Microsoft Advanced Threat Analytics



Microsoft Advanced Threat Analytics is a great tools which analyses the active directory traffic and take advantage of Machine learning technology in-order to understand the behavior of traffic or requests coming to active directory and give a red flag in case of any anomalies detected or observed.

There are 2 Major components in the Advanced Threat Analytics solution, which are:

1. ATA Center
2. ATA Gateway or ATA Light weight Gateway 

ATA Light weight gateway is a new release with lighter version of Agent  which can be deployed directly on the Domain controller, so that their is no need of maintaining a dedicated server ATA Gateway Application.

Here are some of the important docs to start with Microsoft Threat Analytics, Happy Learning.



High Availability Solution - Azure

                          High Availability - Azure 


When designing a solution, we always think "If our application is designed to be high available and High Resilience". 

Microsoft have  come up with checklist to help the IT Teams whenever they are designing a solution to cross check and question them self if the Application is going to meet high available and high resilience. 

Here are some of the important articles for your reference:


Azure itself having so many tools and services to leverage a high resilience and high available solution, but to make sure we are on right track with our design we can go through this checklist and question us if we are going to with stand any disaster and make our application working with less or no downtime.



How to Restore Azure Virtual Machine using Powershell - Azure IaaS VM Backup


Azure Virtual Machine which are in Load Balancing can be backed up by Azure IaaS Backup ? , Answer is Yes.

Microsoft recently anounces support for Load balanced Virtual Machines on Azure, Please refer the below article.
https://azure.microsoft.com/en-us/blog/azure-backup-supports-loadbalancer-cloudlink-virtualmachines/

Currently their are limitation with respect to restore, The restore should be performed whenever Virtual machines are configured in a special networking configuration.

For restoring the Virtual machines in the special networking configuration, then you should the powershell approach where it will allow you to restore the VM disk to a storage account and from where you can go ahead and configure the Virtual machine using existing disk in the special networking configuration as needed.

You further explore this in the below Microsoft article
https://azure.microsoft.com/en-us/documentation/articles/backup-azure-vms-automation/#restore-an-azure-vm

Below are the sequence of powershell commands that can be used for restoring the VM disk from the Azure Backup Vault.


Get-AzureRmBackupVault

Name               ResourceGroupName  Region             Storage
----               -----------------  ------             -------
Backupnow          RecoveryService... centralus          GeoRedundant


Get-AzureRMBackupVault –ResourceGroupName “RecoveryServices-BYDEFLG5BESPTOIGSYROZJR5V6ZCINXVYA6SZIUXICQVCHKR5IH
Q-Central-US”

Name               ResourceGroupName  Region             Storage
----               -----------------  ------             -------
Backupnow          RecoveryService... centralus          GeoRedundant


$backupvault = Get-AzureRMBackupVault –ResourceGroupName “RecoveryServices-BYDEFLG5BESPTOIGSYROZJR5V6ZCINXVYA6S
ZIUXICQVCHKR5IHQ-Central-US”

 $backupvault

Name               ResourceGroupName  Region             Storage
----               -----------------  ------             -------
Backupnow          RecoveryService... centralus          GeoRedundant



$joblist = Get-AzureRMBackupJob -Vault $backupvault -Status InProgress

$joblist = Get-AzureRMBackupJob -Vault $backupvault -Status Completed
$joblist[0]

WorkloadName    Operation       Status          StartTime              EndTime
------------    ---------       ------          ---------              -------
vm2             Backup          Completed       2/5/2016 2:23:22 AM    2/5/2016 2:42:36 AM


$backupitem = Get-AzureRMBackupContainer -Vault $backupvault -Type AzureVM -name "VM1" | Get-AzureRMBackupItem
Get-AzureRMBackupRecoveryPoint -Item $backupitem

RecoveryPointId    RecoveryPointType  RecoveryPointTime      ContainerName
---------------    -----------------  -----------------      -------------
27578974793839     FileSystemConsi... 2/5/2016 2:26:13 AM    iaasvmcontainer;highavailablevm;vm1


$rp =  Get-AzureRMBackupRecoveryPoint -Item $backupitem
$rp

RecoveryPointId    RecoveryPointType  RecoveryPointTime      ContainerName
---------------    -----------------  -----------------      -------------
27578974793839     FileSystemConsi... 2/5/2016 2:26:13 AM    iaasvmcontainer;highavailablevm;vm1


$restorejob = Restore-AzureRMBackupItem -StorageAccountName "Azurestoragerestorenow" -RecoveryPoint $rp

$restorejob

WorkloadName    Operation       Status          StartTime              EndTime
------------    ---------       ------          ---------              -------
vm1             Restore         InProgress      2/5/2016 2:03:45 PM


$restorejob

WorkloadName    Operation       Status          StartTime              EndTime
------------    ---------       ------          ---------              -------
vm1             Restore         Completed       2/5/2016 2:03:45 PM   2/5/2016 2:23:17 PM



Skype for Business

                                Lync will be merged as Skype for Business 

Next release of Lync is being released as  Skype for Business,

Here is the video from Skype Blog introducing Skype for Business.


