Microsoft TechCommunity Top Posts January 2022, Week 3

Posted on by Adam Fowler

Another week, a bunch more TechCommuntiy posts. Here’s my picks of interesting ones:

Task management tips for Planner beginners

Getting started blog posts are always valuable. I particularly like the first image, showing an overall diagram of what makes up the Planner view. To me it’s (almost) all fundamental stuff I worked out, but it’d be quicker to read this then start using it than fumble my way through :) One thing I hadn’t done before was creating a Task from a Teams message which is a nice workflow option.

Microsoft Defender for Office 365 Ninja Training: January 2022 Update

There is so much good content in the Defender Ninja Training (Office 365, Sentinel etc, all of the different parts!) and once you’re caught up, you can keep up to date monthly with these posts that show what’s changed or new. Now all we need is more time to watch all the content!

Why you shouldn’t set these 25 Windows policies

There’s still someone that cares about Windows Updates, and even WSUS aligning with Group Policy settings in Microsoft, and it’s Aria Carley. Clean up some unused settings if you’re on Windows 10/11, and understand the real world impact of other settings acting maybe not the way you’d expect, with recommendations and links to official doco. I also don’t know what GP and CSP recommendations are as per the comments (GP = Group Policy officially, CSP = Customer Services Provider team inside Microsoft? I always get these wrong), but I’m sure that’ll be explained soon.

“Architecting Adelaide” 🎙 – The Intrazone podcast

The guys didn’t tell me about this one! My old user group in Adelaide that I had to hand over in 2021 is now being run by these awesome guys:

and they were on the Intrazone podcast talking about their IT Pro experiences. Well done you three :)

Getting started with Azure Bicep

As someone who doesn’t deep dive into Azure, I was wondering what Azure Bicep even is. Sonia Cuff explains this and demonstrates how it’s a simpler language evolved from JSON, and that the language can be translated back and forth betwen the two – but the result is templates that are easier to write, especially for those who aren’t developers.

Windows 10 or Windows 11 GPO ADMX – Which One To Use For Your Central Store?

If you’re starting with Windows 11 and have Group Policy still running, you need to read this. It’s not a great state to be while transitioning with all the catches and gotchas. Why they didn’t just have a separate set of policies for Windows 11 and have on the comments on each GPO what versions of Windows it applies to is unclear. There’s a few angry comments already on this. My personal take is that there’s no real benefit of jumping to Windows 11 yet for the enterprise (home it’s fine), so sit tight and wait for some of these things to settle, or at least be clearer as others work them out.

Security baseline for Microsoft Edge v97

There’s 1 new recommendation and 15 new settings (for computers and users) in the latest version of Microsoft Edge. These come out with each version of Edge, so you need to keep up to date and review any recommendations each time. Weirdly, the setting they recommend to turn off “Enhance images enabled” isn’t visible on Edge v97 installed on my home PC or work PC logged in with different profiles, but it should still be disabled in Group Policy so you’re not uploading internal company images to Microsoft to ‘enhance’ them. I question that if the recommendation for Enterprise is to turn it off, why is it safe enough for consumers to use, who I’m sure would have photos at times opened in their browser they don’t want invisbily uploaded? Maybe there’s something else to the recommendation I’m missing, like keeping your data in the country you want where the service could put it anywhere…

Securing Critical Infrastructure with Microsoft Sentinel & Microsoft Defender for IoT

The real answer to this is ‘IoT shouldn’t be on the same network as anything you care about, especially in Enterprise – or just don’t use IoT in Enterprise at all’ is a pipe dream, at least you can monitor what your IoT devices are doing in Sentinel. Looks pretty easy to connect up, but of course just having Sentinel ingest logs isn’t really a 24/7 SOC solution, you need people on top of this.

