Patch Lady – the Office 365 admin center

Patch Lady here – for those of you that are admins in Office 365 I would highly recommend bookmarking the Office 365 admin center and especially to make sure that you have access to the message center inside of it.  It’s a key way to keep aware of updates and changes.  On my cheapest Godaddy Office 365 subscription I don’t have the ability to forward the alerts to other email addresses, but on my higher Office 365 subscriptions (a Office 365 Business plan and a Microsoft 365 E5 plan just to be aware of the nuances and changes with each plan).  You can also download the Office admin center app on an iPhone or android and log in with admin credentials to get the same info.

Today they announced they are adding more forensic features that turn on more auditing by default.  This is a very good thing and starts to get the online better aligned with on premise in terms of forensics.

Now if I can just get Advanced Threat Protection features built into EVERY Office 365… yes I know… never happy am I?

Updated feature: Exchange Online mailbox audit to add mail reads by default

 

To ensure that you have access to critical audit data to investigate security incidents in your organization, we’re making some updates to Exchange mailbox auditing. After this change takes place, Exchange Online will audit mail reads/accesses by default for owners, admins and delegates under the MailItemsAccessed action. This message is associated with Microsoft 365 Roadmap ID: 32224. How does this affect me? The MailItemsAccessed action offers comprehensive forensic coverage of mailbox accesses, including sync operations. In February 2019, audit logs will start generating MailItemsAccessed audit records to log user access of mail items. If you are on the default configuration, the MailItemsAccessed action will be added to Get-mailbox configurations, under the fields AuditAdmin, AuditDelegate and AuditOwner. Once the feature is rolled out to you, you will see the MailItemsAccessed action added and start to audit reads. This new MailItemsAccessed action is going to replace the MessageBind action; MessageBind will no longer be a valid action to configure, instead an error message will suggest turning on the MailItemsAccessed action. This change will not remove the MessageBind action from mailboxes which have already have added it to their configurations. Initially, these audit records will not flow into the Unified Audit Log and will only be available from the Mailbox Audit Log. We’ll begin rolling this change out in early February, 2019. If you are on the default audit configuration, you will see the MailItemsAccessed action added once the feature is rolled out to you and you start to audit reads. What do I need to do to prepare for this change? There is no action you need to take to derive the security benefits of having mail read audit data. The MailItemsAccessed action will be updated in your Get-Mailbox action audit configurations automatically under AuditAdmin, AuditDelegate and AuditOwner. If you have set these configurations before, you will need to update them now to audit the two new mailbox actions. Please click Additional Information for details on how to do this. If you do not want to audit these new actions in your mailboxes and you do not want your mailbox action audit configurations to change in the future as we continue to update the defaults, you can set AuditAdmin, AuditDelegate and AuditOwner to your desired configuration. Even if your desired configuration is exactly the same as the current default configuration, so long as you set the AuditAdmin, AuditDelegate and AuditOwner configurations on your mailbox, you will preclude yourself from further updates to these audit configurations. Please click Additional Information for details on how to do this. If your organization has turned off mailbox auditing, then you will not audit mail read actions.

Patch Lady – Office 365 prioritization

Recently Office 365/Outlook on click to run has made a change in behavior… as noted on Office uservoice…

After the release of 16.0.6741.2017, the Click 2 Run (C2R) version of the Outlook client for the PC is prioritising O365 for Autodiscover queries above all other Autodiscover methods (SCP, HTTPS root domain etc).

This causes problems for customers who aren’t using O365 for mail service, especially if either of these conditions are true:

1. The user has a mailbox in the O365 service which is not being used. This can occur if the user has inadvertently had an Exchange license assigned.
2. The user has a personal Office subscription but has used their business email address to configure it.

Outlook prompts the user to login, but logging in will fail as it’s effectively requesting credentials against the O365 service.

This behaviour also breaks the experience for existing profiles, not just newly created ones.

The “workaround” we have is to add a registry change to end users PC to bypass the O365 endpoints. From this article: https://support.microsoft.com/en-gb/help/2212902/unexpected-autodiscover-behavior-when-you-have-registry-settings-under

This property needs to be set to a DWORD value of 1: ExcludeExplicitO365Endpoint

This workaround is hard to manage, client specific, and will need to be reverted if the customer ever does in fact move to O365 so that the Direct Connect method can work again.

My suggestion would be to re-consider this change and how Autodiscover may work more intelligently going forwards.

The request was made to put the behavior back to what it was.

The response:

We cannot fulfil this request as we will continue to optimize for the Office 365 experience. The supported implementation of Autodiscover is documented here, https://support.microsoft.com/en-us/help/3211279. Any ongoing changes and improvements will be documented in the article. We appreciate your feedback and take every request with consideration, whether we can move forward with it or not.
-Outlook Team

If you are running Office 365 they assume that you are using Exchange in the cloud even if you aren’t.  And if you are, and don’t like the new behavior… tough cookies.

Patch Lady – When 365 isn’t the same 365

I have a version of Office 365 that I purchased through godaddy as well as the top of the line Microsoft 365 E5 license.  I do that in order to compare the top to the bottom.  And one of the things I’ve noticed is that on the Godaddy implementation of Office 365 that often you can’t get to the same screens nor do they have the same options.  Take as example the Office secure score web site that walks you through making sure you can protect your email system as much as possible  https://securescore.office.com/#!/dashboard  I can get to that interface with the top of the line 365 program, I can’t get to it via the Godaddy offering.

https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-secure-score

One could argue that Godaddy should know to set things up securely but if there’s one thing I’ve always found with vendors…trust but verify.

