Recent

Connecting to Teams

April 27, 2021 | by iaur | posted as Connect to M365 Services, PowerShell

Install Microsoft Teams PowerShell module

Open PowerShell as an administrator then execute each line one at a time.

##########################################################

Install-Module -Name MicrosoftTeams

##########################################################

Connect to the service

##########################################################

Connect-MicrosoftTeams

##########################################################

Connecting to SfBOL (MFA)

April 27, 2021 | by iaur | posted as Connect to M365 Services, PowerShell

Scenario

  • You need to connect to Skype for Business Online PowerShell
  • You are using a service account that is enabled with MFA

Prerequisite

Getting information about the SfBOL forest of the service

1. Connect to Microsoft Teams

2. Run the cmdlet below

##########################################################

Get-CsTenant | ft Identity

##########################################################

Take note of the 2 (sometimes 3) character value of DC=lyncXX001

Steps

1. Download this local SfBol PowerShell module (since it is no longer available in MSFT’s hosting)

from https://www.virustotal.com/

3. Run below cmdlet one line at a time

##########################################################

$AdminUserName = "YOUR_ADMIN_HERE"

$URI = "https://adminXXX.online.lync.com/OcsPowerShellLiveId"

#Note: $URI value of XXX is the value noted in Steps 2.

Import-Module -Name MicrosoftTeams

Import-Module "%TYPE_HERE_THE_DIRECTORY_OF_SkypeOnlineConnector%\SkypeOnlineConnector.psd1"

#"C:\Users\John\Desktop\SkypeOnlineConnector\SkypeOnlineConnector.psd1"

$sfbSession = New-CsOnlineSession -UserName $AdminUserName -OverridePowerShellUri "$URI"  -Verbose

Import-PSSession $sfbSession -AllowClobber

Enable-CsOnlineSessionForReconnection

##########################################################

Reference

Configuring Modern Authentication

January 12, 2021 | by iaur | posted as Adminstration, Microsoft 365

Enable\Disable Modern Authentication for Office 365 Services

A.     Teams, Office Apps, and SharePoint Online is enabled with Modern Authentication by default

https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication#moving-away-from-legacy-authentication

B.      Exchange Online

1.      Connect Exchange Online using PowerShell

2.      Run the following cmdlet to verify the Modern Authentication status:

Get-OrganizationConfig | ft OAuth*

3.      To enable the modern authentication for Exchange online, run the following cmdlet:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
C.      Skype for Business

1.      Connect with Skype for Business online using PowerShell 

2.      Run the cmdlet to check the status of Modern Authentication status for Skype for Business online:

Get-CsOAuthConfiguration

3.      To enable modern authentication for Skype for Business online, run the following cmdlet:

Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

Verify Authentication Prompt Type

A.     Basic Authentication

onr ct 一 to 
Password

B.      Modern Authentication

Microsoft 
Sign in 
EmaiL Skype 
NO ECOuM? Create 
Cm•t

Troubleshooting Modern Authentication Issues for Office Clients

Outlook is not accepting password

Outlook keeps asking for password

Office apps keeps asking for credentials

If EXO Modern Auth is False, Account is MFA Enabled, Basic UI

A.     Create an App Password

B.      Use it as the Password

If EXO Modern Auth is True, Account is MFA Enabled, Basic UI

Go to: HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity

Add DWORD:

DisableADALatopWAMOverride= 0

EnableADAL= 1

If EXO Modern Auth is True, Account is MFA Disabled, Modern UI

Go to: HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity

Add DWORD:

DisableADALatopWAMOverride= 1

EnableADAL= 0

Alternately

In Windows 8, press the Windows key, type Run, and then press Enter.

In Windows 7, click Start, point to All Programs, click Accessories, and then click Run.

In the Run dialog box, type the following switch and hit enter key.

reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity /v DisableADALatopWAMOverride /t REG_DWORD /d 1 /f

reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity /v EnableADAL /t REG_DWORD /d 0 /f

Note:

The 1x.0 placeholder represents your version of Office (16.0 = Office 2016, 15.0 = Office 2013, 14.0 = Office 2010)

0 = Disabled

1 = Enabled

Reference:

DisableADALatopWAMOverride = disable the web accounts manager in Windows 10

https://social.technet.microsoft.com/Forums/en-US/32f705e9-b1eb-4e89-aba3-8d5561853a12/exchange-online-outlook-2016-password-loop?forum=outlook

EnableADAL = enable modern authentication for the Office client installed on the machine

Reference

https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

Why MFA phone verification fails sometimes?