That’s it for this week, as always you can see the entire feed of TechCommunity posts at https://twitter.com/MSITTechNews and you can see my previous TechCommunnity picks here https://www.adamfowlerit.com/tag/techcommunity/

Microsoft Teams PowerShell Phone Number Assigning Cmdlet Change

Posted on by Adam Fowler

Microsoft has sent out an announcement on PowerShell changes for setting and removing phone numbers in Microsoft Teams:

Changes coming to phone number assignment using Teams PowerShell Module cmdlets
MC316139 · Published 19 Jan 2022

In summary, these commands are being deprecated “The retirement is planned to begin in early April and be complete by mid-April.” :

Set-CsOnlineVoiceUser
Set-CsOnlineApplicationInstance
Set-CsOnlineVoiceApplicationInstance

and Set-CSUser can’t be used to allocate phone numbers either. I’d been allocating numbers with the Set-CsOnlineVoiceUser command. The replacement for this is:

Set-CsPhoneNumberAssignment and Remove-CsPhoneNumberAssignment

They run under the MicrosoftTeams module for PowerShell, but you also need to make sure you have the latest version. If you don’t have a version that supports this new command, you’ll get the error:

Set-CsPhoneNumberAssignment : The term 'Set-CsPhoneNumberAssignment' is not recognized as the name of a cmdlet,
function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the
path is correct and try again.
At line:1 char:1

To update, run the command:

Update-module MicrosoftTeams

Then try the above cmdlet again. If you’re feeling really brave, you can update all your modules with:

Update-module *

Disconnect or restart PowerShell or you’ll get problems running the new cmdlet if you had it connected while updating.

The new cmdlet Set-CsPhoneNumberAssignment doesn’t work exactly the same way as the old cmdlets. Read the documentation for more details

Set-CsPhoneNumberAssignment -Identity [email protected] -PhoneNumber +61987654321 -PhoneNumberType CallingPlan

The options for -PhoneNumberType (required) are DirectRouting, CallingPlan and OperatorConnect.

I’d suggest testing and migrating soon, before you miss the April deadline of the command being dropped.

Screenshot on Windows 11

Posted on by Adam Fowler

Screen Shot on Windows 11

How to take a screenshot without any extra software

  • Pressing Windows key + Shift + S will bring up the Snip & Sketch App
  • Pick from the 4 choices – Rectangular Snip, Freeform Snip, Windows Snip, or Fullscreen Snip
  • Click on what you want to screen shot
  • Use the Notification Area in Windows 11 to view, edit and save your screen shot.

Although you can still use the Print Screen button to take a screenshot of everything you can see across all monitors, or Alt + Print Screen to take a screenshot, this will purely add that image to the clipboard. You’ll then need to paste it somewhere to have a copy of it to work with and save.

Snipping tool provides a few more handy functions compared to Print Screen, and you don’t have to open the program to use it, you can just use the key combo Windows logo key + Shift + S all at the same time.

Once you’ve taken a screenshot, it will immediately be available on the clipboard too, so you’re able to paste it straight into a document, email or anywhere else that will accept clipboard images.

You can also just launch Snipping tool to use the ‘New’ button, after selecting what sort of screen shot you want – Rectangle mode, WIndow mode, Full-screen mode or Free-form mode.

Also, if you’re wondering – is it ‘Screen Shot’ or ‘Screenshot’ – both are acceptable according to dictionary.com.

Network and Sharing Center – Windows 11

Posted on by Adam Fowler

Network and Sharing Center

How do you find the Network and Sharing Center in Windows 11?

  1. Press the ‘Start’ button
  2. Type ‘Control Panel’ and click the shortcut to Control Panel
  3. Click ‘Network and Internet’ (skip this step if your ‘view by’ isn’t set to ‘category’)
  4. Click ‘Network and Sharing Center’

Applies To: Windows 11

The Network and Sharing Center can be a bit hard to find in Windows 11, and there’s several ways to find it. The quickest way is by following the instructions above.

