Recently working on a Proof Of Concept enabling a MAM policy to lockdown and protect an application (Teams) on a device that not enrolled in Intune, and the File Ownership prompt in guides was not appearing.

The Intune License was applied to the user and the user was enabled for  MAM User Scope , and the MAM policy was applied to the User  

However no file ownership still and no encryption of files. Turns out the device has to be joined to the companys Azure AD ( or Local AD and Hybrid ) for this to happen and display the info box

This will show you its enrolled in MAM ( not MDM ) 

After this File Ownership is displayed !

• No Comments

https://techcommunity.microsoft.com/t5/outlook-global-customer-service/how-outlook-2016-utilizes-exchange-server-2016-fast-search/ba-p/381195#

Secondary mailboxes

When Outlook 2016 released, the plan was to only support FAST search on your primary mailbox. However, starting in the Fall of 2017, you should see that any Exchange email account added through File | Account Settings (also known as MultiEx or multiple Exchange accounts) now fully supports FAST search.

If you are limited to using an older build of Outlook 2016 and search in a MultiEx mailbox, the FAST query may be submitted in the context of the logged on user (you). This causes the search results to be pulled from your own mailbox, not the secondary mailbox that currently has the focus in your Outlook client. If you are unable to upgrade your Outlook 2016 client to the November 2017 Monthly Channel Build, you can temporarily work around this limitation by using one of the following options:

• Change the search scope to All Outlook Items, Subfolders, or All Mailboxes
• Disable Outlook 2016’s use of FAST search via policy or local user registry setting (see the next section)

Note Other types of secondary stores, such as those added via Open these additional mailboxes or those that are automatically configured via AutoMapping, are still limited to WDS.

HOWEVER

I’ve found users report searching still sucks in their shared and/or secconday mbxs. So per document set the below DWORD key to 1 if a user reports this – though I’m still waiting to hear if there are negative connotations to this change

• No Comments

 Report % Rate of change from the last Backup Job Run

Add-PSSnapin -Name VeeamPSSnapIn -ErrorAction SilentlyContinue

Disconnect-VBRServer | out-null

connect-vbrserver -server localhost

$JobsOutput = @()

Foreach ($JobObject in Get-VBRJob | ?{$_.JobType -eq "Backup"})

{

$LastSession = $JobObject.FindLastSession()

$ChangeRate = ($LastSession.Info.Progress.TransferedSize/$LastSession.Info.Progress.TotalUsedSize)*100

$JobOutput = New-Object -TypeName PSObject

$JobOutput | Add-Member -Name "Jobname" -MemberType Noteproperty -Value $JobObject.Name

$JobOutput | Add-Member -Name "Endtime" -MemberType Noteproperty -Value $LastSession.endtime

$JobOutput | Add-Member -Name "TotalUsedSize" -MemberType Noteproperty -Value $LastSession.Info.Progress.TotalUsedSize

$JobOutput | Add-Member -Name "ReadSize" -MemberType Noteproperty -Value $LastSession.Info.Progress.ReadSize

$JobOutput | Add-Member -Name "TransferedSize" -MemberType Noteproperty -Value $LastSession.Info.Progress.TransferedSize

$JobOutput | Add-Member -Name "ChangeRate" -MemberType Noteproperty -Value $ChangeRate

$JobsOutput += $JobOutput

}

$JobsOutput | Out-GridView

Disconnect-VBRServer | out-null

However one result is not a fair estimate of rate of change , and I don’t have a Veeam One license so I decided to Average Stuff

You can run on One VM or all the VM’s in a Backup Job

Add-PSSnapin -Name VeeamPSSnapIn -ErrorAction SilentlyContinue

connect-vbrserver -server localhost

#Query to get all jobs in the time period in hours that have processed data (Data ne 0 ) and have completed

$vbrtasksessions = (Get-VBRBackupSession |

Where-Object {($_.EndTime -ge (Get-Date).addhours(-168) -or $_.CreationTime -ge (Get-Date).AddHours(-168) -or $_.State -eq "Working")}) | Get-VBRTaskSession | Where-Object {$_.Status -notmatch "Idle|InProgress|Pending|Fail"-and $_.Info.Progress.TotalSize -ne "0"}

#Get Backup Job and VM

#$getOne = $vbrtasksessions | ? {$_.JobName -eq "%Veeam Backup or Backup Copy Name%" -and $_.Name -eq "%Name of Server%"}

#Or Get Whole Backup Job and average between all the machines

#$getOne = $vbrtasksessions | ? {$_.JobName -eq "%Veeam Backup or Backup Copy Name%"}

#Cannot Get Total usedSize in Backup

Echo ListofAllFullSizesInBytes $getOne.Info.Progress.TotalSize

#Echo AverageTotalFullBackupSizeInGB $([Math]::Round([Decimal]($getOne.Info.Progress.TotalSize | Measure-Object -Average).Average/1GB, 2))

Echo ListofIntcrementalSizeinBytess $getOne.Info.Progress.TransferedSize

#Echo AverageIntSizeinGB $([Math]::Round([Decimal]($getOne.Info.Progress.TransferedSize | Measure-Object -Average).Average/1GB, 2))

Echo RateofChangein% ((($getOne.Info.Progress.TransferedSize | Measure-Object -Average).Average/($getOne.Info.Progress.TotalSize | Measure-Object -Average).Average)*100)

Disconnect-VBRServer | out-null

• No Comments

Do they use Auto-Mapped mailboxes?

