Category: Microsoft

Basic Troubleshooting in Windows 10

In my role I receive a lot of incidents that needs to be solved. My mission is firstly to restore the service back to normal. Once the service is back to normal we can look at making any further changes so that the incident won’t happen again. In this post I will focus my troubleshooting…



Walkthrough of setting up on-premises data gateway for Power Bi

Hi and welcome to my walkthrough of setting up an on-premise data gateway. What is an on-premise data gateway? Microsoft has provided a very good answer to this question in the link within the question. If you are looking for an easy explanation: Connect your on-premise data securely to your cloud services (Power BI, PowerApps,…



Discover users running Legacy Authentication and why you need to disable it

Are you running Exchange Online and still allow Basic Authentication (a.k.a. Legacy Authentication) for all users and not running MFA? Then you’re extremely exposed to attacks. Microsoft has announced the blocking of this on 13 Oct 2020 but the biggest problem is that you probably will get (and possibly already have been) breached because of…



Chrome tabs hang or crash with white screen

EDIT/UPDATE: The case seems to be resolved: https://bugs.chromium.org/p/chromium/issues/detail?id=1024837 Today we experienced major problems with the application Google Chrome in multi-user environments such as Citrix XenDesktop 7 (according to support.google.com community forum IT-administrators are seeing this in many different types of environments, RDS, XenApp, XenDesktop, with different hypervisors, different version of Windows Server and Desktop and…



Azure Active Directory Authentication with Open VPN

Until recent you could connect to your VNet in Azure with certificate-based or RADIUS authentication but now Microsoft Azure support native Azure Active Directory authentication with Open VPN protocol. Azure AD integration with Open VPN enables user-based policies, multi-factor authentication (MFA) together with conditional access for P2S VPN. In order for Azure AD authentication to…



Great new feature for O365 – reduce the amount of successful phishing attempts

As I wrote in my blogpost back in March, phishing is an attack concept where an attacker usually contacts a victim pretending to be from a trustworthy source to get information that they shouldn’t have gotten if they used their real identity. When an attacker targets specific individuals or groups within an organization the phishing method…



ADFS Claims depending on multiple conditions such as group membership and password expiry

In this post I will quickly demonstrate how to achieve a ADFS Claims depending on two different conditions. This specific case is about the password expiry claims that we only want to show for users that are member in a specific Active Directory group. First we need to add an Issuance Transform Rule where we…



Netscaler – Configure Kerberos Authentication + LDAP Group/Attribute Extraction to achieve SSO for internal users

SSO to Netscaler hosted web services for internal users: A request we receive from time to time from our Netscaler customers is that they would prefer internal users (users connected to the company’s LAN/Wifi or through VPN) to automatically get SSO when they browse to a load balanced web system (https://sharepoint.mycompany.com). One way of doing…



Brief walk-through of Robocopy

I have stumbled upon technical scenarios which required special maneuvers requiring skills I did not possess. After some reading I was able to conclude that Windows environments have several ways to copy files from a to b: good old ctrl +c and ctrl +v, xcopy, Copy-Item and robocopy. I was aware of the first one,…



No more Basic Authentication for Exchange Online – what does that mean for us?

Microsoft recently announced that they are turning off Basic Authentication in Exchange Online on October 13, 2020. This means a year for customers to adapt. But what does this mean in reality? In short, no more Basic Auth for: ActiveSync POP/IMAP Remote PowerShell This also means you will not be able to use app passwords (which…