IT

How To Log Off Using Windows 10

How To Log Off Using Windows 10

  1. Click on the ‘Start’ button in the bottom left of your screen.
  2. Click the ‘Account’ button (which might be your own logo or picture. or just a grey circle with a circle and half circle inside it).
  3. Click ‘Sign Out’.
  4. You’ll now log off and be back on the Windows 10 login screen. Note that this isn’t rebooting your computer.

Applies To: Windows 10


Log Off

It can be a bit hard to find the ‘Sign out’ option in Windows 10 if you don’t know where to look.

The regular ‘Start’ > ‘Power’ option by default doesn’t present a ‘Sign out’ or ‘Log off’ option which people may be used to from older versions of Windows:

There’s also another trick; you can right click on the Start button (or press Win key + X) to bring up the Quick Access menu, which includes a ‘Shut down or sign out’ option, and within that, you can Sign out, Sleep, Shut down or Restart:

You can even open the Run window by using Win key + R, and type the command ‘Shutdown /r /t 0’ to Shut down the computer and restart (/r), and do it now (/t 0 is time, zero seconds):

First Contact Safety Tips in Exchange Online

I spotted a mysterious note while reading Microsoft Documentation about Anti-Phishing policies with an important note of a configuring a header to enable a message on certain emails that will say:

‘You don’t often get email from emailaddress@contoso.com. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification

or

‘Some people who received this message don’t often get email from emailaddress@contoso.com’

When I discovered this, I couldn’t find a google search result on X-MS-Exchange-EnableFirstContactSafetyTip beyond this single tip above. No instructions or details anywhere. It sounded like something I wanted though, and after some basic testing I couldn’t get it to work.

After raising it with Microsoft, it’s been clarified that this value needs to be set to ‘Enabled‘ – not ‘True’ or ‘Yes’. It was also recommended to only apply to emails coming from outside the organisation. This is fairly easily achieved via a Transport Rule, and you can narrow it down to certain recipients if you’d like to test it first:

At this stage I’m getting mixed results with it. In my Australian Microsoft 365 tenant, it’s adding the warning to the body of the email rather than a safety tip – I first thought this was probably an Outlook 2016 thing:

but the same happened in Outlook for the Web:

On my US tenant, it worked a bit differently in both Outlook 2016 and Outlook for the Web:

The tip appears at the top of the email but in a grey box, more closely resembling how it would look as a Safety Tip.

I’ve also seen the Safety Tip work on Outlook for the Web but only in a threaded email, and not at the top of the email – some weird things going on.

Anyway, it may be something worth playing with, but until we see more information about this feature, I’d leave it in testing mode only.

Simulate Attacks in Attack Simulator Requires MFA But I Already Have It?

“You must enable multi-factor authentication (MFA) to schedule or terminate attacks. Learn more about enabling MFA.

I wanted to play with the Attack Simulator in the Office 365 Security & Compliance Admin Portal – but with the enabling MFA warning, none of the ‘Launch Attack’ buttons were available to use. I’ve already set up MFA via Conditional Access though, so why am I seeing this?

At a guess, I wondered if it was actually detecting if MFA was used to log in. It wasn’t because the request was coming from a trusted IP address, which I’d configured in my test tenant to make it a bit less painful.

My hunch was right, I signed in elsewhere, went through MFA and look, the buttons now work:

Bit of a misleading warning – your MFA rules might be completely fine, so try signing in with MFA first before going to the Simulate Attacks page.

Microsoft Edge 87 Enterprise Considerations

Microsoft Edge 87 has now been fully released. There’s a few options in this that Business and Enterprises should consider:

Shopping

Microsoft by default, are enabling a bunch of shopping options in Edge. As per the article above, there’ll be coupons that’ll pop up, detections when there might be the same item you’re looking at cheaper elsewhere, and tab page enhancements to add extra shopping info about items.

I can already hear some of you saying you don’t want this in your place of business, so to disable it you’ll need to find the ‘Shopping in Microsoft Edge Enabled‘ GPO, located under User Configuration > Policies > Administrative Templates > Microsoft Edge default settings (users can override) / Microsoft Edge:

If you’re missing this setting, make sure you update your ADMX files by downloading from here and updating your central repository.

It’s good that this is under both force disable, as well as disable but let a user turn it on if they want. It’s not good that it’s on by default.

Friendly URLs

If you’re on Edge, you may have noticed this already. Copying a URL link from Edge, then pasting it somewhere that supports HTML code results in this:

AdamFowlerIT.com

instead of this:

https://www.adamfowlerit.com/

It’s another ‘on by default’ and although I can see certain use cases where this would be preferable, I’m fairly against changing the default copy/paste behavior that has been in place for decades.

If you copy a link and want to paste it as the link itself, you can use Ctrl + Shift + V instead of Ctrl + V … except right now, this doesn’t work in Office apps like Outlook or Word, and I’ve tested in both 2016 and 365.

Edge itself also has a new right click menu for pasting showing the options, but right click > mouse to menu, mouse to submenu, choose ‘Plain text’ is a bit clunky.

You can turn this off in the Edge settings, but again businesses and enterprises may not want this new feature in place, since some would more frequently be copying a link because they want the link itself, rather than a nice way to share it.

