Author: Adam Fowler

Security Panel Discussions / Table Talks for March 2021

For March 2021, I’m lucky enough to be doing two different events around Security, and they’re both free to attend!

First is for Microsoft Ignite where on Thursday, March 4|11:30 AM – 12:00 PM ACDT I’ll be in the event Table Talk: Security Best (and Worst) Practices where we’ll talk for half an hour about what bad security practices we hear and see, and how to make them better. That session was 100% full last time I checked, but you might get in if someone drops out, so have a look. There’s also a huge amount of other Microsoft Ignite content that isn’t people limited, so register now if you haven’t already

Then, on March 11, 2021 10:30 AM – 12:00 PM CET (convert to your local time by adding your city here) I’ll be in another event being run by Acronis:

A New Playbook to Protect Your Users from Cyberthreats in 2021

The online event is free, and I’ll be a part of the round table / panel discussion on “Reality Check. Why SMBs are Targets”.

Looking forward to that one too, as it’s my first time chatting with the Acronis team and I’m sure they’ll have some great discussion points for us.

I even went out and bought a Blue Yeti USB Microphone for that proper speaker experience, rather than wearing a gaming headset :)

Since Covid hit, everyone has had to move all these events on line. What I’ve personally realised as both an attendee and presenter, is that the round table style is generally a lot more enjoyable to both be a part of, and listen to. It’s like a podcast really, with people talking about the topics they’re passionate about. Sure, there’s a general idea on what dot points will be discussed, but beyond that, it’s people talking off the top of their head on things they know, and bouncing off each other.

This revelation came to me at the end of 2020, when we did a user group round table on ‘How to stay up to date with Microsoft’ – I co-run the Adelaide Microsoft IT Pro Community, and had a great time chatting with Andrew, Brett, and Tiffany.

I’m really looking forward to both of these events, and hopefully get a chance to do more in the future!

How to (really) factory reset a Poly CCX 500

Hi,

Quick one here, I was testing a few Poly CCX 500 devices for Teams Calling, and wanted to do a factory reset.

The official documentation says:

Procedure

  1. Disconnect the power, then power on the Poly phone.
  2. As soon as the Poly logo shows on the screen, press and hold the four corners of the LCD display. Note: It may take several tries to get the timing right or to find the correct spots to press on the LCD display.
  3. Release the LCD display when the Mute indicator on the lower-right corner of the phone begins flashing red, amber, and green.

However, I tried this many times without success. Doing large crab claw fingers to cover the 4 corners of the screen was doing nothing beyond hurting my fingers.

I ended up working out it was a timing thing, and the Poly logo shows twice. It will first show, then go to a black screen for a second or two, then re-show the Poly logo. If you press the 4 corners before the Poly logo comes up for the second time – nothing happens. You have to press the 4 corners of the touch screen straight away AFTER the Poly logo has come up for the second time. It won’t register if you do it earlier, and leave your fingers in the right place.

They actually have a video showing this correctly:

https://community.polycom.com/t5/video/gallerypage/video-id/6198164788001

Hope this saves someone time! I assume this is the same for CCX 400, CCX 600, Poly Trio C60 etc but haven’t tested those.

Note the default admin password for these phones is ‘456’ and you should be changing this, which is easily done automatically via a Teams Configuration Profile

How to Backup Office 365 Mailboxes with Altaro

Backing up mailboxes in Exchange Online as a part of the Office 365 or Microsoft 365 suite is always a debated topic – some will argue that Microsoft have enough redundancy and backups in their own environments so you don’t need a third party solution and you’ll always be able to get your data back. However, this hasn’t been proven yet (thankfully) in a real world event where mailbox data has been lost by Microsoft. It also doesn’t cover scenarios where there’s outages, account problems or other connectivity problems that can delay your access to your cloud based data. Is it a risk each company will need to decide if it’s worth an investment into reducing.

