How to Sync a SharePoint Library to Windows File Explorer with OneDrive Files On-Demand

If your organization has been utilizing SharePoint’s “View in File Explorer” or “Open With Explorer” to map a drive to a SharePoint directory, you may have had problems opening SharePoint files in File Explorer, the connection between SharePoint and the File Explorer breaks, the Mapped Drive disconnects, or the connection is unreliable. Also, SharePoint can be a bit cumbersome when trying to work with files in the web-browser. The outdated SharePoint “View in File Explorer” feature was built with WebDav in the 90’s, and may use ActiveX controls, which is why it relies on Internet Explorer version 10 and/or 11 to run. You may recall we wrote about troubleshooting SharePoint’s “Open in File Explorer” here.

Microsoft’s preferred alternative to “View in File Explorer” is OneDrive Sync, and Files On Demand (FOD.) When we think of “Sync”, we probably think of the classic Windows “Offline Files” configured in the Control Panel’s Sync Center. However, OneDrive Sync is not the same as Offline Files.

OneDrive Sync utilizes the more modern technology, Files-on-Demand (FOD), which is configured in OneDrive Settings. Once configured, Files on Demand will only pull the index of all the files and folders in a SharePoint Library.

If desired, we can get the entire file/folder/data by right-clicking on the file or folder and choosing “Always keep on this device.” By default, if FOD is enabled, and we choose to Sync, we’ll only get an index of the SharePoint Library in the File Explorer (and we won’t sync the entire library and data contained there in.)

How to Enable Files On Demand and Sync a SharePoint Library

Before we Sync our SharePoint Library, make sure the OneDrive app is up to date and is running and logged in with the same credentials used to log into SharePoint online at www.office.com. Look for the blue or white cloud icon in the Systray (bottom right corner of your primary screen; near the clock,) then right-click, and click Settings.

OneDrive Settings

Next, in the Settings dialog box, near the bottom, place a check mark in the Files On-Demand / “Save space and download files as you use them” checkbox.

OneDrive Settings Files On-Demand

Next, open the Edge web browser and sign into www.office.com. Click on the SharePoint icon and then navigate to a Document Library that you would like to sync. Next, click the Sync button at the top of the Library:

OneDrive Sync

Normally we’ll see a couple pop-ups: Getting Ready to Sync, and You are Now Syncing:

Getting Ready to Sync dialog
OneDrive You are now syncing dialog

We’ll now have the SharePoint Library’s index built in our File Explorer with the files now having a status of either “Cloud Icon” or “Green Check Mark” next to each folder/file. As the Sync runs, we can check the Sync status by right-clicking on the OneDrive icon in the Systray.

If you attempt to sync a library that already has a shortcut pointing to that library from within the user’s OneDrive folder, you may get an error:

Sorry, we can’t sync this folder – You’ve already syncing a shortcut to a folder from this shared library.

OneDrive Sharpoint Sync Error

So what the error means is just that. Look in the user’s OneDrive folder in the file explorer and look for a folder/file that has a link icon (screenshot below). Special thanks to Hans Bender blog for pointing this out: https://hansbrender.com/2020/10/07/onedrive-for-business-add-to-onedrive-problems/

OneDrive Shortcut to Library

The icon will appear to have a link, so right-click on the folder that’s pointing to the Library you’re trying to Sync, and choose remove shortcut. Now we should be able to Sync the library.

If we want to have the file in SharePoint downloaded completely to our computer, right-click and choose “Always keep on this device.”

We probably do not want “Always keep on Device” for the entire Folder/Library, as it will eat up our entire hard drive.

Always keep on this device OneDrive Sync

If a file or folder is inadvertently kept on our device, we can right-click and instead choose “Free up space” on the file (greyed-out in the screenshot above.)

Take note in the screenshot above, the newly-synced Shared Library is not directly under OneDrive in the left navigation pane of the File Explorer, instead, it is listed separately below it and has a different “building” type icon.

So now we can use Word and Excel apps to browse our local computer for files that are synced with SharePoint without having to use the old “Open/View in File Explorer” method.

For example, if we want to open a SharePoint file inside Excel, we click the File menu > Open > Browse > Organization / Library > File.xlsx > Open

Open SharePoint Library Files in Excel

Once we have made our changes and click Save, we’ll see a green checkmark under the Status column inside the File Explorer.