Again, Group Policy has a setting for this but this time it’s just a forced setting, rather than user changeable. If you want that, you’d need to deploy the registry setting as per the above article with a ‘apply once and don’t reapply’ option ticked.

The GPO is under User Configuration > Policies > Administrative Templates > Microsoft Edge > Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users

That’s a doozy of a name, and a doozy of a long dropdown menu with a ‘coming soon’ dropdown – none of these dropdowns actually match the description given.

I am a big fan of Edge, but it’s pretty obvious that the normal care that goes into updates just hasn’t happened in this instance. There’s already a fair bit of noise about this change, so who knows, maybe they’ll at least change the default behavior and not have it on?

My Feed

This one actually sounds really useful and lets both users and admins modify and present different sets of data arounds news and the organisation.

It has to be enabled in the Microsoft 365 admin center, which it was already on for me:

But, I’m missing some of the options selected in my Australian tenant. I checked my U.S. tenant and I see different things:

I’m not actually seeing the My Feed in my Australian tenant’s accounts, so I’d be guessing it’s either a US only thing at this stage, or it’s still rolling out. A bit annoying that this isn’t mentioned in the ‘My Feed‘ article or the original article mentioning the features that are now out, so hopefully the rest of us get it soon!

For the US tenant account though, it’s all there!

Synology Active Backup for Business Review and Walkthrough

Previously I’d already covered Synology’s Microsoft 365 Backup software which I was a big fan of, for simplicity of use and an incredibly cheap price point for a small to medium business as a Microsoft 365 data backup solution.

This time, I’m looking at Synology Active Backup for Business on their new DiskStation 1621xs+. Just like Microsoft 365 Backup, Active Backup for Business is free as long as you have a supported DiskStation model:

Applied Models

  • 21 series:DS1621xs+, DS1621+, DVA3221
  • 20 series:FS6400, FS3600, FS3400, RS820RP+, RS820+, DS1520+, DS920+, DS720+, DS620slim, DS420+, DS220+, SA3600, SA3400, SA3200D
  • 19 series:RS1619xs+, RS1219+, DS2419+, DS1819+, DS1019+, DVA3219
  • 18 series:FS1018, RS3618xs, RS2818RP+, RS2418RP+, RS2418+, RS818RP+, RS818+, DS3018xs, DS1618+, DS918+, DS718+, DS418play, DS218+
  • 17 series:FS3017, FS2017, RS18017xs+, RS4017xs+, RS3617xs+, RS3617RPxs, RS3617xs, DS3617xs, DS1817+, DS1517+
  • 16 series:RS18016xs+, RS2416RP+, RS2416+, DS916+, DS716+, DS716+II, DS416play, DS216+, DS216+II
  • 15 series:RS815RP+, RS815+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, DS415+
  • 14 series:RS3614xs+, RS3614RPxs, RS3614xs, RS2414RP+, RS2414+, RS814RP+, RS814+
  • 13 series:RS10613xs+, RS3413xs+, DS2413+, DS1813+, DS1513+, DS713+
  • 12 series:RS3412RPxs, RS3412xs, RS2212RP+, RS2212+, RS812RP+, RS812+, DS3612xs, DS1812+, DS1512+, DS712+, DS412+
  • 11 series:RS3411RPxs, RS3411xs, RS2211RP+, RS2211+, DS3611xs, DS2411+, DS1511+, DS411+, DS411+II

The support goes a long way back years wise, which is great to see. They have a comprehensive overview of this application and it’s abilities, but I’ll cover it all more briefly here while sharing my experience setting each type of backup up.

Installing the software on a Synology DiskStation is easily done via Package Center and a very quick activation process that requires a free Synology account:

After activating, you’ll immediately see the overview screen. At a glance, it gives a good idea on the sorts of things you can back up:

PC and Physical Server backups

Backing up a physical PC or Server is pretty easy, and the wizard takes you through the steps. Windows 7 SP1 and above is supported, as is Windows Server 2008 R2 and above, and needs the ‘Synology Active Backup for Business Agent’ installed. After a next, next finish, install, you’ll need to specify the IP/name of your DiskStation, and username/password:

After connecting and confirming the details, the PC is registered against Active Backup for Business, and the agent continues to run in the tray:

The agent will show when you last backed up, and if a backup is currently running:

No backups will run yet though, because we need to create a backup task back on Active Backup for Business. Again, a wizard will take you through this and let you choose what options you’d like for backup. I’m going to just back up everything, with the data compression and encryption options (which are default)

You then define when you want your backup to run – manually, or on a schedule:

I do quite like some of the options here – backup by event of screen locked or signing out is a nice way of making sure it doesn’t interrupt someone using the PC and slow things down while they’re actually working. Also having backup windows, so you can block out the working day if needed.

Next is the retention policy, a good way of reducing space taken – is there a difference between a backup 5 months ago vs 5 months and 1 day? Probably not, and very unlikely that you had something worth restoring on your PC only for 1 day.

At the end of the wizard and a summary screen, you have the option to back up now. I kicked this off, and the agent immediately showed the progress and events related to backing up.

