SysAdmin Contents

Magazine

03 Office 365: Configuring User Passwords to Never Expire

32
January ‘18 05 IT Trick: View Azure AD Sign In Activity
№
09 [Infographics] Cloud Security Report 2018

SysAdmin Magazine is a free 11 Complete Guide to Azure Active Directory Password Policy
source of knowledge for IT Pros
who are eager to keep a tight
13 [Quick Reference Guide] Exchange Online Auditing
grip on network security and do
the job faster.
15 [Recorded Webinar] Cloud Security: Who is Responsible for Your Critical Assets?

16 Free Tool of the Month: Netwrix Service Monitor

17 How to Detect Who Was Accessing Shared Mailbox in Office 365

The Sysadmin Magazine team

sysadmin.magazine@netwrix.com

2
 SysAdmin Magazine January 2018

One of the questions that we are most frequently asked 1. Install both programs.

is regarding users or administrators who subscribe 2. Open up a PowerShell command session

to Office 365 but who are tired of receiving Office 365 and type in “Connect-MsolService”.
password expiration notifications. These users might
3. Enter your credentials at the prompt.
not be used to the service’s default password expiration
4. Once you are successfully authenticated, enter the
policy, especially if they are coming from in-house

Jonathan Hassell
following command to set a user’s password to
systems that had more lenient expiration requirements.
never expire:
Although I am not entirely convinced that setting
IT Pro, Entrepreneur passwords to never expire is smart, if you choose secure

passwords and use multifactor authentication, I do not

Set-MsolUser -UserPrincipalName <fullemailaddress@
think that disabling password expiration in Office 365
yourdomain.com> -PasswordNeverExpires $true
causes major difficulties.

Configuring Using PowerShell

If you know a little bit about PowerShell, then you
As always, good old PowerShell can come to the rescue. know that, if the verb in a command is “Set,” you can

Office 365: First off, set yourself up to connect to the service through also use “Get” to retrieve information or properties

Configuring User PowerShell remoting. If you have not done this yet, you

will need two pieces of software: the Microsoft Online

about a certain object. In this case, you can use “Get-

MsolUser” to see if the user’s password has already

Passwords to Never Services Sign-In Assistant for IT Professionals RTW (yes, been configured to never expire; to do so, you use

Expire
that’s the official name) and the Azure Active Directory the following command, which selects the attribute
Module for Windows PowerShell. to display in response to our command:

3

Get-MsolUser -UserPrincipalName <fullemailaddress@
yourdomain.com> | Select PasswordNeverExpires
You can extrapolate from this command to see the
password expiration statuses of all users in your
tenant using the following command:
Get-MSOLUser | Select UserPrincipalName,
PasswordNeverExpires
You can also combine these commands to set the
passwords for all users in your tenant to never expire;
this is done using the pipelining feature of PowerShell.
Here, you get a list of users from “Get-MsolUser” and then
pipe that information to “Set-MsolUser,” omitting
the specific reference to names (as those will be fed into
4
the new command from the pipeline) and leaving the
attribute configuration the same:
Get-MsolUser | Set-MsolUser –
PasswordNeverExpires $true
Configuring Using the Graphical
User Interface
If you’re afraid of the PowerShell command line, here
are two pieces of advice. First, do not fear it, for it is
your friend. Second, know that there is also a way to
disable password expiration from the web-based Office
365 administration console. You will need to have
administrator credentials for this.
1. Sign in at https://portal.office.com/adminportal/home.
SysAdmin Magazine January 2018
2. From the Settings menu, select “Security and
privacy,” and then click “Edit.”
3. Under “Password policy,” click the box hat says
“Set user passwords to never expire.”
Follow these steps and you will not be annoyed by Office
365 password expiration notification emails any more.
Check out my previous post to learn a few rules that
should be helpful when ensure Office 365 password
policy security.
In case you can’t change password policy to never
expire try Password Expiration Notifier, a free tool that
automatically reminds users to change their passwords
before they expire.
 SysAdmin Magazine January 2018

Need to know who’s logging in to your cloud directory To follow the instructions below, you’ll need to have at

or Office 365? With this tip, I’ll show you where to find least one directory set up in your Azure subscription.

information about user sign in activity in the Azure If you use Office 365, you already have an Azure AD

management portal. directory associated with your Office 365 tenant. Simply

log in to the Azure management portal, using the link

Until recently, there was no single log view for sign in in the instructions below, and enter credentials for an

Russell Smith information in the Azure Active Directory (AAD). That

changed in November 2016, when Microsoft added

Office 365 tenant administrator.

