Microsoft

Access An Exchange Online Mailbox Without a License

This is just a quick one. Most Office 365 admins will hopefully have a separate admin account to perform higher level tasks, compared to their normal user account.

Because of this, the admin accounts shouldn’t need any licensing, because they’re not being used like a normal user. One person shouldn’t need to have two sets of licenses – but there are some problems that can come up because of this.

For example, if you want to use your admin account to access someone’s mailbox, that can be difficult when you don’t have a mailbox yourself to log onto, to then open another user’s mailbox. Outlook can be used to work around this, where you set up a profile for the email address of the user you want to access, but enter your admin credentials when prompted:

Your Name is just a display name field, email address needs to be the user’s email. Don’t enter a password here and click ‘Next’
This login page will start by showing the user’s email address, use the option ‘Sign in with another account’ and use your admin account.

The above works OK, but is a little time consuming if you’re accessing a mailbox for a quick check.

If you try to go to Outlook Online, you’ll get a message saying your admin account doesn’t have a license or a mailbox. To get around this, you’ll need to use a URL like:

https://outlook.office.com/owa/user@mydomain.com/?offline=disabled

so it jumps straight to that user’s mailbox, assuming you have access rights to it, and have waited a few minutes for the rights to apply.

Using the URL method is really quick way of accessing another user’s mailbox without needing a license yourself.

Disable Windows Defender Summaries via Registry

Windows Defender does some great stuff, but in my opinion one of the more ‘noisy’ things it doesin Windows 10 is provide a frequent notification to say it’s working but hasn’t found anything.

Many users may find this notification unnecessary and breaking their work focus just to be told that their PC is fine. Especially in a business environment, they’d think that is someone else’s problem.

Windows Defender Security Center Settings

A user can turn these off themselves of course, in the Windows Defender Security Settings page under Virus & threat protection notifications. It’s possible to turn off all informational notifications, or untick certain types.

Although there is an inbuilt Group Policy to also turn off informational notifications, to me I’d still want users knowing a threat was found or something was blocked – those are useful to the user. However the recent activity and scan results is the one I’d suggest disabling, but there’s no Group Policy for that.

Luckily this is just a single registry key which I’ve found through using Procmon:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Virus and threat protection\

REG_DWORD: SummaryNotificationDisabled

Value: 1 (decimal)

This setting can be rolled out through Group Policy (even as a run once and don’t reapply) if you’d like users to have control over turning the setting on.

Microsoft Software Ready For Betting?

If there’s one thing difficult to accuse modern American tech companies of, it’s inadequate preparation. While the consumer-facing sides of these companies deal with exciting products, software updates, and things of this nature, the same companies are constantly working behind the scenes in order to enrich their offerings. This includes development, marketing, maintenance, and perhaps most interestingly, concept consolidation and patent acquisition.

There are constant examples of major tech companies quietly filing patents long before a product actually goes to market, from a given type of screen for a mobile phone to current rumors of Apple’s designs for augmented reality glasses.

One recent example of this that seems to have flown under the radar is Microsoft’s file for Patent No. 0125691. This came to light late in 2016, with notes that the patent application includes words and phrases like “real-time” and “determine payout of event” that appear to point toward a gambling application. Said one article on the development, it could be a critical piece of a future with widespread legal gambling in the United States.

In 2016, that still sounded very much like a future, because there was little publicly evident momentum toward establishing legal betting beyond places like Nevada and New Jersey. That all changed early in 2018 however, when a Supreme Court decision altered the betting landscape significantly. It remains up to individual states to legalize the activity (and you can track their progress here), but to put it in clear terms, it’s now legal to make it legal, if that makes sense. And that means the environment Microsoft appears to have been preparing for with this particular patent is closer to materializing than we might have once believed.

As to what that environment will look like, and what sort of activity Microsoft could ultimately get involved with, we might best look to examples set in countries where sports betting is legal. This has been the case in the UK for some time for instance, and the same can be said of Australia. In these countries there are numerous betting sites available, and they tend to be accessible both online and via mobile. It may well be that Microsoft is aiming for the higher end of all this as well.

