Microsoft Advanced Threat Analytics IP has changed, ATA Console unavailable


Update: From version 1.8 you will be able to access the console at https://localhost, and update the IP using the ATA Console

When you move Microsoft Advanced Threat Analytics to a new location, your IP will possibly change. After the IP change the ATA Console is not available anymore. When you take a look at the Windows Services you will notice that the “Microsoft Advanced Threat Analytics Center” service is in “Starting” state or does not run. To make the ATA Console accessible you will need to update the configuration, which resides in the underlying Mongo DB. Luckily enough there is an easy way to get this done!

  1. Login to your ATA Console server
  2. Go to “C:\Program Files\Microsoft Advanced Threat Analytics\Center\Backup” and copy the latest version to a known location
  3. Open the backup file with notepad and search and replace the old IP with the new IP
  4. Save the configuration backup file
  5. Open a command prompt
  6. Go to “C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin”
  7. And execute ‘mongoimport.exe –db ATA –collection SystemProfile –file “h:\SystemProfile_newip.json” –upsert’, where h:\SystemProfile_newip.json is the location of the updated configuration backup file
  8. Now you will notice that the service will be back up-and-running within 5 minutes

But now we are halfway… all ATA (lightweight) gateways need to be updated too.

  1. Go to”C:\Program Files\Microsoft Advanced Threat Analytics\Gateway”
  2. Open the GatewayConfiguration.json file
  3. Replace the old IP for the new IP
  4. Restart the “Microsoft Advanced Threat Analytics Gateway” service using the Service Manager

So what have we learned. Read the manual before moving Microsoft ATA to a new IP. An outlined plan can be found at https://docs.microsoft.com/en-us/advanced-threat-analytics/modifying-ata-center-configuration

 

 

Advertisements

Set Reviewer permissions to All Users on All Calendars


A lot of companies would like to open their calendar for all employees.

The script below updates all calendars (multilingual) to give Reviewer permissions to all mailboxes.

#Set default as reviewer for all calendars. 
foreach($mbx in Get-Mailbox -ResultSize Unlimited | where-object {$_.displayname -notmatch "discovery"}) {
    $calendars = (Get-MailboxFolderStatistics $mbx.Identity -FolderScope Calendar).Identity -replace "\\", ":\"
    foreach($calendar in $calendars) {
        $allset = Get-MailboxFolderPermission $calendar -User Default | Where { $_.AccessRights -eq "Reviewer" }
        if ($allset -eq $null) {
            Set-MailboxFolderPermission -Identity $calendar -User Default -AccessRights Reviewer
        }
    }
}

Update on Microsoft Azure Data Center Locations


Updated 12-oct-2015
Microsoft has now a quality website about the current datacenter regions https://azure.microsoft.com/en-us/regions

In 2012 I’ve posted a blog post with a map of the Azure Datacenter Locations at that moment. A lot of changes has taken place since that time!

In this post an updated map, thanks to William Zack (Microsoft). With new datacenters in Brazil and Japan, and planned datacenters in Australia.

2014-09-15_21h45_08

 

Azure Active Directory Sync Tool reaches General Availability


If you are planning for

– Multi-forest implementation of Office 365
– Multi-forest / multi exchange organization hybrid
– Resource and accounts forest

You can now start directly with this new “version” of DirSync.

There is only one item which can be found in DirSync and AAD Sync has not, it is password hash sync. All other, and a lot more features are there!

Download Azure Active Directory Sync Tool here: http://go.microsoft.com/fwlink/?LinkID=511690
Documentation can be found here: http://go.microsoft.com/fwlink/?LinkID=393942

Preauthenticate Office 365 (SharePoint and Exchange) for Internal Users


Using ADFS for Single Sign On does not leverage a full Single Sign On Experience for the users. People will often see the Office 365 and need to fill in their email/upn, before Single Sign On will happen.

Thanks to a very nice OneDrive CodePlex project (http://office365drivemap.codeplex.com/), which you should visit too, I was able to write the following PowerShell script which you can use to preauthenticate Office 365 when you use ADFS.

Run the following powershell script after login (see http://msdn.microsoft.com/en-us/library/jj130675.aspx to configure the script to run after login)


$domain = "contoso.com"; # your Federated domain
$ie = new-object -com InternetExplorer.Application
$ie.navigate("https://login.microsoftonline.com/login.srf")
$ie.visible = $true #Uncomment this for debugging

# Wait for the page to finish loading
do {sleep 1} until (-not ($ie.Busy))
# We have to click the remember me checkbox before logging in, we also have to have IE be automated for this to work
try {
  $ie.document.GetElementById("_link").click()
  do {sleep 1} until (-not ($ie.Busy))
} catch {$null}

try {
  $ie.document.GetElementById("cred_userid_inputtext").value = "dummy@"+$domain
  $ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
  do {sleep 1} until (-not ($ie.Busy))
  $ie.document.GetElementById("cred_sign_in_button").click()
  do {sleep 1} until (-not ($ie.Busy))
}catch {$null}

sleep -seconds 15 # give plenty of time to redirect
$ie.Quit()

For exchange it is quite easy to create a auto-login just with some DNS modification. You just need to create a CNAME to outlook.com.

e.g. webmail.contoso.com => outlook.com

Release Notes Office 365 SharePoint Online (unofficial)


In this blogpost I am trying to gather information about updates performed in SharePoint Online and publish them here. Several feature updates are missing, please feel free to send in any comments!

