Microsoft

Set Microsoft Edge as Default Browser One Time

The New Microsoft Edge browser is great and everyone should use it :) Especially if you’re still on Internet Explorer, you can make Edge use IE mode for the sites you have that still require IE, without having to actually use IE.

I had a scenario where I wanted Internet Explorer users to be changed to Microsoft Edge. Previously, we’d had business requirements to set IE as the default – but now that’s no longer required, I wanted to flip their default. At the same time, I didn’t want to change Google Chrome default browser users as they’d already made that choice, and didn’t want to shove a similar Chromium browser down their throats.

As per Microsoft’s doco https://docs.microsoft.com/en-us/deployedge/edge-default-browser you can use an XML file with default associations, and use Group Policy to point to that XML. It doesn’t stop users from changing the associations, but it does reset the associations each time the user logs in – so not ideal if you want to set a default, but also allow flexibility.

I worked out how to do this based on current default browser and using GPO still, so here’s what I did:

As per the doco above, create an XML file that sets Microsoft Edge as the default application for certain protocols:

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations> 
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".html"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".htm"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="http"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="https"/>  
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgePDF" Identifier=".pdf"/>
</DefaultAssociations>

Note that .PDF is included, so if you’d rather not default .PDF files to Microsoft Edge, remove that line from the code.

The Group Policy in the doco to set this XML is called Set a default associations configuration file – and all it’s doing is populating a registry key. Instead of using the Group Policy setting, create a registry setting to apply a value to:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
DefaultAssociationsConfiguration - REG_SZ - Path to XML e.g. \\dfs\share\defaultapplication.xml

The Group Policy registry setting will look like this:

We only want this registry setting to apply when the default browser is IE, and not apply any other time. We can use two options to do this – Remove this item when it is no longer applied, and Item-level targeting:

“Remove this item when it is no longer applied” will remove the registry setting when the item-level targeting condition is no longer true, which will stop the default browser applying again and again once the default browser isn’t IE.

“Item-level Targeting” is where we’ll check another registry value to see if IE is the default browser.

This is checking the registry key path Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

and the Value name ProgId

and the Value Data IE.HTTP

Only when all this is true, will the XML reg key apply. Next time someone logs on, the default program associations file will be read and apply the new browser default. Then, next time Group Policy evaluates, the registry setting will be out of scope and removed, so the default program assocations file registry setting will be removed.

For reference, Chrome will be the value ChromeHTML and Edge will be MSEdgeHTM.

This method worked quite well and gave me what I was after – a one time change from Internet Explorer to Microsoft Edge, without bothering Chrome and Firefox users.

Note that this will also keep kicking in if the user changes their browser default back to Internet Explorer, which might be what you want – but if not, you’d need to add another Item-level target using a flag file or registry setting to mark that the default browser has already been applied once.

Synology DiskStation Office 365 Backup Review

Synology sent me a new DiskStation to review after I’d acquired an older one myself to look at it’s ability to back up Office 365 data (or Microsoft 365 Data as the Office 365 name seems to disappear). Being a Microsoft MVP in Office Apps and Services category, so I was very interested to see how it worked.

After reading up on and seeing that it was a completely free piece of software available as part of owning a DiskStation, I was hoping this would be a good solution at an incredibly low price – buy your DiskStation and disks, some time to set it up, and you’re done. To me, that’s already a very appealing offering, along with Synology having a good reputation for maintaining and supporting their hardware several years on – which was proved by the 7 year old DS1813+ I set up a few months ago.

I’ve left the new Intel-based DiskStation 1618+ – Quad Core CPU and 4GB RAM (expandable) running for about a month now, backing up my Microsoft 365 tenant’s data. I ticked ALL the options to see how it went. This tenant is just for me, so the data set is smaller than most tenants – but I do run a few live things through it like email and OneDrive. There’s also a little SharePoint Online data from Micrsoft 365 Groups and Teams I’ve played around with.

Here’s what the dashboard looks like now:

Some useful information there around what’s being backed up and how big it is. You might notice there’s a few errors on the summary. I drilled into those and each was because ‘The Microsoft Server is busy’, and a few minutes later it would try again successfully.

This is likely because I used a backup option to get incremental changes, rather than at a set time. Maybe I’m hitting it too much and getting blocked occasionally.


I know I’ve gotten ahead of myself here, so let’s go back to how to set this up. Assuming you have yourself a Synology DiskStation of some sort that supports ‘Active Backup for Office 365‘ – and which models are those? Here’s the list:

