— Links —
Microsoft 365 admin center – LINK
Exchange 365 Admin center – LINK
Azure Admin Portal – LINK
Entra Admin Center – LINK
SharePoint Admin Center – LINK
Teams Admin Center – LINK
2FA User Settings – LINK
Message Trace – LINK
Mail Flow Rules – LINK
Submissions – LINK
Security and Rules – LINK (Anti Spam / Phish / Tenant Block List / Quarantine Policies)
Tenant Block List – LINK
Content Search – LINK (Search for emails in users inboxes)
— How-To-s —
How to make a Custom App Icon – LINK
Disable security defaults – LINK
— Login to o365 azure terminal —
Open Terminal on windows 11 -
Install-Module -Name ExchangeOnlineManagement -Force
Connect-ExchangeOnline -UserPrincipalName MY@EMAIL.COM— Enable SMTP Auth for user account —
-Set the user account to SMTP auth enabled
Set-CASMailbox -Identity sean@contoso.com -SmtpClientAuthenticationDisabled $false-Check your work
Get-CASMailbox -Identity sean@contoso.com | Format-List SmtpClientAuthenticationDisabled— Search and remove emails form inboxes —
https://learn.microsoft.com/en-us/purview/ediscovery-search-for-and-delete-email-messages
-Connect to azure
Connect-ExchangeOnline -UserPrincipalName MY@EMAIL.COM-Connect to proper endpoint
Connect-IPPSSession-Search for emails from sender only
$Search=New-ComplianceSearch -Name "Remove Phishing Message" -ExchangeLocation All -ContentMatchQuery '(From:user@contoso.com)'
Start-ComplianceSearch -Identity $Search.Identity-Search for emails from sender with subject line
$Search=New-ComplianceSearch -Name "Remove Phishing Message" -ExchangeLocation All -ContentMatchQuery '(From:user@contoso.com) AND (Subject:"Update your account information")'
Start-ComplianceSearch -Identity $Search.IdentitySee if the search has been started and finished – LINK
-Hard delete the messages form inboxes
New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType HardDelete— Give access to another users OneDrive files —
https://activedirectorypro.com/how-to-give-onedrive-access-to-another-user/
-Install SharePoint Module
Install-Module -Name Microsoft.Online.SharePoint.PowerShell-Get sharepoint from SharePoint Admin center and login
Connect-SPOService -URL https://thesite-admin.sharepoint.com/-Look for a users OneDrive URL by searching users name “JACK”
Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like 'JACK'" | Select -ExpandProperty Url– Give STEVE access to JACK’S OneDrive
Set-SPOUser -Site https://thesite.sharepoint.com/personal/jack_com -LoginName STEVE@SOMESITE.COM -IsSiteCollectionAdmin $true-Remove Jack from Steves OneDrive
Set-SPOUser -Site https://thesite.sharepoint.com/personal/jack_com -LoginName STEVE@SOMESITE.COM -IsSiteCollectionAdmin $false-To see these changes on SharePoint site directly
1. Log into the Microsoft 365 Admin Center and select SharePoint under Admin Centers.
2. In the left-hand side of the screen, select More Features.
3. Click on Open under User Profiles.
4. Click on Manage User Profiles under People.
5. Click in Find profiles and type in the name of the employee to whose OneDrive you want to remove access. For example, I’m going to remove JACK from STEVES OneDrive. Enter in STEVE then click Find. The user will show up below Active Profiles.
6. Click on the user and select Manage site collection owners.
7. Where it says Site Collection Administrators, remove the name of the person you want to revoke access.
— Disable the use of Microsoft Auth App forced —
It’s more then just this it seems. Why they are forcing their second rate authenticator is beyond me but it’s annoying. In Entra (old Azure) at https://entra.microsoft.com/
Protection -> Authentication Methods -> Settings -> System-preferred multifactor authentication: Disabled
Protection -> Authentication Methods -> Registration Campaign: Edit then Disabled and Save
Protection -> Authentication Methods -> Policies: Click Microsoft Authenticator and switch it to Disabled (if you want) then go to the others you do want and make sure they are enabled for all users (or whatever users you want). We have SMS, Voice Call, and Email OTP personally.
Was this helpful?
0 / 0