Author: Adam Fowler

Microsoft News and interests Taskbar Icon in Windows 10

Microsoft is now rolling out their News and interests taskbar icon, which was announced back in April on TechCommunity.

I’ve seen this turn up in the last day on both my home PC and work PC – the work PC being configured to get updates immediately from Windows Updates for Business.

If you don’t want this at all, you can disable via Group Policy or Intune.

Group Policy

If you want to disable this with a Group Policy setting, you’ll need to get the latest ADMX files updated 7th May 2021 from Microsoft. These will contain a new ‘feeds.admx’ policy definition file, but it’s just a single enable/disable setting:

You can do either of the registry settings recommended by Ben below – the first being a user config setting and the second being a machine policy that users couldn’t change in any way. The second registry setting is the same as what Group Policy is setting above.

For more granular control on disabling or enabling options in it, the registry entries live in:

Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds

From here, if you wanted to disabled ‘Open on Hover’ you’d use this value:

ShellFeedsTaskbarOpenOnHover : 0 (off) or 1 (on)

Intune

Intune is covered on the TechCommunity article and is just setting ‘Enable News and interests’ to ‘Allowed’ or ‘Not Allowed’

Microsoft also has an end user support article on News and Interests, which covers end user configuration, how they can turn it off, personalisation options and other user advice.

Update UPN from AD to Azure AD

When there was a name change in Active Directory (AD), we used to update the Universal Principal Name (UPN) in AD, then separately run the Set-MsolUserPrincipalName command to update Azure AD to the same UPN. Except, it no longer worked – I was now getting an ‘Access Denied’ message.

When trying to update the UPN via the Microsoft 365 admin center, it would correctly advise that the object was homed in AD, so changes needed to be made there. Except, they were, and Azure AD Connect was even reporting that it had seen the update and sent it off to Azure AD, no errors.

After some investigation, I found that there is now an option to allow ‘Synchronize userPrincipalName updates‘ which is off in older tenants. To check and update this:

In PowerShell, first install and connect to MSOLService. Then to check the status if UPN updates will sync and update:

Get-MsolDirSyncFeatures -Feature SynchronizeUpnForManagedUsers

If it’s $true, you’re already set. If it’s $false, update the value to $true with this command:

Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true

In my testing, running another Azure AD Sync (both delta and full) did not resolve any already updated UPNs. I had to change the UPNs to a temporary value, sync, then change them back to the original value I wanted, and sync again. The update was instant in Azure AD once the sync had run each time.

Poly Studio P15 Review

Poly kindly sent me a new piece of hardware to review – the Poly Studio P15. It’s on of the devices in their ‘Poly Studio P Series‘ which only came out early in 2021. These devices are personal video devices, but aimed at the higher end of the market. It includes the Poly Studio P5 Webcam (or kits that include the webcam and a headset or speaker), the Poly Studio P21 Personal Meeting Display, and this Poly Studio P15.

Although you could call the Poly Studio P15 a webcam, Poly calls it a Video Bar. Which I think is fair enough – it’s 42.5cm long (17 inches). On a standard 24″ monitor it extends above a lot of the screen, but luckily on my 43″ it is quite a good fit. The mechanism that balances the device on top of the monitor is quite adaptable – with both an adjustable kicker, as well as being able to slide the base forward or backward means that I could get it quite stable, without getting in the way of my actual display area.

Out of the box, beyond the video bar and kickstand, is a USB-C cable, and a power pack. The lens itself can be rotated to open/close the lens cap. Once plugged in to power and the compuer via USB-C, that’s all that’s needed for the camera to show up in Windows 10; no extra software is required to make it function, but if you want to change settings or run updates, you’ll need the Poly Lens app.

The Poly Studio P15 specifications are below.