 Had this issue with a number of staff here directly after migration from 2010 to 2016

Fix:

$mailboxes = Get-MailboxPermission -Identity * -User <username> | Select -ExpandProperty Identity

Foreach($mailbox in $mailboxes){Remove-MailboxPermission -Identity $mailbox -user <username> -AccessRights fullaccess -Confirm:$False}

Foreach($mailbox in $mailboxes){Add-MailboxPermission -Identity $mailbox -User <username> -AccessRights fullaccess -AutoMapping $false -Confirm:$False}

Wait a few mins then see if the user can open Outlook.

• No Comments

Add the new Server Computer Account to the Same AD groups as the existing Servers

On your Terminal server Gateway Server , Add the new Session Host server in Server Manager

Once added  , right-click on it and click Add Roles and Features

Choose existing RD Connection Broker

My Session Host was greyed out , so I was then able to Add the Session Host to the Collection via below

• No Comments

There are a couple of key active known issue about HDX Optimization failing in certain situations, the above included, as of May 2020.

https://support.citrix.com/article/CTX253754

• In Windows Server (any version, with any VDA 1906.2 or higher), session disconnect/reconnect might result in Teams failing to load in optimized mode (“Citrix HDX Not Connected” in About/Version). Citrix and Microsoft are aware of this issue and are rolling out the fix, deployed already in Ring 3. This will not require any component upgrade (Teams, VDA or Workspace app) and is rolled out via feature flags (sign out/sign in required). In some scenarios, attempting to make a call will trigger Teams to try to reconnect to the Citrix services and optimization will succeed. [RFWIN-15624] [Microsoft Teams Bug ID: 873138]
• If Teams is configured to Auto-start, the issue in the first [above] bullet might also manifest. We recommend disabling auto-start by deleting the Teams regkeys in HKLM\Software\Microsoft\Windows\CurrentVersion\Run, HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run and HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  
  
• Endpoints with high-end sound cards (Studio quality) might fail to load in optimized mode. See section #2.1 below. Clicking on Teams/Settings/Devices will show “None”. Citrix is aware of this issue and working on a fix. [RFWIN-17892]

It does go on to say “that, generally, fully quitting Teams (Systray icon / right click / quit) and restarting it clears all the components involved and can fix whatever issue you were experiencing.”

• No Comments

Recently taken on a new environment and needed to check support for existing keys and move them to an account we control

The below you can enter the keys to find out if they are in current support

https://kb.vmware.com/s/article/2144006?lang=en_US&queryTerm=How+to+find+PAC

https://www.vmware.com/support/tracksn.portal?vmware=trackSN

To move them into your account you will need to raise Vmware support case , and they can give you the email address of the current user to contact to delegate access

T

• No Comments

Login to Azure Active Directory. Locate Usage & insights , under Monitoring

Select “Users registerd for Multi-Factor Authentication”

Can also be done in powershell : https://dirteam.com/sander/2020/05/14/todo-optimize-the-azure-multi-factor-authentication-methods-used-throughout-your-organization/

Monitoring with PowerShell: Monitoring the used MFA type for O365/Azure.

• No Comments

Find users who have physically logged into a machine 7001

param(
    [alias("CN")]
    $ComputerName="localhost"
)

$UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}}
$TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}}
$TimeProperty = @{n="Time";e={$_.TimeGenerated}}
$MachineNameProperty = @{n="MachinenName";e={$_.MachineName}}

foreach ($computer in $ComputerName) {
    Get-EventLog System -Source Microsoft-Windows-Winlogon -ComputerName $computer | select $UserProperty,$TypeProperty,$TimeProperty,$MachineNameProperty
}

Find users who have authenticated with different login types

get-eventlog -ComputerName "localhost" -logname 'security' -instanceid 4624 -after (get-date).adddays(-10) | % {
 
    [array] $login += [pscustomobject] @{
    
        account = $_.replacementstrings[5]
        time = $_.timewritten
        type = $_.replacementstrings[8]
        ip = $_.replacementstrings[18]
}}
 
$login | ft -auto 

• No Comments

FYI – https://support.citrix.com/article/CTX253754

User called to say Audio/Video devices were failing to pass through to MS Teams. Under Settings > Devices listed “None” across the board:

Checked the local workstation and found the HDXTeams.exe was not running (should start automatically when Teams in Citrix launches)

Logs are here: %userprofile%\AppData\Local\Temp\HDXTeams

 

Refer to : https://discussions.citrix.com/topic/407820-ms-teams-not-pulling-through-audio-devices/page/2/

Solution: I had to disable built-in microphone and speakers – one or both of these were the problem:

• No Comments