For example one rule that needs to be set up is a block forwarding rule

Can you set up this best practice in Godaddy’s implementation of Office 365, honestly I can’t tell.

Bottom line be aware that the different vendor implementations of 365 means you may not have all the options you see talked about on the web.

Minimum Versioning Coming Soon to SharePoint Online & OneDrive for Business Libraries

Modified in Office 365 Roadmap on August 14, 2018:

Versioning settings in OneDrive for Business, Groups and team sites in SharePoint Online
All SharePoint and OneDrive libraries will be set to retain a minimum of one hundred major versions. Existing libraries that have versioning enabled but are set to retain fewer than one hundred major versions will be updated to retain the new minimum. Libraries already set to retain one hundred or more major versions will not be affected, including those with the default setting of five hundred. With these changes, the Document Library Settings page will no longer support the ability to disable versioning or configure it to retain fewer than one hundred versions.

Again, there are reports of customers pushing back on Microsoft’s changes, and Microsoft have advised that organisations will be able to avoid this change on “Office 365 Tenants”, if they act before September 30th – “Otherwise, we will roll out the versioning setting update to your tenant in October 2018.”. This workaround involves a SharePoint Online Management Shell cmdlet, using version 16.0.7918.1200 or better.

Full details are on Microsoft Tech Community

Having trouble logging in to Office 365? You aren’t alone.

The official @Office365Status account on Twitter says:

We're investigating an issue in which users may be unable to sign-in to Office 365 and are receiving an error related to Office 365 subscription activation. More details can be found in the admin portal under MO146611.

— Office 365 Status (@Office365Status) August 16, 2018

There are several possible suspects listed in the linked thread. It seems that locally installed versions of Office 365 (as opposed to the web version) are causing problems. Possible that it’s associated with Modern Authentication. One user reports that he removed activation from his keychain and it worked.

Fourth Tuesday patches trickling in

At this moment, I have notes for:

KB 4018314 — February 26, 2018, update for Outlook 2010. As @MrBrian notes, the big fix here is:

This update fixes the following issue:

After you install KB4011273 on a Windows XP or Windows Server 2003-based computer, you receive an error message that resembles the following when you start Microsoft Outlook 2010:

CompareStringOrdinal not found in dynamic link library KERNEL32.dll

The list of new KB articles also includes several re-posted .NET Preview KBs, KB 4074805 (February 2018 Preview of Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1), KB 4074808 (February 2018 Preview of Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1), and KB 4073701 (Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 and for .NET Framework 4.6 on Server 2008 SP2), but none of the KB articles mention anything new (they’re still marked as last updated Feb. 23), and the three patches are still missing from the Windows Update Catalog.

Poster bobcat5536 caught one I missed:

Just did notice that Office 365 has yet another update released on the monthly channel yesterday. That makes 4 this month. Why don’t they rename it the weekly channel. This update stuff is just pure madness.

And, sure enough, Microsoft’s official list bears him out.

There’s a new bug posted for KB 4074598, the February Win7 Monthly Rollup, and KB 4074587, the Feb Win7 Security-Only patch, that triggers a bizarre error, “SCARD_E_NO_SERVICE”

There’s a new bug posted for KB 4077525, the SECOND Monthly Rollup this month for Win10 1607:

After installing this update, servers where Credential Guard is enabled may restart unexpectedly. The error is “The system process lsass.exe terminated unexpectedly with status code -1073740791. The system will now shut down and restart.”

Event ID 1000 in the application log shows:

“C:\windows\system32\lsass.exe’ terminated unexpectedly with status code -1073740791

Faulting application: lsass.exe, Version: 10.0.14393.1770, Time Stamp: 0x59bf2fb2

Faulting module: ntdll.dll, Version: 10.0.14393.1715, Time Stamp: 0x59b0d03e
Exception: 0xc0000409

I’m still looking for the Win10 1709 patch — the one that’s supposed to fix the USB and bluescreen problems.

Did I miss anything?

I’ll have a post in Computerworld when the dust settles.

New Office 365 features

Microsoft’s Kirk Koenigsbauer just posted a list of new features brought to Office 365 this month:

Microsoft Teams – Find and use apps in new ways, Command apps and take quick actions across Teams

Work together more effectively with updates to iOS and Mac – Co-authoring for iOS and Mac, Automatically save your work on Mac (“Today also marks the general availability of AutoSave in Word, Excel, and PowerPoint on Mac for Office 365 subscribers who store their documents in OneDrive and SharePoint.” – imagine that!), Drag and drop content and files on iOS, Access OneDrive files from more iOS apps, Preview more file types with OneDrive for iOS, Search across your organization with Outlook for iOS, Improve reading skills with Learning Tools for Mac

New ways to share on Yammer

Powerful inclusive learning tools

Comments most welcome. (As mentioned elsewhere, I’m rapidly moving away from Office and toward Google Apps.)

How-To Geek: What’s the Difference Between Office 365 and Office 2016?

It’s a question I hear all the time, with a clear answer  from HTG’s Chris Hoffman.

Short version –

Office 2016 Home & Student is $150 for one machine (PC or Mac). You can use it forever. Doesn’t include Outlook, Publisher or Access.

Office 365 Personal is $70/yr for one machine, plus one tablet (iPad, Android). Does include Outlook, Publisher and Access.

Office 365 Home is $100/yr for up to five PCs or Macs plus five tablets. You also get 1 TB of OneDrive storage.

Which should you get? Read Hoffman’s analysis. Spot on.