Here is the update from Skype blog:

Skype Blog:

Also their are few good articles on this :
EWeek Article:
http://www.eweek.com/networking/slideshows/how-microsoft-is-transforming-skype-into-a-major-enterprise-app.html?utm_medium=email&utm_campaign=EWK_NL_SR_20141125_STR1L2&dni=195067966&rni=25887701
InsideLync Blog:
http://blog.insidelync.com/2014/11/lync-to-be-rebranded-as-skype-for-business/


                 Exchange Versions, Build Number, Roll UP's and Cumulative updates

When a exchange disaster happens or whenever you want to perform some proactive health check of Exchange servers you will look to find a way to check which version of Exchange server you are using and which update roll up \ Cumulative update it is running.

Now let us see what version of Exchange we are using :

Exchange 2003:

  1. Go Exchange System Manager (ESM).
  2. Then click on Administrative Groups, followed by Servers Folder.
  3. In right pane you can see list of all the servers and you will see the "Server Version".
Also check the below article for Build Numbers and their release dates.


Exchange 2007 and Exchange 2010:

Method 1:
  1. Go to Exchange Management Console and navigate to Server Configuration object.
  2. Select the Server object and on Right side you will see the Version Number.
Once you got the version number, follow the below article to check respective SP \ Roll up level for the respective Version Number.


Method 2:
  1. Open the Exchange Management Shell.
  2. Execute the follow command to determine the Version Number.
    Get-Exchangeserver
    Get-ExchangeServer | Select Name, AdminDisplayVersion
Once you got the version number, follow the below article to check respective SP \ Roll up level for the respective Version Number.


Exchange 2013:
  1. Open the Exchange Management Shell.
  2. Execute the follow command to determine the Version Number.
    Get-Exchangeserver
    Get-ExchangeServer | Select Name, AdminDisplayVersion
Once you got the version number, follow the below article to check respective SP \ Roll up level for the respective Version Number.




        Disable automatic delivery of Internet Explorer 10 - Automatic Updates

So you are seeing that most of the applications are not compatible with IE 10 now a days and you users will face many issues while they trying to access application via IE 10.

But you noticing that IE 10 is automatically getting installed via Windows Updates and as an administrator you want to control this auto installation.

You can follow the below steps to stop the auto installation of IE 10 via Windows Updates:


  • Login to your domain controller.
  • Now download the IE 10 blocker from the Microsoft website
    http://www.microsoft.com/en-in/download/details.aspx?id=36512
  • Once the file is downloaded, extract the .exe to any location on the server creating a folder named IE10 blocker.
  • You will file two files here “IE 10_Blocker.cmd” and “IE 10_Blocker.adm”.
  • So as you are using Group policy to do this and you need the second file, which is “IE 10_Blocker.adm”.
  • Now open Group Policy Management console, create a new policy named “Block IE10” and click EDIT the policy.
  • Go to “Computer Policies” and Right click on “Administrative Template”, click on Add/Remove Template option.
  • Now browse and select the ADM template which we have extracted previously.
  • Now you will see new folder under “Classic Administrative Templates (ADM)” under “Administrative Template” go through it and Windows Components > Windows Updates >Do not allow delivery of Internet Explorer 10 through Automatic updates.
  • Enable the Template “Do not allow delivery of Internet Explorer 10 through Automatic updates”.
  • You are policy is ready for use, Apply on domain if you would like to block across all computers.
Done, this will stop the automatic delivery of IE 10 via windows updates.


        Disable automatic delivery of Internet Explorer 11 - Automatic Updates

Administrator will always receives complaints form users when ever IE is upgraded to latest release, problem most of the legacy or third party application might be compatible with latest IE versions

But you noticing that IE 11 is automatically getting installed via Windows Updates and as an administrator you want to control this auto installation.