Excel File SharePoint Sync Status

We hope that if you’ve experienced difficulty opening SharePoint files in the Windows 10 File explorer, this procedure and OneDrive Sync will provide a more stable and fluid means of browsing SharePoint files in the File Explorer.

How to set up an Auto Responder or Automatic Replies for an Alias in O365 Exchange

When you manage a large amount of Exchange mailboxes, inevitably someone will leave the organization, and you have to setup autoreplies with a message stating the user is no longer available by email. Common sense dictates we will setup a [email protected] mailbox and add the terminated users as alias’ to that mailbox, but not so fast. After a few days of testing and working with support, we’ve found that setting up a shared mailbox with autoreplies enabled with the terminated user’s unique email address/alias, provides the most consistent results.

We’re not going to go through the myriad of possible scenarios about what your org does with a mailbox after a user leaves. Instead, we’ll assume the mailbox is now deleted, and forwarding of mail bound for that mailbox is no longer necessary. To be on the safe side, ensure you back up the mailbox in some way before deleting the mail.

When testing auto replies, you may want to use the Exchange Message Tracker to see the messages come in and go out. To get there, go to O365 Admin > Exchange > Mail Flow > Message Trace.

A good thing to note here is that while performing a message trace, when sending test messages to the newly created shared mailbox with Automatic Replies enabled from within the same tenant or domain, auto reply messages may Drop with the following error:

Date/Time DropReason: [{LED=250 2.1.5 RESOLVER.OOF.ExtToInt; handled external OOF addressed to internal recipient};{MSG=};{FQDN=};{IP=};{LRT=}]

This Drop message is actually an intended action, and is not an error, as it is probably used to prevent a loop of autoreplies within the same tenant.

Getting back to our original issue, to generate autoreplies, we first tried to setup a “[email protected]” shared mailbox and add terminated user’s email addresses as aliases to the noreply box, but we got inconsistent results. Instead, we did the following.

How to Setup Automatic Replies for a Terminated User Mailbox

  • Create a shared mailbox with the terminated user’s email address. To do this go to 365 Admin Center > Groups > Shared mailboxes > Add a shared mailbox > Give the shared mailbox a name like “JDoe Term AutoReply” > Give the shared mailbox the (previously/actually used) email address of the terminated user. This does not use a mailbox license thereby freeing up a license. Alternatively, you can try simply converting the terminated user’s mailbox to a shared mailbox, but we had an inconsistent result doing this.
  • Next, simply click on the details of the shared mailbox, and under Automatic replies, click the Edit link:

Next place Checkmarks in both “Send automatic replies to senders inside this organization” and “Send automatic replies to senders outside this organization”

Add a reply blurb which can be something similar to the following:

The Representative you are trying to contact is no longer affiliated with this Corporation. You will be receiving communication with more information pertaining to the transition of the Representative on your account. If you have an urgent matter and would like to speak with someone, please call our Service Center at 800-555-5555 between the hours of 6am-5pm (PST).

Click “Save” at the bottom and you should be all set.

If you want to test, you can try sending an email from an account outside your organization. *Note – when we sent a test message from gmail, the autoreply ended up going into the gmail account’s spam folder.

If further errors are encountered, you may need to look at your spam/external forwarding policies in your mail filtering site at https://protection.office.com/antispam or reach out to MS Support.

Solved – cannot open www.office.com with Internet Explorer – SharePoint Online redirects to Edge

So recently Windows 10 has enabled a security feature that redirects certain websites like www.office.com to the Edge browser. If you need to get into a website using Internet Explorer, for now the workaround is to disable the Edge redirect setting inside the Edge browser settings.

If you use SharePoint online a lot you have probably found that Open in File Explorer is a convenient way to manage your SharePoint files and libraries in Windows 10. You’ve also probably found that in order to view the SharePoint files in the Windows 10 File Explorer, you first need to open Internet Explorer, then open the SharePoint library, find the link Return to Classic SharePoint in the bottom left corner of the SharePoint library page, and then click on the Open in File Explorer link inside Classic Mode. Details on how to troubleshoot opening SharePoint files in File Explorer can be found here. If you want an alternative way to browse SharePoint files in Windows 10 File Explorer using Edge, please go here.

