVCのコンサルティングのもと、システムを刷新し一気に整えました。

 

 

新機能「マルチアングル」や美しくなった「3 画面同時視聴」などで、野球観戦の楽しみを拡張

パシフィックリーグマーケティング株式会社 (以下、パシフィックリーグマーケティング) が提供している「パ・リーグTV」は、2018 3 月の開幕に合わせて機能を大幅に拡充。1 つのプレーを複数のカメラ映像で確認できる「マルチアングル」機能が新たに追加されているほか、2012 年のサービス開始当初から続く人気機能「3画面同時視聴」の画質が大幅に向上させるなど、大きく進化しています。

 

これらはすべて「パシフィックリーグマーケティングだからこそ実現できるサービス」だと、マーケティング室 室長 CMO 荒井 勇気 氏は話します。

「たとえばマルチアングル機能は、各球場内に設置されている複数のカメラを使っています。これは、6 球団の共同出資企業である当社だからこそ活用できる資産です。仮に “選手のフォームやクセなどを相手球団に研究されやすくなってしまう” と、ファンの方が心配されたとしても、6 球団横並びで提供しているサービスですから、一切の不公平はありません。純粋に選手たちのプレーを楽しんでいただきたいと思います。」

 

そしてもう 1 つ、大きなポイントとなるのが、スマートフォン用のアプリケーション「パ・リーグ.com」のリリースです。

今まで、試合映像は「パ・リーグTV」に、各球団および選手の詳細を追ったテキスト情報は「パ・リーグ インサイト」という Web サイトに分かれて掲載されていました。こうして分散されていた情報を、「パ・リーグ.com」に集約。スマートフォンから、簡単にパ・リーグのすべてを楽しむことができるように整えられたのです。

 

「パ・リーグTV」のこうした変化を支えているのが、株式会社EVC (以下、EVC) が独自に開発し、「パ・リーグTV」のサービス開始当初から採用されている動画管理サービス「Bizlat(機能拡張版)であり 、EVC のコンサルティングの下、映像配信プラットフォームとして活用しているマイクロソフトのパブリック クラウド サービス「Microsoft Azure」です。

Azure には、「Azure Media Services」や「Azure Content Delivery Network (以下、Azure CDN)」など、映像のライブ ストリーミングや VOD (Video On Demand) サービスに適した機能が揃っており、非常に簡単な操作で動画を管理できる Bizlat と組み合わせることで、非常に効率的で利便性の高い映像配信環境を整えることができるようになっています。

 

アマチュア スポーツにも活用しやすい、簡便で効率的な動画配信システムを実現

パシフィックリーグマーケティングが、Bizlat (機能拡張版) Azure の採用に踏み切った理由は、主に以下の 4 つです。

  1. 2020 年に Flash のサービスが終了する前に HTML5 に切り替える
  2. クラウド サービスを冗長化して「止まらない」サービスを実現させる
  3. 長年頭を悩ませてきた CDN のトラブルから脱却する
  4. 「パ・リーグ.com」に必要な、メディア プレイヤー機能までサポートしている

「パ・リーグTV」の前身となる「パ・リーグ ライブTV」の頃からシステム環境を支え続けてきたマーケティング室 テクニカル・アドバイザー 堀内 修一 氏は次のように説明します。

 

「『パ・リーグTV』では、Flash HLS 2 つの規格を使って映像を配信していましたが、2020 年末をもって Flash のサービスが終了するため、HTML5 への移行を急いでいました。さらに、万が一にもサービスが止まらないように、インフラの冗長化を以前から検討していたのです。そうして、新しいクラウド サービスを検討していた私たちに Azure を提案してくれたのが、長年『パ・リーグTV』を一緒に支えてきてくれた EVCさんでした。

Azure Media Services という機能を活用すれば、PC やスマートフォンなど、デバイスごとに必要な形式の動画ファイルが自動で生成されます。さらに動画の高速配信を支える Azure CDN まで用意されていることも大きな魅力でした。

実はこれまで、CDN が原因となるトラブルが頻発していたのですが、複数社のシステムが関わり合っていたこともあり、どうしても原因を特定できず、もどかしい思いをしていました。しかし、CDN までマイクロソフトのサービスで統一されれば、万一のトラブル時にも、問題の特定が容易になるという期待がありました。しかも、EVC さんには Azure 上で Bizlat を安定稼働させてきた多くの実績があります。私たちの求めるクラウド サービスとして、必要十分な条件がそろっていたのです。」

 