November 10, 2020 | by iaur | posted as Failure, Microsoft 365

Scenario

  • If you are having problems in successfully complete the MFA verification calls
Why MFA phone verification fails sometimes?

Context

MFA phone verification fails sometimes or Microsoft 365 did not send me a code?

A U.S. system always produce these calls with a +1 caller ID.

The carrier within this connection likely doesn’t support dual tone multi frequency (DTMF). Therefore, MSFT never receive the # signal back from the user’s phone. As a result, failure of authentication may be encounter.

In other words, calls could get routed through a carrier between the source and target that doesn’t support or pass along the caller ID that MSFT sent.

If you attempt again within 10 minutes,

MSFT will choose a different PSTN provider to ensure a different routing and increase the chances of a successful connection.

Workaround

If you are on a specific country that are having a number of MFA phone verification fails intermittently,

By logging a support case, MSFT could run a deliberation to see if there’s a need for further fix within your location otherwise choose other methods such as the Authenticator mobile app or text message.

In conclusion, MSFT has given multiple options you can choose from for your best case scenario. More on securing Microsoft 365 here.

Can’t add custom DNS records types after pointing domain’s name servers to O365

August 15, 2020 | by iaur | posted as Failure, Microsoft 365

Scenario

  • You can’t add A record for your website routing
  • You can’t add custom DNS records type to Admin Center

This normally happened if you have only PartialRedelegation upon adding your domain. We need to change this to FullRedelegation especially if the NameServer is pointed to Microsoft 365 so that we can add other records like records for your website. 

Steps

  • Go to M365 portal > Settings > Domains.
  • Select the domain and click manage DNS.
  • Click on more option and choose “Set up my online services for me”.
  • Click continue until you reach to this page.
  • You can now add the IP address of the website during the set up.
  • Complete the set up and go back to manage the domain to see if you have a capability to add custom DNS types

404 Error prompt when accessing home page

August 5, 2020 | by iaur | posted as Failure, SharePoint Online

404 NOT FOUND error when accessing home page of a site**

This issue happens when the home.aspx (or any homepage of the site) is deleted.

**Please note that issue only applies to site collection with Communication or Private or Public Team Site (New Experience) template

Recreate the Home Page

  • Steps
    1. Append this /_layouts/15/viewlsts.aspx on the end of URL (e.g https://domain.sharepoint.com/sites/NameOfSite/_layouts/15/viewlsts.aspx)
    2. Once redirected to Site Contents, go to Pages
    3. On the Site Pages, click New > Site Page
    4. Type Home on the “Name your page” and add the necessary information
    5. Publish
    6. Note: If you opt to use different name on Step 4, go back to Pages and right click on the newly created page and select Make homepage.

Restore deleted Home Page

Website redirection to Domain Broker Service Ads

August 2, 2020 | by iaur | posted as Failure, WordPress

Scenario

  • You are getting a message about a Domain Broker Service advertisement
Domain Broker Service Ads
  • Your website intermittently redirect to a different webpage and sometimes on your website

Your domain is parked

Firstly, you must investigate your DNS entries and look for A record with the value named “Parked“. This is designed by GoDaddy to let the internet know that your domain is taken and at the same time does not have an existing website.

Moreover, domain Broker Service Ads campaign is then use by the domain broker service and advertise it to people that has interest to your domain name. In other words, your domain is up for a bidding.

DNS Checker- x 
(G) Domain Manag x 
6 dcc.godaddy.com/manage/thedailyexploits.co/dns?plid-l 
Records 
Last updated 7/21/20 1:14 PM 
Type 
CNAME 
CNAME 
NS 
Name 
www 
Value 
parked 
1 Hour 
600 seconds 
1 Hour

Resolution

This may be applicable to other domain service provider since mine is with GoDaddy I followed the steps below to resolved it.

Importantly, after adding your A records for your website’s IP address make sure to remove the entry for another record for “Park”, otherwise the you’ll be broadcasting two records (depending on the load balancer) and a redirection to your web server or GoDaddy’s Domain Broker Service Ads as a result.

Ό 
Ο 
- SNa • • •
  1. Log in to your GoDaddy DNS Control.
  2. Select your domain name from the list to access the Domain Settings page.
  3. Scroll down to Additional Settings and select Manage DNS.
  4. On the DNS Management page, next to the record you wish to delete (in our case is the A record with “Parked” value), click the pencil icon.
  5. To the right of the entry fields, select the trash can icon.
  6. Confirm deletion by selecting Delete in the new window.
  7. Confirm the DNS propagation using this link and check for multiple A record entry.