Security Expert, IT consultant detailed auditing to the AAD admin experience preview Sign in to the new Azure management portal here

in the new Azure management portal, providing a with an account that has administrator access to AAD

convenient one-stop shop where all audit data is
available in one place. Contextual audit features also
offer access to audit logs relevant to the task you’re
performing. For example, you can quickly view audit logs
for the sign in activity of a specific user without leaving
the user management panel.
In the list of options on the left of the portal, click
Azure Active Directory
In the Azure Active Directory PREVIEW panel, scroll
down the list of options on the left and click Sign-ins
under ACTIVITY
In the Filter Sign-In Events panel, leave the default
settings, and click Update

IT Trick:
There’s a catch, however: an Azure Premium AD or

Enterprise Mobility Suite subscription is required to

View Azure AD Sign access the logs. If you don’t have an Azure Premium AD

In Activity
subscription, you can get a free 30-day trial here.

5
 SysAdmin Magazine January 2018

6
 SysAdmin Magazine January 2018

Note one month is the maximum timeframe that can be

displayed at any one time.

A list of sign in events will appear on the left

Click on one of the events to see more information

On the Activity Details: Sign-ins panel, you’ll see

information about the login, including username,
application, location, and IP address

Close the Activity Details: Sign-ins

On the Azure Active Directory – PREVIEW panel, click

Download to download a .csv file of the sig in activity
You can also customize the columns displayed and
search the filtered events

Some other entry points to sign in activity logs are

available in the management portal:

Click Users and groups on the Azure Active

Directory – PREVIEW

Now click Overview, where you get a graph showing

user sign ins. Clicking on the graph shows a list of
sign in events for any given day

Click All users under MANAGE to display a graph

with sign in activity for selected users

7
 SysAdmin Magazine January 2018

To view the audit information across all available

resources, click Audit logs under ACTIVITY. You can also

get audit data for specific apps by clicking Enterprise

apps on the Azure Active Directory – PREVIEW panel,

and then use the graph to drill down for filtered event

information.

Want to know what’s going on in your Azure AD?

Download free 20-day trial Netwrix Auditor for Azure AD

8
 SysAdmin Magazine January 2018

[Infographics] of organizations store sensitive

data in the cloud

of organizations consider

88 %
employees to be the biggest
risk to cyber security

Cloud Security
Report 2018 45%
This year’s Cloud Security Survey explores how far

businesses are ready to go with cloud adoption,

whether they trust the cloud enough to store sensitive

data there, and how they protect data in the cloud. of surveyed IT teams have gained top
management’s support for security
initiatives in the cloud

Read Full Report

66%

9
 TOP CLOUD SECURIT Y CONCERNS PLANS SysAdmin Magazine January2017
September 2018

SECURIT Y INCIDENTS

75
69% Risk of unauthorized access IN THE CLOUD
71% 42%
50%
50 39% HAPPENED IN 9 % IN 42% OF CASES, SENSITIVE
OF ORGANIZATIONS DATA WAS COMPROMISED
Inability to monitor user
25
activity in the cloud 5 40 55 70 5 40 55 70

0
WHOSE FAULT WAS THAT?

88% of cloud users store sensitive data in the cloud 39 % 33 % 33 % 28 % 19 % Plan to move more sensitive
data to the cloud
Ready for a broader adoption
of the cloud

Own IT Own business Cloud External Contractors with

IMPACT OF CLOUD ADOPTION ON THE OVERALL SECURITY OF IT INFRASTRUCTURES employees provider actors legitimate access

32 % 31% 31%
40 Improved 27 % 24 %
Worsened
Not
30 impacted 17%

Cloud Security
25 40 55 70 0 25 40 55 70
20 Not sure

10

0
Survey Results Plan to move their entire
approach infrastructures to the cloud within

66% of IT pros get support from top management

for cloud security initiatives 2018
the next 5 years

SECURIT Y CONTROLS WHERE DO ORGANIZATIONS HAVE COMPLETE VISIBILIT Y INTO AC TIVIT Y IN THE CLOUD? HOW DO ORGANIZATIONS PLAN TO IMPROVE CLOUD SECURIT Y?