If your Control Panel looks like this, then you can click straight onto ‘Network and Sharing Center’:

The Network and Sharing Center is part of the classic Windows Control panel, and being replaced by the more modern Network & internet area of Settings:

Hornetsecurity Overview – 365 Total Protection

Posted on by Adam Fowler


The Microsoft 365 Suite contains a lot of different solutions; and varying levels of security on those solutions, depending which tier of licensing you have. Microsoft’s security answers have varying levels of user experience, technical requirements, and administrative burdens.

For example, if you’ve used Microsoft native solutions to look at mailflow regularly compared to third-party solutions, you’d probably agree that Microsoft do not provide a quick and easy experience in troubleshooting why an email didn’t arrive. If you have to go back more than 2 days, then you’ll potentially have to wait a few hours just to get the results of the mailflow steps.

Third-party solutions must compete with Microsoft in their own space for security solutions, which means they need to be adding value somehow; cheaper, easier to use, more features, and/or quicker.

Hornetsecurity’s answer to this is their 365 Total Protection solution. I’m fairly experienced with Microsoft’s first party offerings, and a few other third-party mail security solutions, so was interested to see how this stacked up and where it might fit.

Hornetsecurity shows the 3 different tiers of licensing, and an option to start a free trial:

The above pricing based on the feature set seems quite reasonable to me, and from the page you can click on each feature and see more information including a screenshot.

The free trial process is well documented – the first page lays out what you’re in for which will unsurprisingly require tenant admin access to approve tenant permissions for Hornetsecurity.

Once you accept the permission request, a synchronisation will start. As I’m doing this in my own tenant of 1 user, it took about 20 seconds to perform. You’ll then need to update MX records so mail flows through the Hornetsecurity service, so it can do many of the services listed.

Not all services rely on mail flow, there is also an Outlook add-in. For older versions of Outlook it can be downloaded and installed like a traditional add-in, or there’s the much nicer modern method that’s controlled from inside Microsoft 365 admin center to deploy and show for users (I wish more vendors did this!).

Either way, the Outlook add-in provides several functions such as being able to report emails, block/allow emails, and view archived emails.

Some other notable features of the 365 Total Protection solution:

  • Email Archiving – something Microsoft can do, but don’t do a great job of exposing the archived emails. 10 years of email retention should be more than enough for most companies, and even if you have archiving enabled in your tenant natively, this gives you a backup of all your emails.
  • Email Live Tracking – a real time view of mail flow that works quickly and doesn’t require reports to be generated after 2 days that are CSV files.
  • Individual User Signatures – Centralised signatures that are also monitored for people who decide to change them away from the company standard. Different groups can get their own style of signature too. Microsoft still has nothing in this space natively and is still in the early days of having a signature saved to someone’s profile.
  • eDiscovery – Being able to search quickly across all emails in the company for keywords is a handy thing. Another one that Microsoft can do, but it’s clunky and far from quick.
  • Email Continuity Service – If Microsoft’s mail services go down, you can keep going until they’re back – delivering and sending emails directly through Hornetsecurity, then syncing up what happened after the event.
  • Automated backups for mailboxes, Teams, OneDrive and Sharepoint – this is really where all your Microsoft 365 data will live. Again, it gives you somewhere this data can be backed up and restored outside of Microsoft’s ecosystem.

There is of course a lot of security aspects to the solution such as Forensic Analyses, URL Malware Control and Realtime Threat Reports, but I quite like the Malware ex-post alert and Malware ex-post deletion. Malicious emails that get through on any system (and I’ve seen this with other third-party solutions as well as Microsoft) need to be detected and cleaned up, as well as investigated on whether anyone clicked the link. This ties into URL Malware control, which will do URL rewriting. Microsoft do this natively, but I’ve found the cleanup aspect can take a little while to perform and isn’t a seamless process from detection to cleanup.

One last point – it is good to see that they have a data centre in Australia as I see many of these companies ignore our region, which makes it hard when you need to keep your data in-country.

I look forward to playing around with Hornetsecurity further. If you’re curious too, then check out their free trial here.