It’s recommended that people looking for modern betting sites pay attention to in-play services, which essentially allow for real-time gambling and decision-making, but which aren’t necessarily available through some older platforms. Given that the patent, as mentioned, references the term “real-time,” it would appear that Microsoft is up-to-date on what bettors look for in modern sites or applications.

It’s still not crystal clear how or when the patent might be used. But we may find out sooner than we thought thanks to the progress of legal betting in the U.S., and it certainly sounds as if the tech giant is going to have its own services available in this area. 

OneDrive for Business – Turn Off ‘Allow Editing’ By Default

Every organisation has their own requirements and standards. For mine, I see a risk when the default action of sharing a document via OneDrive for Business is the ability to ‘Allow editing’ of any document sent out. It’s worse because that option is hidden behind the main popup when sharing a file, and you don’t actually see that you’re giving ‘modify’ access rather than ‘read only’:

OneDrive for Business default sharing popup
OneDrive for Business ‘Allow editing’ on by default

There is a way to change this default behavior though, and it’s not in the OneDrive admin center.

Instead, you’ll need to head to the SharePoint admin center (since the backend of OneDrive is SharePoint Online, this makes some sense). From here, go into ‘sharing’ and there’s an option around ‘Default link permissions’. You can change this to ‘View’ rather than ‘Edit’:

SharePoint admin center

The change was immediate from my testing, as soon as I went to share another file via OneDrive for Business, the ‘Allow editing’ option was unticked. This is only changing the default too, someone can still decide they want to allow editing and tick the box.

It’s worth considering what you should have as your default. The new versioning in OneDrive/SharePoint Online is really good, and will let a user easily roll back to a previous version of a document if something accidentally gets changed – but will your users be aware if something does change? It’s possible to set up an alert, but it’s a bit tedious: http://itgroove.net/brainlitter/2016/05/16/creating-alerts-documents-new-onedrive-business/

Hope this helps anyone considering rolling out OneDrive, or wants to start allowing external sharing.

Disable Internet Explorer Add-ons via Group Policy

Problem:

I’ve discovered an issue with the Skype for Business add-ons to Internet Explorer which causes pages with large amounts of text to freeze briefly when scrolling.

As part of a Skype for Business install, two add-ins get loaded. They use the same Class ID and DLL File, and provide options such as click to call links on phone numbers on a page:

With these addons loaded though, some sites lag and freeze that have large amounts of text; here’s a good example. Scrolling through the page for several seconds either through mousewheel or sidebar should result in a brief freeze lasting a second or two. Other browsers are fine (such as Chrome or Edge), and Internet Explorer is fine without the above add-ons.

I had a few people confirm this experience, including @CliffordKennedy (Thank you!)

Solution:

This seems to be a problem that was around a while ago, and possibly only occurs in less common circumstances. If you can live without the IE addin, the solution is to disable it. However for me, I couldn’t do this as the option was greyed out – plus that solution doesn’t work at scale.

Other solutions like disabling via the registry didn’t seem to work for this add-in either, it came back. Even removing the OCHelper.DLL file didn’t stop it loading! Uninstalling Skype for Business altogether worked, but that’s a bit too drastic.

There is a Group Policy however, called ‘Add-on List’ located under Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management. Here, you can add the Class ID and set the value to 0 for disabled, 1 for enabled, and 2 for enabled but users can disable/enable. More instructions from Microsoft here.

For this one I’ve chosen to disable, but the ‘enable and let users disable’ option is quite nice – it’d be even better if there was a ‘disable but let users enable’!

This worked for me, and the add-in is now disabled, and the scrolling issue is gone. In the meantime, I have a case open with Microsoft and can hopefully have the root cause resolved too.

 

Update 21st September 2019

Microsoft Support have told me there is no fix planned for this issue. With that in mind, if you need to use IE I’d recommend disabling the addins:

Skype for Business add-ins for Internet Explorer 11 Disabled