CAMERA
• Ultra HD (4K 16:9, 2160p), Full HD (1080p), HD (720p)
• 90° DFOV
• Personal conference view with auto-framing
• True color and low light compensation
• Electronic zoom up to 4x
• Manual pan, tilt and zoom control through Poly Lens Desktop App

AUDIO
• Poly Acoustic Clarity technology provides full-duplex conversations, acoustic echo cancellation and background noise suppression
• Poly NoiseBlockAI technology
• Poly Acoustic Fence technology
• Microphones: 3-element beamforming microphone array
• 50 Hz to 14 kHz frequency response

SPEAKER
• 100 Hz to 20 KhZ frequency response
• Output: 80 dBA @ 1000 Hz @ 1 meter at maximum volume

INTERFACES
• 1x USB 3.0 Type-C port (with USB 2.0 compatibility)
• 2x USB 2.0 Type-A ports
• Power connector
• Kensington security lock

POWER REQUIREMENTS
• External DC power supply: 12V/3A

SYSTEM REQUIREMENTS
• Windows 8.1, 10
• Mac OS 10.10 or higher
• USB 3.0 required for 4K video

DEVICE DRIVER SUPPORT
• USB 2.0/3.0/3.1
• UVC/UAC Plug and Play Compatible

COMPATIBILITY
• Certified for Microsoft Teams and Zoom applications
• Compatible with any application that supports standard USB/UVC standards

MANAGEABILITY
• Cloud: Poly Lens service
• Local (Windows/Mac): Poly Lens
• Desktop App

OTHER FEATURES
• Integrated privacy shutter
• Adjustable monitor clamp
• Tripod ready
• USB-A ports built-in for wireless headset adapter or other peripherals as USB hub
• Status LED indicates calling and mute state

DIMENSIONS
With monitor clamp:
• 17 W x 3 H x 3 D (Inches)
• 425 W x 70 H x 78 D (MM))
Without monitor clamp:
• 17 W x 2.5 H x 3 D (Inches)
• 425 W x 65 H x 78 D (MM)

OPERATING CONDITIONS
• Temperature: 0° C to +40° C
• Relative humidity: 5% to 95% relative humidity, non-condensing
• Altitude: Up to 10,000 ft

PACKAGE CONTENTS
• Poly Studio P15 USB video bar
• Removable monitor clamp
• Power supply
• Power cord
• USB-C cable (separate adapter required to connect to USB-A port on PC/Mac, not included)
• Setup sheet

WARRANTY
• 2-year limited warranty included
• Poly+ enhanced support available

Due to the camera’s 4K resolution, it can use digital zoom to still produce a high quality 1080p result. Below I’ve taken a screenshot of the auto-framing to my face, vs turning the tracking mode off to show the full field of view the camera can pick up. Again, this works out of the box without the app which is nice.

To be able to change these settings however, you’ll need the Poly Lens app, which is a free download. It doesn’t need you to sign in, but will provide firmware updates to your Poly devices, along with configuration options around back light compensation, zoom, camera movement, tracking speed and frame size. These settings let you fine tune how the video bar acts with it’s automatic controls.

Other settings worth noting are the Poly Acoustic Fence which creates a virtual bubble around the device, and sounds outside the bubble aren’t heard. I’ve liked a Poly video below around this. There’s also the NoiseBlockAI option which block sounds like typing – which I can confirm nobody could hear me typing on my mechanical keyboard while on an audio call, which was nice rather than wearing a headset for once.

The audio quality that comes out of the video bar I thought was really clear – you can also adjust the bass and treble levels to your liking.

One little bonus I saw in the Poly Lens app was the Soundscaping option – if you want the background noises of the gentle ocean, a babbling brook or a mountain ranch (which sadly isn’t cowboys and cowgirls saying ‘howdy partner!’ with horses neighing, just more water running):

Anyway, the Poly Studio P15 is really a high end device for the home professional that doesn’t want to muck around with trying to get the right angles, or worrying about being out of shot. The videobar sorts all this out for you, while being configurable enough to give some controls around those smarts. It also doubles up as just a really good speaker, and for an environment particularly at home where you might have outside noises or unwanted visitors, turning on the Poly Acoustic Fence can save the people you’re talking to from interruptions and distractions. There’s also two USB 2.0 ports on the back, in case you have other devices to plug in like headset USB dongles.

A really cool solution with some extra bells and whistles to justify upgrading from an average webcam.