In conclusion, you will know that your redirection issue is resolved once you no longer see multiple A record entries for your domain except for your website’s IP address.

Looking for more WordPress content? Click here.

Reference

Search AD object with specific ms-DS-ConsistencyGUID

July 31, 2020 | by iaur | posted as Active Directory, Azure AD

Scenario: Got two MSOL user they are both sync, looking to see if we can merge it.

 You don’t have to really merge this and there’s no way to really do that. Both msol user are synced with AD. So the question is who’s to retain and obviously it would be the licensed account.

For this you just need to find the equivalent AD object of the unlicensed msol user and move it away from the syncing OU. This will delete it from O365 hence will not show ung Admin center active user.

On O365 PowerShell

Get-MSOLuser -UserPrincipalName user@domain.onmicrosoft.com | fl name,immutableID

# run this to find the immutableID of the unlicensed user

Take note of the immutable ID.

On Local AD power-shell, below will search for the AD object that match the immutableID value

$string=[system.convert]::FromBase64String(“ENTER_IMMUTABLE_ID_HERE”)
$hex = -join ($string | %{$_.tostring(“X”).padleft(2,”0″)})
$search = $hex -replace ‘(..)’,’\$1′
$adUser = Get-AdUser -LDAPFilter “(ms-ds-consistencyguid=$search)”

Once you’ve retrieve it, all you need to do is locate the OU where the object is and move it to a not-synced OU with o365 the perform AD-sync

Sample:

Machine generated alternative text:
6 
Connect-MS01 servi ce 
-Credential Scredenti al 
Facere Sionem> Set-MSOLuser 
Facere Sionem> Get—MSOLuser 
Windows PowerShell 
Sstr. system. convert : ;From8ase64Str1ng 
S hex 
= —join astring I 
$ s ear ch 
= Shex -replace , '\$I' 
$ aduser 
= Get—AdUser —LDAPFi Iter " 
PS C: \Users\rootvm\OneDrive 
PS C: \Users\rootvm\OneDrive 
-Userprincipa1Name ron( 
-Userprincipa1Name ron( 
Immutabl eld 
JONJIOM4CU+/JM5QcikQog 
C : users \ rootvm> 
C : \ Users 
Di ngui shedNæne 
Enabl ed 
Gi venName 
Name 
b j ectCl ass 
bj ectGUID 
SamAccountName 
SID 
PS C : 
: CV=Ron pugoy , OU=0365 Users , 
: True 
. Ron 
: Ron Pugoy 
user 
: 23498326-3843-4f09-bf24-ce50722910ü 
. ron 
: s-1-5-21-1324791489-3160699361-1173794010-1105 
Pugoy 
User-principalNæne : com 
File Action View 
PS C: \Users\rootvm\OneDrive 
Facere Sionem> 
Active Directo 
Help 
Name 
Builtin 
Computers 
Users and Computers 
Type 
Description 
Bernie Ferna„. Contact 
Domain Controllers 
ForeignSecurityPrinc• 
LostAndFound 
Managed Service Ac 
0365 Users 
Program Data 
Jasun 
8. 
P,cn Pugoy 
test 
test bin 
Test222 
User 
L'ser 
Distribution Gr... 
Contact 
Organizational...

Ref:

https://stackoverflow.com/questions/50638354/how-to-return-user-with-specific-ms-ds-consistencyguid-based-on-filter-query

Basic security for web servers (Linux Ubuntu)

July 28, 2020 | by iaur | posted as LAMP, WordPress

Firewall

# limit how many time something connects

@root

sudo apt-get update  

# update apache # to poke holes before enabling firewall
sudo apt-get install ufw  

# install firewall
sudo ufw limit 22/tcp  

# limit udp\tcp port
sudo ufw allow 80/tcp sudo ufw allow 443/tcp  

# allow web ports
sudo ufw enable  

# enable firewall
sudo ufw status  

# verify firewall status
case — bernje.lu@wordpress: — SSh bern 
ie.l 
hedai 
IOits.cc 
-S sudO install ufw 
Reading package lists... Done 
Building dependency tree 
Reading state information... Done 
ufw is already the newest version (Ø.36-ØLbunu.18.Ø4.1). 
upgraded, newly installed, to and not upgraded. 
Ibernie. -S sudO ufw status 
Status: active 
To 
22/tcp 
80/tcp 
4-43/tcp 
22/tcp (v6) 
80/tcp (v6) 
443/tcp (v6) 
Action 
LIMIT 
ALLm 
AL LCM 
LIMIT 
ALLm 
ALLm 
Fran 
06) 
Anywhere 06) 
06)