If you want to know how to disable or remove the IE to Edge redirect, use the following instructions:

Start by opening the Edge browser.

In Edge, click on the ellipsis menu in the upper-right corner, and then click Settings. Or in the address bar at the top of Edge, type edge://settings/defaultbrowser and press Enter.

Edge Browser Settings

Next, inside the Edge Settings page, on the left side menu, click Default browser.

Change the setting “Let Internet Explorer open sites in Microsoft Edge” to Never.

Edge Default Browser Let Internet Explorer open sites in Microsoft Edge

That should do it!

Close the Settings Tab/Edge browser. Close and then open Internet Explorer browser. Go to www.office.com in IE and it should let you in.

Troubleshoot ethernet cable wires without a Cable Tester using a Cisco Switch and the TDR Command

So if you suspect you may have a bad Cat5/6 Ethernet patch cable, you can use a cisco switch cli interface and a few commands to diagnose if the copper pairs of cables connected to the switch are bad. The commands and explanation of TDR (Time-Domain Reflectometer) I found here.

First, ssh or telnet or use the web interface to connect to the switch with the suspect cable.

Use the following command to show the list of interfaces on your switch:

show interfaces

You’ll want to make note of how the interface is described in the previous command because Cisco is pretty particular. In my case I’ll test GigabitEthernet1/0/1.

Next issue the following command to first test the interface in question:

test cable tdr interface GigabitEthernet1/0/1

You will probably get something like the following result:

TDR test started on interface Gi1/0/1
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.

Wait 10 seconds and then issue the command to show the cable diagnostics result:

show cable-diagnostics tdr interface GigabitEthernet1/0/1

And the output will look something like the following:

TDR test last run on: December 05 18:50:53
Interface Speed Local pair Pair length Remote pair Pair status

Gi1/0/1 1000M Pair A 19 +/- 10 meters Pair B Normal
              Pair B 19 +/- 10 meters Pair A Normal
              Pair C 19 +/- 10 meters Pair D Normal
              Pair D 19 +/- 10 meters Pair C Normal

In our results we see Normal under Status. The following could be your status if there is a problem.

ResultExplanation
NormalIdeal result you want.
If testing FastEthernet, you want Pair A and B as “Normal”.
If testing GigabitEthernet, you want ALL as “Normal”.
OpenOpen circuit. This means that one (or more) pair has “no pin contact”.
ShortShort circuit.
Impedance MismatchedBad cable. For more explanation, go here.

Here are the cable pairs explained:

PairsFunction
AThis pair controls whether or not the port should go up or down.
BProtocol-level and controls FastEthernet.
CPower over Ethernet (PoE)
DGigabitEthernet

So as you can see TDR can be a handy tool especially if your cable tester battery is out.

How to identify and Expand AWS EBS volumes in Windows Server 2012

If you have a disk drive that is running out of space because a database is starting to grow too large for the drive in an EBS volume on AWS, you may be asked to modify or expand the volume. In this case, we are tasked with expanding the “E drive” on a Windows Server 2012 AWS virtual machine. Because this is not a boot volume, and because it is an NVMe-based gp2 volume, it will be fairly easy to expand the volume without having to do things like shut down the instance, take a snapshot, expand the snapshot etc.

When you have a lot of disks attached to a Windows Server corresponding to a lot of different volumes attached to the instance in AWS, it can be a little tricky identifying the correct volume to expand. Read below to learn how to match an EBS volume in AWS to a Disk drive in Windows, expand the volume in AWS, and then finally resize the disk in Windows.

Identify Volumes Associated with Instance

First, log into AWS

Next, Go to EC2 > Find your instance in EC2 by name, select it, then copy the instance ID.

get instance id

Next, navigate in AWS to EBS > Volumes.

Find all the volume names associated with the instance by pasting the Instance ID into the search box at the top of the screen.

Identify the EBS Device in Windows

Now we’ll switch over to Windows. RDP into the server we want to modify. Once we’re in the server’s desktop, we want to download ebsnvme-id.zip from https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/nvme-ebs-volumes.html And unzip/copy the .exe to your desktop.