This was a really easy and painless setup to back up a PC, but what about restoring? You can either create recovery media for a full restore, or you can use the Restore Portal to navigate through backups and pick what you’d like to restore:

The bottom time line lets you pick from what point in time you’d like to restore, with a dot showing each available time point.

Then, you can navigate through the disk you need, and go through the folders which match the file structure at the time of backup. Once you’re on the single file, multiple files or folder you want to restore, you can choose the “Restore” option to put the files back in their original location, or somewhere else, and decide if you want to automatically overwrite existing files or not.

Download however, will just download the file you selected like any other browser based download, or multiple files will come through as a single ZIP file.

File Server Backups

If you don’t want, or can’t have an agent on a file share, you can instead remotely back up via SMB or rsync:

After entering the remote server details:

It will verify they work, then let you set up a task:

The options are Multi-versioned, Mirroring and Incremental. They cover the different scenarios you might want to use – Multi-versions will take up the most space, where mirroring can only ever be as big as the source files, and incremental is half way between the two, without the versioning component:

You can then choose what to back up in the file share:

And then finish creating your task by giving it a name, telling where to backup the files to locally, and set a schedule.

The other option you’ll notice here is ‘Enable CSS for SMB File Shares’. If the source share supports this, then the backup can be taken without interruption to access of these files, which has been fairly standard for a while – so turn this on if you can.

The restore process is pretty much the same as PC / Physical Server, so I won’t go into detail on that part.

Virtual Machine

Both VMWare Hypervisor and Microsoft Hyper-V are supported Virtual Machine platforms. As I haven’t touched VMware for years, we’ll look at Hyper-V only. It’s worth noting that cross platform restores are supported – you can restore a Hyper-V VM to VMware vSphere too.

Creating a Hyper-V backup is again an easy process:

First, you’ll need to put in the Hyper-V Host details. If you’re trying to back up VMs on a Windows 10 laptop you have, there’s a few small requirements:

Set up WinRM by running ‘WinRM QuickConfig’ in an elevated command prompt. You’ll need to make sure none of your network connections are set to ‘Public’.

Have a local admin account ready to use, and allow SMB2 through the Windows Firewall by allowing ‘File and Printer Sharing’ on Private networks.

The Hyper-V Backup Task wizard will give you hints as to where you might be stuck, and at the end you’ll have your host listed:

The Hyper-V Virtual Machines will then be automatically detected and listed, but they’re not configured for backup yet – we need another task. Clicking ‘Create Task’ will start by asking you where you want your backups:

Then you can choose the Hyper-V VMs to back up:

One selecting, we have several settings we can configure:

The default options are shown.

Maximum quantity of concurrent backup device(s) can be up to 10.

Enable Changed Block Tracking – Only transfer blocks that have changed since the last backup, rather than all blocks to reduce backup times drastically.

Enable application-aware backup – Use Volume Shadow Copy to ensure consistency with backups

Enable data transfer compression – Suggested for slow networks to improve transfer rates

Enable data transfer encryption – Self explanatory :)

Enable source datastore usage detection – to prevent running out of space

Enable backup verification – Checks the backup when complete

Once you’ve selected the options you want, you’ll see the familiar Schedule Backup Task window, retention policies etc:

I always prefer an agentless backup where possible, so it was good to see no agent was required to backup Hyper-V VMs.

Backing up a Windows Server 2019 VM was rather quick – especially since the laptop hosting the VM was connected via Wifi.

Restoring is again pretty simple, you can navigate to the location of the backups and see a copy of the vhdx for each VM, with other files I expect keep other incremental change data:

The Restore Wizard starts by letting you pick witch platform you’re restoring to- Synolgoy Virtual Machine Manager gives extended options for management and recovery and is recommended for flexibility in production environments. For a lab, you should be able to get away without it:

Restore Type – Instant Restore and Full Virtual Machine Restore are the two choices:

You can then pick which VMs you want to restore and which restore points:

Restore Mode lets you choose if you’re replacing the current live VM, or restoring to a different location as a copy:

Finally, the summary screen with the option of automatically powering on the VM when complete.

Phew! That’s the runthrough of the backup types and restore options Active Backup for Business supports.

The dashboard gives a great ‘at a glance’ overview of everything going on, and we even have de-duplication of data! This is what it looks like with some real data in it, compared to the first screenshot of this post:

There’s a bunch of other first party Synology apps available too:

Plus third party apps:

And with solutions like Docker, you can use your Synolgoy to host many other solutions available in containers, and run them off this little black box.

I’ll say the same thing about Synology Active Backup for Business I did in my Synology Microsoft 365 Backup Review – this is pretty impressive for ‘free’. Yes, you have to buy the Synology DiskStation itself, and you’ll need disks, but that’s it. Even if you use it as a single nightly backup for having a local and quickly accessible restore point to provide as much business continuity as possible, it’s an entire solution at an incredibly cheap price point.

Because you can do both Microsoft 365 data AND Hyper-V VMs on this single device, it should be an option that any small to medium business should investigate. The interface is easy to use, the logs show detailed information about what’s going on – and even for a home business setup, it’s very much a set and forget event.