  • 20 series:FS6400, FS3600, FS3400, RS820RP+, RS820+, DS920+, DS720+, DS620slim, DS420+, SA3600, SA3400, SA3200D
  • 19 series:RS1619xs+, RS1219+, DS2419+, DS1819+, DS1019+, DVA3219
  • 18 series:FS1018, RS3618xs, RS2818RP+, RS2418RP+, RS2418+, RS818RP+, RS818+, DS3018xs, DS1618+, DS918+, DS718+, DS418play, DS218+
  • 17 series:FS3017, FS2017, RS18017xs+, RS4017xs+, RS3617xs+, RS3617RPxs, RS3617xs, DS3617xs, DS1817+, DS1517+
  • 16 series:RS18016xs+, RS2416RP+, RS2416+, DS916+, DS716+, DS716+II, DS416play, DS216+, DS216+II
  • 15 series:RS815RP+, RS815+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, DS415+
  • 14 series:RS3614xs+, RS3614RPxs, RS3614xs, RS2414RP+, RS2414+, RS814RP+, RS814+
  • 13 series:RS10613xs+, RS3413xs+, DS2413+, DS1813+, DS1513+, DS713+
  • 12 series:RS3412RPxs, RS3412xs, RS2212RP+, RS2212+, RS812RP+, RS812+, DS3612xs, DS1812+, DS1512+, DS712+, DS412+
  • 11 series:RS3411RPxs, RS3411xs, RS2211RP+, RS2211+, DS3611xs, DS2411+, DS1511+, DS411+, DS411+II

From the DiskStation desktop, open Package Center and follow these steps:

This was a very easy setup to do – I took screenshots of every step involved, but it barely needs an explanation for anyone who’s an admin of a Microsoft 365 Tenant.

The program will then go off and start backing up what you told it. The ‘Activities’ section of Active Backup for Office 365 will show any backups running, and you can also use the inbuilt ‘Resource Monitor’ to see upload/download speeds, disk utilization etc.

It’s also worth noting that the backup you created has an ‘account discovery’ option where it’ll find any new accounts created and automatically add them to the backup, which is great for not having to change backup settings each time you have a new user start.


Running a backup is great, but how do you restore the data? There’s a second app you’ll need, ‘Active Backup for Office 365 Portal’. Launching this will take you to a web interface where admins can browse all data, and users can browse just their own (user access can be disabled if you prefer).

On this web interface, you can then find the file(s) you want to restore, and restore them. You also get a nice timeline down the bottom so you can move backwards and forwards to see a snapshot of a certain time.

Although Mail, Calendar, Contact, and Site (SharePoint) support searching across all backups for names and contents, at the time of writing this isn’t possible for OneDrive backups. It’s worth being aware of this – if someone requests a file restore you’ll need to know exactly when from. I don’t see this as too much of an issue though, as OneDrive has great version control natively, and an automatic recycle bin – so you’d probably rely on the native solution for finding a file, but still it’s worth knowing this existing limitation.

That was the only slight negative I could find while testing. Everything else just worked, was quick to browse and restore, and incremental backups appeared to be on the DiskStation within several seconds after creating a new file in OneDrive.

Again, this is an incredibly cheap Office 365 backup solution. Some may question if you need to back up Office 365 at all. You could set up infinite retention against all content, so why take a backup? To me it’s a definite grey area, and partly depends how much you value the data. Microsoft may never lose your data, but will it be available 100% of the time? What if that important document is in your OneDrive and hadn’t synced down, and there was an outage? We’ve seen a few outages lately, including ones that have broken authentication – your data is still there, but you can’t get to it. In that scenario, having a local copy of something time sensitive could be worth it. Considering the relative low cost of buying a Synolgoy DiskStation – your disks are probably going to cost more than the unit itself, I consider it a pretty easy sell.

Enabling Dictation in Windows 10

Dictation is a pretty cool feature in Windows 10. Press Winkey + H, and up comes a small prompt in the middle of your screen telling you it’s listening – you can start talking, and your words start appearing wherever your cursor is.

Not only that, but you can give commands like a light version of Dragon NaturallySpeaking such as ‘delete test’ to delete the last word ‘test’. Or ‘Select the next three words‘ to highlight them – basic cursor management you’d normally need a mouse for.

A managed Windows 10 computer however, may not have all the components required to use Dictation, and a user may not have the access to download the speech packs themselves.

I hit a problem where Dictation would say ‘Download a Speech package for dictation’, but clicking that link would take me to settings and show that it was already installed. An admin of the PC doing this however, would somehow trigger a component to install and Dictation would work fine.

An admin of the PC doing this however, would somehow trigger a component to install and Dictation would work fine.

Under the user context, going to the Speech settings would show all the options as greyed out and blank:

After raising this with Microsoft Support, this was the method we found to make it all work:

These are the components that I required for Dictation:

• Language Basic component
• Language Text-to-speech component
• Language Speech component

These components are available to download via the “Windows 10 Features on Demand Pack 1” which you can find in your MSDN My Visual Studio downloads (the latest being version 2004). You’ll probably need a subscription for this.

Features On Demand are also available via Windows Update but this may not help you if you have a WSUS server.

The resulting ISO, e.g. en_windows_10_features_on_demand_part_1_version_2004_x64_dvd_7669fc91.iso will contain a separate .cab file for each feature. From this, it’s then a matter of using the DISM tool to inject each feature into Windows 10:

Dism /Online /Add-Package /PackagePath:F:\Microsoft-Windows-LanguageFeatures-Basic-en-au-Package~31bf3856ad364e35~amd64~~.cab 

Note you can add multiple packages to the above command, so could do all three with a single line. If you want to know what packages are already installed on a Windows 10 device:

Dism /Online /Get-Packages 

Privacy

There’s one big other catch with Dictation. You’ll need to enable ‘Online speech recognition’ which leverages Microsoft cloud based services as part of using Dictation.