Next find the command prompt and open CMD as administrator (right-click on CMD icon > run as administrator.)

Run CMD as Administrator

Change directory in CMD to your desktop with the command:

cd c:\users\jcoltrin\desktop

Run the ebsnvme-id.exe in the Administrator Command Prompt

run ebsnvme-id.exe in cmd

Identify Disk in Windows and Match to Volume ID

Next, on the Windows server, open Server Manager

Windows 2012 Server Manager

In the upper-right corner of Server Manager, go to Tools > Computer Management

Server 2012 Computer Management

Make note of which disk (Disk 0, Disk 1, Disk 2, etc) corresponds to the Device Name and Volume ID that you want to change. In my case I want to expand Disk E, which is also known as Disk 3. Looking at the output of the CMD screenshot above, I can see Disk 3 shows my Volume ID is vol-0a17e…, and Device Name is XVDB.

Server 2012 Disk Management

Modify and Expand EBS Volume in AWS

Now that we are sure which volume it is we want to expand, and that this is not our Boot drive we can right-click on the vol-0a17e… volume in EBS and choose Modify Volume. **If the Disk is your boot drive, a snapshot should be taken first, and then shut down to expand the snapshot volume, then detach the snapshot, and attach the expanded volume.

EBS Modify Volume

A new dialog box pops up asking for the new size of the volume:

EBS Modify Volume Size Dialog

Enter the new size and click Modify.

Switch gears and now go back to your RDP session, go to Disk Managment, Right click on the volume and choose Extend Volume… > use all of the available space and click ok.

Our Volume size has now been increased and we can continue to grow!

How to Install and Enable Bitlocker Encryption on Windows 10 Pro

To enable Bitlocker on your Windows computer, you first need to be running the Windows 10 Pro operating system. Windows 7, Windows 8, and ‘Windows 10 Home’ versions do not support Bitlocker.

It’s a good idea to first know your current operating system version. To do so, click on the Start Button and type “WinVer” and then press Enter:

Check the version of operating system. You need to have Windows 10 Pro. As of the time of writing this article, the most version of Windows 10 is Version 1909 (OS Build 18363.592).

If you have Windows 7, follow the upgrade instructions below. If you have Windows 10 Home, then you need to purchase the upgrade to Windows 10 Pro, and follow instructions here.

You need to upgrade from Windows 7 Home to Windows 10 Home before you can upgrade to Windows 10 Pro.

Upgrade from Windows 7 Home to Windows 10 Pro

If you are on Windows 7 or Windows 8, do a web search for the Windows Media Creation Tool, or you can find it here: https://www.microsoft.com/en-us/software-download/windows10

When running the Media Creation Tool, run the Upgrade option. It will take a while and several reboots to upgrade from Windows 7 or 8 to Windows 10. If you started with Windows 7 Home or Windows 8 Home, the tool will most likely upgrade your PC to Windows 10 Home.

After you’ve finished the ‘Windows 7 Home’ to ‘Windows 10 Home’ upgrade, you now need to upgrade from Windows 10 Home to Windows 10 Pro in order to get the Bitlocker feature.

Upgrade from Windows 10 Home to Windows 10 Pro

To upgrade from Windows 10 Home to Windows 10 Pro, click on the start button and type ‘Microsoft Store‘ and press Enter.

In the store, search for Windows 10 Pro in the upper-right corner of the store:

Purchase the upgrade ($99) and then run the upgrade. The process will take a while and several reboots.

Once you are on Windows 10 Pro, open the File Explorer, click This PC, then Righ- click on the C: drive and choose Turn on Bitlocker or Manage Bitlocker.

Follow the prompts and enable bitlocker.

  • You may encounter a problem where an old PC does not have a TPM chip, so you will have to edit the local Group Policy in order to allow Bitlocker without TPM enabled. The guide for doing so can be found here: https://www.digitalcitizen.life/how-enable-bitlocker-without-tpm-chip-windows-7-windows-8
  • Enable Bitlocker for the C: drive – Save the Bitlocker encryption/decryption key to a removable USB drive, save to the cloud, and print for a hard copy. This password to unlock the drive and the Recovery/Decryption key are very important, do not lose them.
  • Follow the default prompts (ok to skip system check) and the drive will begin encryption. You should see a status bar and progress indicator showing the percentage of encryption. When it reaches 100%, the encryption process has finished.
  • Reboot the system to complete the encryption of the drive.