40

50 % 40 % 30
28 %

20 17%
12%
9%
0 10 20 30 40 50 0 10 20 30 40 50 10

IT pros believe that their provider’s

0 53% 55% 39%
IT pros prefer to use both their own
security controls are enough Provider activity Activity of third parties Business user Implementing stricter Improving employee Purchasing vendor
controls and the provider’s controls
with legitimate access activity security policies training security solutions
to protect data
16 for security
 SysAdmin Magazine January 2018

One of the benefits of using Azure Active Directory ] { } | \ : ‘ , . ? / ` ~ “ ( ) ;). You are not allowed to use

(Azure AD) is the flexibility it gives you when it comes to Unicode characters or spaces in your password. The

managing passwords. Most companies choose to deploy password length is set to 8 characters minimum and

Azure AD as an extension to their existing on-premises 16 characters maximum. To be considered strong,

Active Directory. They do so to add single sign on and the password must not have a dot (.) immediately

federation capabilities for online apps like Salesforce preceding the at sign (@) and also contain any three

Jonathan Hassell and Docusign. Azure AD also allows users to manage

or reset passwords on a self-service basis without

(1) lowercase characters, (2) uppercase characters,

(3) numbers, and (4) allowed symbols. By default,

IT Pro, Entrepreneur contacting the help desk. passwords expire every 90 days, and users are

notified to change their password 14 days before

What are the basics of Azure password policy, and how that expiration. From a password history point of

do you get this all set up? That’s what I’ll tackle in this view, the system restricts the last password that was

piece. used—so a user has to come up with a new password

rather than just cycling the same one over and over

again. The expiration duration and notification can

Basic Password Policy Restrictions
be configured through PowerShell using the Set-

The most basic of password policies for Microsoft MsolPasswordPolicy cmdlet, which you can find

Complete Guide to
Azure AD include simple complexity and history within the Azure AD Module.

limitations. You can use simple alphabetical

Azure Active Directory characters (A to Z), including both upper- and If users enter their password incorrectly 10 times

Password Policy
lowercase letters; the numerals 0 through 9; and in a row, Azure AD will lock the account for one

standard keyboard symbols (@ # $ % ^ & * – _ ! + = [ minute. If incorrect password entries continue, the

11

system again will lock the user out and then increase
the duration of each lockout period as a method of
deflecting and mitigating brute force attacks.
Basic Password Policy Restrictions
One of the biggest advantages of using Azure AD is the
ability for users to manage their own passwords. This
means users can set and reset passwords via a self-
service portal rather than filing a help desk ticket and
waiting for a delegated administrator to service the
request. The Azure AD password management tools work
if you are an exclusively cloud-based organization (which
is probably not most organizations, especially if you are
interested in single sign on) or if you have synchronized
your Azure AD tenant to an on-premises Active Directory,
which makes the solution especially attractive.
There are a few steps to implementing the policy required
to activate these self-service password management
features. To get started:
12
SysAdmin Magazine January 2018
1. Open the Azure classic portal, which can be found at you will need to edit users either on the Azure portal,
https://manage.windowsazure.com, and then click on within Office 365, or through PowerShell to edit
Active Directory on the left side of the screen properties for users. You will want to add alternate e-mail
addresses and mobile phone numbers that can receive
2. Click the directory you want to configure, and then on text messages that contain one-time passcodes for
the next screen, click the CONFIGURE tab multifactor authentication purposes.
3. Scroll down and click Yes for the “Users enabled for
You can also set it up so users can provide their own
password reset” option and then customize the: additional
details by sending them to http://aka.ms/ssprsetup and
policy controls that appear for access restrictions, the
when they sign in to the Access Panel at http://myapps.
group that performs password resets, and the additional
microsoft.com (if this is part of your users’ workflow).
authentication methods available to users who want to
They can also be forced to provide details if you choose
reset their passwords
Yes to “Require users to register when signing in to the
access portal.”
Next, you will need to specify the contact information
A big piece of making this work is having Azure AD
for all of your users so that it can be used for password
Connect set up properly and your firewall configured,
resets. If you have directory synchronization enabled
which we will tackle in another piece.
through Azure AD Connect, and your users’ properties
on your on-premise’s active directory with deployment
configured correctly, then those contact details will
automatically write into the Azure AD tenant. Otherwise,