Altaro asked me to have a look at their product – Altaro Office 365 Backup – to provide a quick run-through on setting it up and seeing what it does. Their solution is fully cloud based, so you don’t need any extra hardware to get going. You can set up a 30 day free trial here. Once signed up, here’s what to do:

After logging in from the link you’ll be emailed, you’ll be presented with this screen:

The wizard here will take you through the setup required, starting with a Company Name and your domain configured in Office 365 (which you can get from https://admin.microsoft.com/Adminportal/Home#/Domains) – I had to use my primary:

Next, you’ll need to grant access for Altaro to be able to access data in your tenant, which makes sense since you want them to back it up:

Following the links you’ll get the standard window advising you what permissions you’re granting and to whom:

If it worked, a successful message will show and you can go back to the setup wizard:

After doing this three times, you can go to the next step where you can choose which users to back up – which as it says, will be this data: “Office 365 User Backups consist of Emails, Calendars & Contacts within Mailboxes and Files stored within OneDrive accounts.”, then “SharePoint Backups consist of Files stored within SharePoint Document Libraries.”

If it all goes well, you’ll then get to the final screen showing a successful setup:

That’s it – backup has been set up. Of course your data won’t be in there instantly, the first backup happens over 24 hours, and then up to 4 times a day ongoing. You can choose if new users are automatically added to backup plans or not, which should turn this into a set and forget backup system.

Set and forget only works if you’re alerted around issues, which is possible in the Alert Settings – you can choose what sort of alerts you receive, such as if a backup job failed:

Restoring is also an easy process – for example if you want to restore an entire mailbox, the Mailbox Restore wizard will take you through the steps and ask where you want to restore – onto that user’s mailbox, another user’s mailbox, an Outlook PST file, or a ZIP file containing each mail item as an individual file:

You can also use the Granular Restore option, to search and restore particular items rather than entire mailboxes and accounts. The granular restore has the same options as the full restore for destinations, so there’s a lot of flexibility based on what you’re after:

If you can’t find what you’re looking for, the ‘Advanced Search’ option lets you define what you’re looking for:

Pricing for Office 365 Backup by Altaro is available at https://www.altaro.com/office-365-backup/#faqs and is a per user, per type (either mailbox or mailbox + OneDrive + SharePoint) model. This also includes 24/7 support and unlimited storage for backups.

After setting this up and trying out all the options, I’m confident in saying this is as good as you could hope for, from a turn-key solution. Setup is literally a few minutes, there’s no software to install anywhere and no infrastructure requirements. The data Altaro backs up is held forever (yes, infinite retention!) assuming you still have a valid subscription. The data is stored in Microsoft Azure, but only in West Europe at the time of writing – so if you have data sovereignty requirements, you’ll need to assess this.

Download your free 30-day trial of Altaro Office 365 Backup

Organization Branding for Safe Link Warnings

Two new little features have turned up for Safe Links as part of the Microsoft 365 Security & Compliance suite.

  • Display the organization branding on notification and warning pages

The first option is to show your organization’s branding on warning pages. This should help users identify that it’s a legitimate warning they’re seeing, as default Microsoft warning pages are often used by malicious actors to look legitimate themselves.

  • Use custom notification text

This lets you put a message that sounds like it’s actually from your own company when a webpage gets blocked. This means you can put in contact details or a process you want users to follow when they hit a site – which could be sending an email or calling helpdesk.

Here’s how the custom text and logo looks on a blocked page:

The custom branding will appear above this warning as a banner and a small logo for your company.

If you haven’t set up branding already, have a read on Microsoft Docs on how to do it for Azure AD and Microsoft 365 (do both!).

Is Bing Good Enough To Replace Google in Australia

Interesting times in Australia, with a standoff between Google and the Australian Government about news revenue. Google has given mixed messages around if they’d completely pull their search engine out of the Australian market – we’ll have to wait and see what happens there.

The idea that Microsoft can fill the void with Bing has very mixed responses out there, and without any real evidence I’d say there’s much more of a negative view of Bing than positive. Ausdroid have a good summary of what’s being said so far:

The last part of the article says

Personally, I am not sure Microsoft’s Bing search could fill the void. There is potential for it, but given how much Google and its services have been so entrenched into our society for decades, I think it will take time for Microsoft’s Bing to become the go-to search function Google is now, if it ever can.

https://ausdroid.net/2021/01/31/microsoft-to-scomo-we-can-fill-the-google-void-with-bing/

I agree that this is a fair take on the state of Bing. I’ve personally tried to use it a few times and had less than ideal results vs Google, but it’s been a while since I last tried. Let’s try again on some searches off the top of my head, and see what the results are (and honestly I don’t know what I’m searching for yet, none of this has been pre-planned trying to get to a particular outcome).