After the reboot, log in to the desktop again, and use the Windows Control Panel to check the status. Please follow instructions here:

https://social.technet.microsoft.com/wiki/contents/articles/969.how-to-determine-if-bitlocker-drive-encryption-is-enabled.aspx

Office 365 Outlook for Desktop constantly prompts for login password after enabling MFA two factor authentication – how to Enable Modern Authentication for Exchange Online

If you have recently enabled MFA multi factor authentication or 2FA on your Office 365 tenant, your Microsoft Outlook for Office 365 MSO 16.0.11929 (desktop version) users may be prompted over and over for their password, even though you are sure you have the correct password and even the apppassword / app password hash. I’m sure you’ve tried to re-configure Outlook, look at Azure settings, reinstall Outlook, check your autodiscover records, make sure you have the correct Office Suite version and perhaps have even attempted to change the windows 10 registry with the following settings:

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeExplicitO365Endpoint"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeLastKnownGoodUrl"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeHttpsRootDomain"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeSrvRecord"=dword:00000001

However doing these things did not resolve the issue, and the only fix that worked for us, was to follow the instructions on how to enable modern authentication for Exchange Online here: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

So I thought it would be helpful to have a step-by-step how to enable modern authentication in Exchange Online for Office 365 based on the instructions provided in the link above.

With MFA enabled, connecting to Exchange Online with powershell is not as simple as it used to be, but still not all that bad. I’ve found the easiest way to connect to Exchange Online with Powershell is to do the following.

Note: A forewarning here, with certain browsers, when clicking on the Exchange Hybrid “Configure” button, and then installing the Hybrid configuration, the Office 365 login screen may may flash on the screen as a white box, and then disappears before you can authenticate and use your 2FA txt code. I’ve seen this when using Microsoft Edge, Chrome, and even the new version of Microsoft Edge based on Chromium. The only browser I’ve gotten this to consistently work with is the Internet Explorer browser built into Windows 10. The Internet Explorer browser is installed on Windows 10 by default, it’s hidden in the start menu under Accessories:

If you do attempt to run the Exchange Powershell Module using chrome you may encounter the error:

“Application cannot be started. Contact the application vendor.”

When clicking the Details… button, you may find information similar to the following:

PLATFORM VERSION INFO
	Windows 			: 10.0.18363.0 (Win32NT)
	Common Language Runtime 	: 4.0.30319.42000
	System.Deployment.dll 		: 4.8.3752.0 built by: NET48REL1
	clr.dll 			: 4.8.4121.0 built by: NET48REL1LAST_C
	dfdll.dll 			: 4.8.3752.0 built by: NET48REL1
	dfshim.dll 			: 10.0.18362.1 (WinBuild.160101.0800)

SOURCES
	Deployment url			: file:///C:/Users/Jason/Downloads/Microsoft.Online.CSE.PSModule.Client%20(3).application

IDENTITIES
	Deployment Identity		: Microsoft.Online.CSE.PSModule.Client.application, Version=16.0.3527.0, Culture=neutral, PublicKeyToken=45baf49ae30bdb15, processorArchitecture=msil

APPLICATION SUMMARY
	* Installable application.
	* Trust url parameter is set.
ERROR SUMMARY
	Below is a summary of the errors, details of these errors are listed later in the log.
	* Activation of C:\Users\Jason\Downloads\Microsoft.Online.CSE.PSModule.Client (3).application resulted in exception. Following failure messages were detected:
		+ Deployment and application do not have matching security zones.

COMPONENT STORE TRANSACTION FAILURE SUMMARY
	No transaction error was detected.

WARNINGS
	There were no warnings during this operation.

OPERATION PROGRESS STATUS
	* [4/3/2020 3:32:57 PM] : Activation of C:\Users\Jason\Downloads\Microsoft.Online.CSE.PSModule.Client (3).application has started.
	* [4/3/2020 3:32:57 PM] : Processing of deployment manifest has successfully completed.
	* [4/3/2020 3:32:57 PM] : Installation of the application has started.