Global Blocks

sudo ufw default deny incoming  

# deny all incoming traffic aside from ssh/443/80
sudo ufw default allow outgoing  

# allow all outgoing traffic aside from ssh/443/80
 sudo ufw reload  

# reload firewall if you have updated the rule
case — bernie.lu@wordpress: — ssh bernie.lu@thedailyexploits.ct 
Ibemie. S sudo ufw default deny incoming 
Default incming policy changed to 'deny' 
(be sure to update your rules accordingly) 
Ibemie. $ sudo ufw default allow outgoing 
Default outgoing policy changed to 'allow' 
(be sure to update your rules accordingly) 
Ibemie. $ sudo ufw reload

Disabling password auth of ssh

# this will deny other ssh auth make sure to back up private key (id_rsa)

# you can use https://anonpaste.org/

# or generate other key from another machine before advancing

@root

 sudo nano /etc/ssh/sshd_config  

#  modify below line
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no PermitRootLogin no
#    

sudo systemctl restart sshd  

# refreshes sshd_config

Prevent IP Spoof

Updated:

Outdated:

  • Since GCP already prevent IP spoofing on a CSP-level this is deemed unnecessary but still a good practice
  • Updated versions of LAMP has this feature in some reiteration

@root

# the useful scenario would be banning IP address, you don’t want that bad actor to use another IP to get in to your web server
 
 sudo nano /etc/host.conf  

# note this are system files so be cautious
# change the order and mirror below  

order bind,hosts
nospoof on  
 

ase — Bern* 
is only by old OF C library. 
m somf

Install Fail2Ban

@root

# read incoming request and ban it if found malicious, example are DDOS attacks  

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
sudo systemctl status

 
  case — bernie.lu word ress 
[ bernie. 1 
sudo Qt install fai12ban 
Reading package lists. 
Building dependency tree 
Reading state information... Done 
fai12ban is already the newest version (0.1Ø.2-2). 
upgraded, newly 
bernie.lu@thedailyexploits.c 
[bernie. 
S sudo systemctl enable fai12ban 
Synchronizing state 
e script with /lib/: 
u. 
Executing: /lib/sys 
12ban 
S suü) systemctl start fai12ban 
[bernie. : 
S sudo s stemctl status fai12ban 
[bernie. : 
• fai12ban.service - 
at an erwtce 
Loaded : 
loaded (/1ib/systemd/system/fai12ban.service; enabled; vendor pn 
Active: 
active since Sat 2020-07-25 UTC; Ih 54min ago 
Docs: man: fai12ban(1) 
Main PID: 
2981 (fai12ban-server) 
Tasks : 
3 (limit: 638) 
CGroup: /system.s1ice/fai12ban.service  

Enable security feature via sysctl.conf

@root

 sudo nano /etc/sysctl.conf  

# uncomment the ff  

net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0

# prevent “Man in the Middle” (MITM) attack  

net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0  


# prevent traffic request address for routers (as you are a web server!)  

net.ipv4.conf.all.log_martians = 1

# log Martian packets
 
case— 
GNU nano 2.9.3 
SSI 7 
/etc/sysctl . conf 
# See http://lwn.net/Artic1es/277146/ 
# Note: This may impact IPv6 TCP sessions too 
#net. ipv4. 
# Unccyment the next line to enable packet forwarding for IPv4 
#net. ipv4. 
# Uncament the next line to enable packet forwarding for IPv6 
# Enabling this option disables Stateless Address Autoconfiguration 
# based on Router Advertisements for this host 
#net. ipv6. conf. all. forwarding—I 
# Additional settings - these settings can irnprove the netnork 
# security of the host and prevent against sane network attacks 
# including spoofing attacks and man in the middle attacks through 
# redi rection. Same network envi roments, however, require that these 
set tngs are I sao 
so review a ena e 
as neea 
Do not accept ICMP redi rects (prevent MI TM attacks) 
. ipv4. conf-all. accept—redirects ø 
.ipv6.conf.at1.accept—redirects — ø 
_or_ 
Accept ICMP redirects only for gateways listed in our default 
gateway list (enabled by default) 
net. ipv4.conf .all.secure_redirects 1 
Do not 
send ICMP redirects (we are not a router) 
. ipv4.conf.a11.send-redirects 
accept IP source route packets (we are not a router) 
Do not 
. ipv4.conf Ø 
. ipv6.conf ø    

sudo sysctl -p  

# refresh or display changes made to sysctl.conf