To be fair, I’ll use Microsoft Edge browser in InPrivate mode for Google searches, and Google Chrome in Incognito mode for Bing searches:

Search 1: ‘Adam Fowler’

Some different results on the main page, but scrolling down both have this website (yay). Google has more results on the first page that are actually me, but Google claims 53 million results, while Bing claims 4 million. That’s a huge difference – does it matter? I’m not sure…

Search 2: ‘windows search exited without properly closing your outlook data file’

I grabbed the last error I could find from a Windows PC and searched for it. Both engines came back with answers.microsoft.com then social.technet.microsoft.com as the first two hits, then the results are a bit mixed with both having reasonable results. I was expecting better results from Google based on my historical experience, so I’ll try another techie search next.

Search 3: ‘how to move user to skype for business online’

This is something I actually needed to do. The first result is the same again

Search3b: ‘move-csuser cannot find user in active directory with the following sip uri’

After following the instructions, I hit an error, so searched that on both options. The first result was different, both were correct, but the Bing result was a much clearer and better written article. Again, this wasn’t the outcome I had expected.

Search 4: ‘the good guys gepps cross

I remembered I needed a receipt for a Fridge I’d just bought – I’d normally search the store name and location in Google. The Google results nailed it, with the business info on the right hand side. Bing thought I was asking about the suburb and showed me where it was, but the first results are still useful – just not as useful as Google’s. This is the biggest area I’d like to see Bing do better in.

Search 4a: ‘mod pizzeria’

A local pizza shop that I like. Without defining anything but the name, Google again gives me all the details I want about the business. This time though, Bing did a better job. Below the irrelevant (for me based on my location) information on Mod Pizza (which is different to what I typed), the correct details were below about the business.

Search 5: ‘Google Chrome Download’

Let’s see if Google and Bing like each other. Both results fine, although the Bing ad I prefer with the actual ‘download’ button. Bing gave some encouragement to get Edge though which is a bit intrusive, but at least it’s clear it’s ‘Promoted by Microsoft’.

Search 5b: ‘Microsoft Edge Download’

Both engines giving the right link first up again which is good to see.

Search 6 – image search ‘Capybara’

This looks on par for both engines, both have the ability to filter by time/license/size etc.

Search 7 – Shopping ‘fridge’ and filtering to ‘Westinghouse

OK, here’s an area that Bing fails. All the results are from eBay AU and that’s it. Google however, shows a bunch of well known retailers in Australia. Google wins the Shopping section by a long way, and it doesn’t look like they’ve really focused on the Australian shopping market yet.

Search 8 – Videos: Lano and Woodley

An Australian comedy duo – how do the results look for a video search on them? Bing seems happy to give YouTube and Facebook results, while Google seems to prefer a few Australian websites with their clips on as well as YouTube. At a guess, Bing isn’t scraping Australian sites so well for video clips – but if you’re searching for Videos on a search engine, you’re probably wanting YouTube anyway. I think both engine results are fine here.

Overall, the results were a lot better than I expected. I’ll also still agree it’s not on par with Google yet, but with a focused effort it seems like an achievable goal.

Of course, I’ve only done a few tests, but personally I’m going to change my search engine to Bing and see if any frustrations come up – if they do, I’ll add it to this post.

Let’s see what happens!

Update 4th February 2021

Microsoft released a public statement which included this dot point:

We will invest further to ensure Bing is comparable to our competitors and we remind people that they can help, with every search Bing gets better at finding what you are looking for.

https://news.microsoft.com/en-au/2021/02/03/microsoft-supports-australian-government-proposal-addressing-news-media-and-digital-platforms/

Which to me sounds like they admit they might not be as good as Google in this space yet, but will put more effort into doing so. Let’s hope that happens.