If you’re running a computer that’s logged on under a Microsoft account, everything you say is being captured. You can view this data here and choose to delete it:

https://account.microsoft.com/privacy/activity-history?view=voice

I’m still clarifying how this works in other scenarios, and will update this blog post if I find out any more information.

If as a company, you’ve decided and accepted this scenario, you can toggle the option on for users using this registry setting:

HKEY_CURRENT_USER\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy

HasAccepted DWORD

0 = Off

1 = On

Maybe you won’t need to do any of the above at all – but it’s worth understanding what’s out there, and if you understand and accept the privacy aspect; and if you do, then promoting it to your userbase as a potentially big timesaver… especially for those 1 finger keyboard typists!

It’s also worth nothing that several Microsoft 365 products include Dictate inside the app, more about that here.

Connecting to Skype for Business Online via PowerShell in a Hybrid Environment

I’ve been caught out by this twice and it’s taken me a while to find the rather simple answer.

Most instructions give you a pretty simple way to connect to Skype for Business Online (or they’ll just call it Skype for Business). You install the module via executable, downloaded from Microsoft, and then try to run the following PowerShell commands (or some similar variation):

Import-Module SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -UserName "admin@contoso.com"
Import-PSSession $sfboSession

If you don’t have Skype for Business On-Premises, it should just work. If you DO have it and set up hybrid, you’ll probably get this error:

Unable to discover PowerShell endpoint URI.
At C:\Program Files\Common Files\Skype for Business
Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:155 char:9
+         throw $resources.DiscoveringEndpointFail
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Unable to disco...l endpoint URI.:String) [], RuntimeException
    + FullyQualifiedErrorId : Unable to discover PowerShell endpoint URI.

Or, you might get this error if you managed to get the interactive logon to pop up first and then entered your credentials there:

Get-CsOnlinePowerShellAccessToken : One or more errors occurred.
At C:\Program Files\Common Files\Skype for Business
Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:214 char:28
+             $accessToken = Get-CsOnlinePowerShellAccessToken @params
+                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-CsOnlinePowerShellAccessToken], AggregateException
    + FullyQualifiedErrorId : System.AggregateException,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellAccessTo
   ken

There’s a huge amount of potential fixes offered, but for me it was one simple switch, which I found thanks to enterinit.com – use the -OverrideAdminDomain switch.

Import-Module SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -UserName "admin@contoso.com" -OverrideAdminDomain “yourtennant.onmicrosoft.com”
Import-PSSession $sfboSession

Really easy fix, but the errors really don’t make it sound like this could be your problem. Now the next time I try to connect, I’ll re-read my own blog post to remind me of this switch :)

Note: I had to connect to this to make a Microsoft Teams change!

Microsoft Briefing Emails Are Coming

More Microsoft driven emails will be hitting your user’s mailboxes if you’re a Microsoft 365 Customer.

The last ones I wrote about were MyAnalytics, and now we have Microsoft Briefings. The first I heard about this was an admin email I received, which I think is a good idea that Microsoft are following, probably from feedback when they rolled out MyAnalytics and many IT Admins were caught unaware:

So, as you can read above, Microsoft Briefings reads what the users are up to, and presents it to them in hopefully a useful fashion to catch emails they might have missed that sound like they need actioning, will give some ideas on how someone can be more efficient and healthy etc

I received my first email today, and here’s how it looked:

I blurred out the email that I’d already actioned, and marked it as completed. Just like MyAnalytics, these emails are only visible by someone who has access to your mailbox – the emails that turn up don’t traverse the internet like other emails; instead, Microsoft are popping them up straight into the mailbox. You won’t find any mailflow trackings of these.

A user can opt out if they don’t like them, or an admin can follow the documentation to pre-emptively disable this on a user by user basis. There appears to be no org-wide setting to disable, so if you need to disable it, make sure you include it as a provisioning step for new users too. See the update at the bottom of the page.

There’s also a portal users can use to unsubscribe: https://cortana.office.com/

Once the magic Microsoft switch is set to ‘on’ for your tenant, users will get an email every day that they have some sort of content to be in the briefings email – if there’s no content, there’s no email.

Just like MyAnalytics, I recommend communicating this soon to your company that the emails are coming. Some people might not like it, but preparing staff for a something that can help them should help with adoption, rather than an out of the blue starter email.

I’m keen to see how effective the Briefings emails will be and how much value they provide. I think it’s a good idea, and as long as it works as the box describes, should add value for staff at the start of each day to remind them what they’ve got going on, and potentially pick up something they forgot to action.

Update 17th June 2020

Microsoft have listened and acted quickly – you can now toggle this feature on or off at the tenant level. To do so, go to the Microsoft 365 admin center, and under Services > Org settings, the Services tab contains the item ‘Briefing emails (Preview)’. From here, there’s your tickbox to turn it off or on.