Version 16.0.0.2621 (march 2014)
-SkyDrive becomes OneDrive
-OneDrive storage up to
-Office Web Apps gets updated with enhanced features
-Office Web Apps has new names Word App becomes Word Online etc|
-Content Search Web Part availlable
-Several DIV ID’s renamed

Version 16.0.x.x (september 2013)
– Maximum upload size to 2Gb
– Maximum number of sitecollections from 2.000 to 10.000

Version 16.0.1922.1200 (august 2013)
– SkyDrive Pro; personal space to 25Gb
– SkyDrive Pro; Shared with Me features, to show all documents shared with you (on SkyDrive)

Version 15.0.0.4420.1017 (february 2013)
– Initial SharePoint Online 2013 release

Version 14
– Initial SharePoint Online 2010 release

The information published on this blog is not verified by Microsoft and can contain incorrect information.

Host Multiple Provider-Hosted SharePoint Apps Within a Single Assosiated Web Application


While developing Provider Hosted Apps for our clients I noticed a lot overhead in our projects. Packaging, deploying, same code distributed over all provider hosted apps. In previous version of SharePoint we were getting used to provide a structured solution (WSP), providing a great set of features to our customers. The code was hosted within a single solution and solution package for easy release management. Although there are reasons why you should not do this, it is still a tradeoff between an easy to deploy solution and a structured way to deploy different features within a different release cycle. I don’t want to start this discussion here, but let’s take a look if it is even possible. Can SharePoint Provider Hosted Apps run within a single Web Application Project? In short, yes, it can work, although there are several reasons why you don’t want to get in to this! What we want to achieve is a solution structure were we have multiple App Manifest bound to a single App Web. In the example we have HighTrustSampleApp1 and HighTrustSampleApp2 added to the project and a Single App Web. How to accomplish this Ø Create a new solution Ø Add a SharePoint 2013 App (provider hosted); two projects will be added to you solution Ø Add a second SharePoint 2013 App (provider hosted); again, two projects will be added Ø Remove one of the webapplication Ø Select the Second App (App project) and go to properties Ø Set the Web Project the same as the Web App created with HighTrustSampleApp1 Ø Add a Second ASP.Net webpage to the project for your second app (App2.aspx) Ø Copy & Paste the codebehind from Default.aspx in the App2.aspx.cs Ø Open the App manifest of HighTrustSampleApp2 Ø Set the start page to App2.aspx Ø Ready for now! When we build and deploy this solution it will half work J. When pressing F5, to browser will pop up. If you press Trust on the second App in your project, both app will work! But effectively it is reusing the access token from the other app. Things to do in the SharePointContext & TokenHelper To authorize your App access to SharePoint your AppWeb has a library with some bunch of code to handle this OAuth handshake. Before you start believing in magic please make sure you know how OAuth works and how SharePoint authenticates your app using high or low trust techniques. The library has been delivered by default to host a single app, but in our case we are interested in hosting multiple apps in a single web app project. ClientId One of the things we need to deal with is the ClientId, which is (normally) different for every single App. The IssuerId can be shared between apps, so we can leave that one as is. The clientId is grabbed from the web.config where the clientid is registered. The ClientId should be different for the different apps, so you would need to develop a way to differentiate the app calls SharePointContext The Tokens are cached into the Http Context, so here you would need multiple session variables, one for every app Visual Studio So it looks pretty straightforward to update the code the get different different apps working within a single webapplication. But you will get annoyed by Visual Studio, because it has no support for developing multiple apps in a single Webapplication. When you are developing locally the ClientID is continuously updated to a new one on every deploy. Visual Studio registers your app for you in SharePoint and you’re good to go. Unfortunately this will not work. Conclusion For now, I have stopped my journey in exploring the ability to host multiple provider-hosted SharePoint Apps in a single web application project. Technically you can make it work, but there will be some issues on the way. We decided to continue to deploy our apps as a Virtual Application/Directory in IIS in a single Web Application for provider hosted Apps. Works great, with great support within Visual Studio. Define your apps in a scope which need to be deployed together, to minimize the App overhead. Get started with Provider Hosted Apps How to: Create high-trust apps for SharePoint 2013 (advanced topic) http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx Scripts to configure you development and production environment http://msdn.microsoft.com/en-us/library/office/dn579380(v=office.15).aspx Packaging and publishing your Provider Hosted App http://msdn.microsoft.com/en-us/library/office/jj860570(v=office.15).aspx