This quick reference guide shows how to enable logging
of important changes in Exchange Online.
Exchange Online Audit Settings
Exchange Online auditing is enabled by default and
cannot be deactivated.
Ryan Brooks
Product Evangelist
Review Audit Logs in Exchange Online
Open the Exchange Admin Center in your browser
and navigate to Compliance Management >
Auditing.
Click “Run the admin audit log report...”
Specify the date range and choose the cmdlets you
want to report on from the “Common Cmdlets” box.
Quick Reference Guide
The User field shows the admin who executed
Exchange Online
the cmdlet. The “Parameters” field provides
detailed information, such as which permissions
Auditing to which mailbox were changed and who received
them.
13
SysAdmin Magazine January 2018
Search Audit Logs using Exchange
Management Shell or PowerShell Console
Open the Exchange Management Shell or
PowerShell as Administrator.
Connect to your Exchange Online using the
following commands:
Set-ExecutionPolicy RemoteSigned
$credential = Get-Credential #enter your exchange
online credentials
$exchangeSession = New-PSSession
-ConfigurationName
Microsoft.Exchange -ConnectionUri “https://
outlook.office365.com/
powershell-liveid/” -Credential $credential
-Authentication “Basic” -
AllowRedirection #connect to exchange online
Import-PSSession $exchangeSession
-DisableNameChecking #import scripts and
cmdlets for management
To search the Admin audit log, run the following
cmdlets:
 SysAdmin Magazine January 2018

Search-AdminAuditLog New-MailboxDatabase – Creates a new mailbox

New-AdminAuditLogSearch database

Mount(Dismount)-Database – Mounts or
You can specify search dates by adding “–
dismounts an existing mailbox database
Parameters –StartDate MM/DD/YYYY –EndDate
MM/DD/YYYY” Set-MailboxDatabase – Configures a variety of
properties for a mailbox
You can also use other cmdlets and parameters.
Run “get-help Search-AdminAuditLog” for more
New-SendConnector - Creates a new Send
information.
connector

New-ReceiveConnector - Creates a
new Receive connector

Add(Remove) - MailboxPermission – Adds or

Common Cmdlets: removes permissions to a mailbox

Enable-Mailbox – Creates amailbox for an existing

AD user

Disable-Mailbox – Removes user’s mailbox

Set-Mailbox – Modifies the settings of an existing

mailbox

14

[ Recorded Webinar ]
Jeff Melnick
IT Security Expert, Blogger
What do you need
to keep in mind when
your data resides in
the cloud?
15
SysAdmin Magazine January 2018
Cloud Security:
Who is Responsible
for Your Critical Assets?
About this webinar
Although cloud providers may ensure your data is secure, How can you increase your cloud data integrity?
this doesn’t guarantee it’s absolutely safe from breaches. Which human-related risks should you keep an eye on?
According to the Verizon 2016 Data Breach Investigations How can you gain visibility into what’s going on across
Report, 77% of data breaches are caused by insider your cloud environment?
activities. In fact, 50% of the cases stay undiscovered for How do you share responsibility for IT security with
cloud providers?
months.
And more!
Watch the recorded webinar ‘Cloud Security: Who’s
Responsible for Your Critical Assets?’! In this session you
will get answers to the following questions: Watch Now
 SysAdmin Magazine January 2018

Freeware service monitoring tool that enables you to Ensure steady performance of your servers

monitor Windows services on your critical servers Recover from service outages faste
Eliminate unnecessary manual work
Free Tool Monitor multiple servers at the same time Configure in minutes
of the Month
Report example

Netwrix
Service
Monitor
Download Free Tool

16

How-to for IT Pro
How to Detect Who Was Accessing Shared
Mailbox in Office 365
1. Open PowerShell Run the following command to
connect with Exchange Online instance and enter
your credentials in the pop-up window:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName
Microsoft.Exchange -ConnectionUri https://outlook.
office365.com/powershell-liveid/ -Credential
$UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
2. To enable mailbox auditing run:
17
SysAdmin Magazine January 2018
4.
For a single mailbox: Click “Run a non-owner mailbox access report”.
You will get the report on non-owner access to
Set-Mailbox –Identity “TestUser” -AuditEnabled $true
all mailboxes with enabled auditing over the
past two weeks.
For all mailboxes:
5. To view non-owner access to a specific mailbox
$UserMailboxes = Get-mailbox -Filter
Click on a mailbox to view all non-owner access
{(RecipientTypeDetails -eq ‘UserMailbox’)}
$UserMailboxes | ForEach {Set-Mailbox $_.Identity
events with the details.
-AuditEnabled $true}
To check what mailboxes have auditing enabled run:
Get-Mailbox | FL Name,AuditEnabled
3. Open Exchange Administration Center > Navigate
to “Compliance Management” Auditing.
 Netwrix Auditor 9.5
netwrix.com/auditor9.5html

Corporate Headquarters: Phone: 1-949-407-5125 Copyright © Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or
300 Spectrum Center Drive, Toll-free: 888-638-9749 one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other
Suite 200 Irvine, CA 92618 EMEA: +44 (0) 203-318-02 countries. All other trademarks and registered trademarks are the property of their respective owners.