You can follow the below steps to stop the auto installation of IE 11 via Windows Updates:


  • Login to your domain controller.
  • Now download the IE 11 blocker from the Microsoft website
    http://www.microsoft.com/en-in/download/details.aspx?id=40722
  • Once the file is downloaded, extract the .exe to any location on the server creating a folder named IE11 blocker.
  • You will file two files here “IE 11_Blocker.cmd” and “IE 11_Blocker.adm”.
  • So as you are using Group policy to do this and you need the second file, which is “IE 11_Blocker.adm”.
  • Now open Group Policy Management console, create a new policy named “Block IE11” and click EDIT the policy.
  • Go to “Computer Policies” and Right click on “Administrative Template”, click on Add/Remove Template option.
  • Now browse and select the ADM template which we have extracted previously.
  • Now you will see new folder under “Classic Administrative Templates (ADM)” under “Administrative Template” go through it and Windows Components > Windows Updates >Do not allow delivery of Internet Explorer 11 through Automatic updates.
  • Enable the Template “Do not allow delivery of Internet Explorer 11 through Automatic updates”.
  • You are policy is ready for use, Apply on domain if you would like to block across all computers.
Done, this will stop the automatic delivery of IE 11 via windows updates.

     How to Export Message Tracking logs from Office 365


Moved your exchange organization to cloud ? it's good news :-) . You received most of your On-premise Maintenance & Staff cost for your Exchange server.

What about message tracking logs ? what if we need to trace a email or to submit a log report in any Audit. No worries in general Exchange online will store Message Tracking logs for 30 days, so if you want to keep your Message Tracking Logs for a long time , then you need to download regularly and keep them safely on any storage for future use:

The below steps will guide you to export the Message tracking logs from Exchange online to a CSV file.
  • Open Windows Azure PowerShell.

  • Now you need to connect to your Office 365 tenant to perform export, you can follow the below link to know how to connect to office 365 tenant.
  • .    Once the session got established please use the below command to export the Message tracking logs to a CSV file.

    Get-MessageTrace -StartDate "10/15/2014 00:00:00" -EndDate "10/31/2014 00:00:00" | Select MessageID,Received,*Address,*IP,Subject,Status,Size | Export-Csv 20130915.csv –NoTypeInformation

     Please Note: 
  1.      Logs will be saved in the directory from which you are executing the export command. 
  2.      Date's in above command should be selected based on your preferred days between which you want the logs.



    Office 365 Migration  - Internal Outlook clients are pointing to On-premise exchange server

The migration was completed successfully, all the MX and auto-discover records are set to office 365 in our DNS portal, We tested that the Outlook clients are connecting from outside the organization are able to auto-discover the mailbox settings and able to connect to their Office365 mailbox.

Now the problem started, when the on-premise users are trying configure their outlook client, it is routing to their On-premise exchange server.

What to do ? just two steps to go , to make sure your on-premise clients connect to their Office 365 mailbox.


  1. Create a CName record for Auto Discover in your internal DNS pointing to the office 365 auto discovery server created in your Public DNS portal.
                                                         Or
    From outside your on-premise network ping autodiscover.yourdomain.com ( Note: Yourdomain.com should be replaced with your organization namespace), note down the IP address it is pointing , then come back to your local DNS and create a A record pointing to the IP which you noted down. (autodiscover.yourdomain.com should point to the IP which was resolved during ping operation from outside network).
  2. Once one of the above record is created in your network, try to ping from your internal network and check if it is pointing to Outlook.com autodiscover server.
  3. Now you need to make your AutoDiscoverServiceInternalURI to null on your CAS server, use below command to make it null.

    Set-ClientAccessServer –Identity “your CAS servername” –AutoDiscoverServiceInternalUri $NULL
Noe go back and try creating the outlook profile again , now it should discover the Office365 mailbox server settings with out any issues.
                       Azure Active Directory Sync - Creation of new objects

Hey... Directory sync was implemented to Office 365 and you see everything is synced to your Office 365 tenant.

Now , you got a doubt whats next, how to manage and create the objects ? No worry its simple. :-)

Do it in your Active Directory and it will sync to your Office 365 tenant.


  • New User : If you want to create a new mailbox for your new employee, the first create a user account for the new employee in your active directory, it will get synced to your office 365 and once it is synced you can assign Mailbox license to this user and a new mailbox will get provisioned in Exchange Admin Center for this new user.


  • New Contact: Now you want to create a new contact in for mail contact purpose, no problem create a new SMTP contact in active Directory and it will sync to your contact list in Exchange Admin center.


  • New Group : Now be little careful in understanding this, their are 2 groups, Security group and Distribution group.
    Security Group: Security groups are for assigning permissions and these are not mail enabled. So you can create a security group in AD and it will be synced to your Office365.
    Distribution Group: If you don't have a exchange server in your On-premise and you want to create a distribution group in you AD and would like to sync it to office 365 their are few additional attributes you need to create for the Distribution group to make sure the group will sync to office 365.
    Please follow below article what to be consider to create a distribution group in AD and get that synced to Office365
    http://prakash-nimmala.blogspot.in/2014/10/distribution-groups-are-not-syncing.html