ERROR DETAILS
	Following errors were detected during this operation.
	* [4/3/2020 3:32:57 PM] System.Deployment.Application.InvalidDeploymentException (Zone)
		- Deployment and application do not have matching security zones.
		- Source: System.Deployment
		- Stack trace:
			at System.Deployment.Application.DownloadManager.DownloadApplicationManifest(AssemblyManifest deploymentManifest, String targetDir, Uri deploymentUri, IDownloadNotification notification, DownloadOptions options, Uri& appSourceUri, String& appManifestPath)
			at System.Deployment.Application.ApplicationActivator.DownloadApplication(SubscriptionState subState, ActivationDescription actDesc, Int64 transactionId, TempDirectory& downloadTemp)
			at System.Deployment.Application.ApplicationActivator.InstallApplication(SubscriptionState& subState, ActivationDescription actDesc)
			at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl, Uri& deploymentUri)
			at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivationWithRetry(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
--- End of stack trace from previous location where exception was thrown ---
			at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
			at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivationWithRetry(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
			at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)

COMPONENT STORE TRANSACTION DETAILS
	No transaction information is available.

At this point, it may be necessary to uninstall the existing module and then re-install and run using Internet Explorer. You may even receive the following error:

"You cannot start application Microsoft Exchange Online Powershell Module from this location because it is already installed from a different location."

To uninstall the module, click the Start Button > type “appwiz.cpl” and press Enter.

Inside of the Programs and Features screen find the application and click Uninstall.

After uninstall, log into your tenant (with an administrator account) at https://www.office.com using Internet Explorer 11, and click the Admin link:

Next, Expand the Menu on the left menu by clicking Show All… and then click on Exchange:

Next we want to click on the Hybrid link to get to our Powershell Configure button:

Go ahead and install the component if it asks, and when it completes, you’ll be greeted with a Windows Powershell screen with the following message:

Experience the fast and reliable Exchange PowerShell V2 Cmdlets via new PowerShellGallery module. Go to https://aka.ms/exops-docs

This PowerShell module allows you to connect to Exchange Online service.
To connect, use: Connect-EXOPSSession -UserPrincipalName <your UPN>
This PowerShell module allows you to connect Exchange Online Protection and Security & Compliance Center services also.
To connect, use: Connect-IPPSSession -UserPrincipalName <your UPN>

To get additional information, use: Get-Help Connect-EXOPSSession, or Get-Help Connect-IPPSSession

We now want to initiate our session using the instructions provided. At the prompt, type in the command:

Connect-EXOPSSession -UserPrincipalName [email protected]

You’ll now be prompted to sign into your tenant (Work or School). You’ll see some status bars go by and then be prompted with a warning about unapproved verbs (for example banish?)

So now we want to (only look before making changes) get our organization structure, and more precisely, find the status of our OAuth2ClientProfileEnabled setting by issuing the command:

Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

Your output should look similar to the following (with the exception being that your result will probably be set to False:)

Finally we can set this to True by using the following command:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

To verify the command was successful, run the previous command again:

Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

That’s about it! Give the setting about an hour to propagate and then try testing Outlook on the desktop again. You may get a few clients where their profile needs to be recreated. You can do this by going into the control panel > (1) choose Small Icons > (2) Mail Microsoft Outlook 2016.

Then click Show Profiles

Click Add…

Now when setting up the new mail account, you should be prompted with the modern authentication and you’ll be prompted for your txt code or Microsoft Authentication Application.

Working Remotely -Windows 10 virtual desktops and RDP Tips for laptops and multiple monitors

If you’re working remote with just a laptop, or a laptop and a small 2nd monitor, the desktop gets pretty cramped for a sysadmin. One way to mitigate the pain is to use your OS’s virtual desktops functionality.

Here’s links to guides for Windows, Ubuntu, and MacOS on how to get started with them for your OS. Using Windows as the example, you just press Win-Tab and click the plus sign at the top for New Desktop.

Then drag existing windows on to it, and now they’re on a separate screen. To quickly move between virtual desktops, you can use the CTRL-WIN-left/right arrows.

Once you get in a habit of using them, it’s great for keeping multiple small applications visible on a whole desktop, or multiple full screen apps on their own window that you don’t have to constantly minimize/maximize. You can use Win-Tab (or the Task View button next to the Cortana button on your taskbar) to mass organize things or rearrange, and your Taskbar will reflect what items are open on that particular Desktop.