さらに、IT統括部 部長 CDO 佐藤 直記 氏は、「Azure は当社のビジョン実現に向けて、非常に大きな価値を持っていた」と強調します。

Azure では、動画のファイル形式を自動変換できるだけでなく、再生プレイヤーまで提供されています。『パ・リーグ.com』にこのプレイヤーを採用することで、『パ・リーグTV』用の映像を、そのままリアルタイムで提供できるようになりました。これは、本当に素晴らしいことだと思います。

当社では、『プロ野球の新しいファンを増やすこと』という使命のほかに、『プロ野球界、スポーツ界の発展を通して、日本の社会全体を明るく元気にしていうこと』というビジョンを掲げています。ですから、私たちの映像配信システムを、日本のスポーツ界全体に役立てて行きたいと願っています。過去にも某女子プロゴルフ大会の中継に活用いただいた事例があるのですが、今後は、さらに手軽に、ほかのスポーツ界……プロ、社会人から青少年スポーツまで、さまざまな大会の中継に活用いただけるようになったと思います。これは本当に価値のあることです。」


2 か月足らずの短期構築で迎えた開幕戦。「配信トラブル 0」を達成!

上述のようにパシフィックリーグマーケティングが求めるすべての要件に適合した Azure ですが、その検討には「慎重を期した」と、荒井 氏は振り返ります。

「大切なことは、目の前の課題を解決することだけではありません。数年前にスマートフォンが急速に普及したように、お客様の視聴環境は今後も刻々と変化していくでしょう。そうした変化に対応できなければ意味がないのです。そのために、EVC さんによる Azure の提案だけではなく、複数の提案を詳細に比較して、検討を重ねました。」

 

そして、「この提案がベストである」という判断の下に Azure の採用が決まったのが、2018 1 月のこと。シーズン開幕までわずか 2 か月しか残っていませんでした。しかし、プロジェクトはスピーディーに進行。「これまで、Azure 上で Bizlat を稼働させてきた経験から、成功を確信していた」という EVC 代表取締役社長 國分 秀樹 氏の言葉通り、期日としていた 3 23 日にサービスのリリースを迎えています。

 

荒井 氏は「今年の開幕戦は、忘れることができない」と笑顔で振り返ります。

「これまで毎年、開幕戦の日は『映像が止まってしまう』といったトラブルへの対応に追われて徹夜するのが常でした。しかし、今年は違いました。こんなに短期間に構築したシステムにも関わらず、トラブルは 0 件。本当にいい思い出になりました。」

 

パ・リーグTV とパ・リーグ.com を大きく成長させるために、機能とサービスを絶え間なく向上

 

パシフィックリーグマーケティングが目指すサービスの形は、まだ完成したわけではありません。マルチアングルの映像配信は、現在 3 球場のみとなっていますが、今年中には 6 球場すべてから配信できるようになる予定であると言います。また、二軍の試合も、今後は積極的に配信していく方針にあると、荒井 氏たちは声を揃えます。

 

最後に荒井 氏は次のように締めくくります。

「今回のシステム更新を経て、『パ・リーグTV およびパ・リーグ.com を、さらに大きなメディアへと成長させる』という目標が、明確に描けるようになりました。過去のシステム環境では、“どうやってこの不具合を解消するか” というリアクティブな対応に追われて、数年先のビジョンを描く余裕がありませんでしたからね。もちろん、今のシステムがベストだとは思っていません。まだまだ改良を続けていきます。プロ野球ファンの皆様のために、プロ野球界のために、そして日本のスポーツ界全体のために、さらに貢献できるサービスへと成長させていきたいと思います。」

 

 

ソリューション概要
===================

お客様プロファイル

パシフィックリーグマーケティング株式会社は、ビジョンは「プロ野球界、スポーツ界の発展を通して、日本の社会全体を明るく元気にしていくこと」。ミッションは「プロ野球の新しいファンを増やすこと」です。これらビジョンとミッションの実現を念頭に、プロ野球含むスポーツが持つ新しい価値を、日本の社会へ提供し続けられるように努めています。
https://www.pacificleague.jp/

 

株式会社EVC
https://www.evc.jp/

「株式会社EVCは、お客様のご要望に合わせたマルチデバイス向け映像配信システムの企画から構築までワンストップでお応えいたします」
2003年に創業し、映像管理・配信システム「Bizlat」を提供。2013年にMicrosoft Windows Azure」クラウドサービス上で「Bizlat on Azure」を提供開始するなど、映像に特化したSIビジネスを展開。

 

Viewing all 36188 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>