SMTP to Exchange Online

SMTP is still needed by certain applications and devices, such as printers, which don’t support Modern Authentication and instead require legacy authentication to talk to a SMTP server.

You are able to use Exchange Online as an SMTP server, but this can be tricky to set up if you’ve hardened your environment by requiring Multi-factor authentication through Security Defaults or Conditional Access.

Microsoft have good documentation on “How to set up a multifunction device or application to send email using Microsoft 365 or Office 365” with the recommended approach to use SMTP, but you may need to poke some security holes through your environment.

Assuming you can get out through your firewalls on port 587 or 25 for SMTP, you’ll need to turn off Azure AD Security Defaults if you have them on. If you do this, understand what you’re turning off and rebuild those same settings in Conditional Access. If you have them off, then you should have Conditional Access policies already.

Personally, I have a ‘Block Legacy Authentication’ conditional access policy which as it says, blocks legacy authentication. For an account I want to send emails from via SMTP, I add it as an exception to this policy.

I then have a second policy ‘Allow Legacy Authentication Internal Only’ which I then target this user at, which still blocks legacy auth unless it’s coming from a trusted IP address. These two rules together then block all users from legacy auth, except the ones on the second policy, and then only if they’re coming from inside my network. The goal of this is to prevent anyone externally using spray attacks against accounts to gain a username and password – although they couldn’t log in anywhere beyond SMTP due to MFA policies, they could still start sending emails that would be from a legitimate email address.

If you have IPs restricted on Exchange Online connectors, that does not appear to affect SMTP auth and you shouldn’t need to add your internal IPs there.

The account you want to use for SMTP sending must have a mailbox license, I use ‘Exchange Online Plan 1’ for one of the cheaper options that is pure mailbox. The SMTP settings are listed here.

You also need to allow SMTP auth across your organisation (not ideal), or on a per account basis (much better security wise, plus it overrides the org default – so you can disable at org level and allow at account level). Microsoft Docs covers this in detail but the command (which requires connecting to Exchange Online via PowerShell first) to allow on a single mailbox is:

Set-CASMailbox -Identity sean@contoso.com -SmtpClientAuthenticationDisabled $false

Once these policies and licenses is in place, you can test. The easiest way I found was a 1 liner PowerShell command. You must use the source mailbox’s account as the from address:

Send-MailMessage –From account@contoso.com –To test@contoso.com –Subject "Test Email" –Body "Test SMTP Service from Powershell on Port 587" -SmtpServer smtp.office365.com -UseSsl -Port 587 -credential $madeupvariable

When testing, I found that after changing the Conditional Access rules to let a specific account go through as legacy auth took several minutes. Azure AD logs also take several minutes to show auth attempts, so don’t rush and change too many things at once trying to do this.

Ideally, nobody would be using SMTP – but in the real world we still have to, so the above will at least keep login records in Azure AD, and limit it to trusted IPs, certain accounts, or any other Conditional Access rules you can come up with to reduce the risk of allowing this.

PowerShell Slow to Load and AutoFill

I had this problem on a server for a while – when first launching PowerShell, it would take ~20 seconds or so to accept input. Also, when pressing tab to auto-complete a command, it would again take ~20 seconds to start, like it was freezing. These were one time problems when launching PowerShell, after that it would work fine until a new session was launched.

A lot of searching didn’t help me work it out, so I logged a Microsoft case. After a few task manager executable dumps, they worked out the delay was on a path I had in an environment variable. Somehow in my account’s user variable, I had a github desktop path that was mapping to a network share, using a PC name that was decommissioned (e.g. ;\\pcname\c$\Users\AdamFowler\AppData\Local\GitHubDesktop\bin.

I expect that this name was timing out, and PowerShell was waiting a while before giving up. In case you have the same symptoms as me, check the environment variables – user variables paths if it’s only your account affected, or the system variables if it’s all users. Click on the path value, then click edit, and remove anything that shoudn’t be there (take a backup of the text if you aren’t sure, it’s easy to put back in if you keep a copy).

To get to Environment Variables, depending on the OS version, get to System Properties, the Advanced tab, and then the Environment Variables button:

Hope that helps someone else with the same problem!