Alerts and notifications will still appear, even if you’re on a different virtual desktop, and interacting with the notification will teleport you to the relevant desktop.

One gripe with the Windows Virtual desktops is that there’s no easy way to move between desktops without taking your hand off the mouse. You can use the buttons on the side of your mouse (if your mouse has them) to switch desktops if you have the buttons on the side. If your mouse software doesn’t support the windows key combos check out X-Button Mouse Control. Set the buttons to generic and tell X-BMC to change it to the virtual desktop switches.

In order to display an application on all virtual desktops, do Win+Tab, then Right click the Chrome window you want Show window on all desktops.

One thing to note is if you have an AWS Workspace desktop open inside of a virtual desktop, it’s best to have the workspaces desktop in the far-left/primary desktop.

When working remotely in RDP, and you have multiple monitors, and you remote into a machine with multiple monitors, when you open the Remote Desktop client, click the Show Options button then under the display tab, ‘select use all my monitors’ for the remote session.

Solved – Cannot uncheck “Only trust email from addresses in my safe senders and domains list and safe mailing lists” Outlook.office.com office365 Junk email

A user complained that valid good email was being sent to the Junk email folder on outlook on the web. To get to the setting, click on the Gear Icon > View all outlook settings > Junk Email. Attempts to uncheck “Only trust email from addresses in my safe senders and domains list and safe mailing lists.” were unsuccessful and we cannot save the setting.

To uncheck the box permanently:

  1. Open Powershell ISE
  2. Run function Connect-O365
function Connect-O365{
	$o365cred = Get-Credential [email protected]
	$session365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $o365cred -Authentication Basic -AllowRedirection 
	Import-Module (Import-PSSession $session365 -AllowClobber) -Global
}

4. Run the command

Connect-O365

5. Log into Office 365 with Administrator account

Run the command Get-MailboxJunkEmailConfiguration emailaddress – replacing emailaddress with the user mailbox email address. Use other values from microsoft documentation here: https://docs.microsoft.com/en-us/powershell/module/exchange/antispam-antimalware/set-mailboxjunkemailconfiguration?view=exchange-ps

Get-MailboxJunkEmailConfiguration [email protected]

Results should be similar to below:

Run the following command to set TrustedListsOnly to False:

Set-MailboxJunkEmailConfiguration "[email protected]" -TrustedListsOnly $false

The checkbox should now be unchecked. Check to see if junk mail now works as intended.

How to Set Clock Time and Date on Ubuntu Server when NTP Synchronized is set to No

In the event our Ubuntu server has an incorrect time, a clock that is offset may prevent users from logging in, or for example, synchronizing databases. If OpenVPN is in use with 2FA and google authenticator, their login is dependent on the time of the server being correct . We want to ensure our end users can log into the server or OpenVPN successfully. Let’s start by viewing the clock on our server, and then synchronize the clock with an internet-based time service.

First issue the command:

date

If we compare this time with an accurate clock, such as a cell phone, we may see this time is no accurate. The date display in the above screenshot shows the Day, Date, Hours, Minutes, Seconds, TimeZone and Year. 

Let’s check to see if our clock is set to be synchronized. Do this by issuing the command:

timedatectl status

Here we see that our “NTP synchronized: no” status indicates our Network Time Protocol synchronization is turned off. 

In order to get our clock synchronized and change it to NTP synchronized: yes, we need to do the following.

  1. Stop the ntp service
  2. Sync the time using ntpd with the -g and -q switches (allows the time to be set without restriction)
  3. Start the ntp service

We can do this by issuing the commands: 

Sudo service ntp stop
Sudo ntpd -gq

This will produce something like the following output:

In this output we can see that our time was offset and adjusted by -49.77 seconds.

Next let’s start the ntp service again with the command:

Sudo service ntp start

Lastly we can confirm that our time is set correctly and that NTP synchronized: is now set to yes with the command:

timedatectl

That should do it! Try issuing the command date again and compare it to an accurate clock. Check to see that your OpenVPN users can log in. If they continue to have issues, check out the article on Troubleshooting OpenVPN