AIP padlock icon missing in encrypted message
Hi, I have enabled AIP in my tenant along with sensitivity labels and encryption. I can send encrypted messages succesfully however the secure message - which contains a padlock icon referring to a microsoft website - is broken and fails to load. I’ve viewed the source of the message and tried to load the image in my browser. The image failed to load and I believe the image location is not valid anymore. Could you please validate and provide a fix so that the padlock icon loads successfully? Currently the secure message looks like a phishing email and will probably be treated as such.Track Sensitivity Label Downgrades and Removals with Audit Log Data
The Purview Insider Risk Management solution can do all sorts of clever things, like tracking sensitivity label downgrades and removals as an indicator that a user might be preparing to exfiltrate data. The same kind of checking can be done by using the events captured in the audit log when people remove or change sensitivity labels. All in a few lines of PowerShell… https://office365itpros.com/2024/11/20/sensitivity-label-downgrades/
I lost my Admin privileges in Microsoft 365
So, I'm working in a corporate company and we had services purchased like Azure, PowerBI etc. that we were paying for a long time. And until today I was logging in with the Admin email to the 365 admin portal with my admin account. but today when I try that Email has lost it's admin privileges. And so to recover that account I tried directly connecting through the phone call which also had to go through an automated voice assistant. And even after finally connected with the call. the only way they were about to provide a help was to telling them what is the current admin account's email address. which is like the reason why we called them because we have a security breach and don't know who did that. And I had all my previous admin accounts with credentials and all payment details etc. but I had to talk to some guy for like 20 minutes that just repeating the same thing like tell me the current admin email so w can help you further. Like if I know that why would I even call them. And I have all the details of my previous info but how can I know what the email that the attacker has used in just one day.
Connect-Aipservice is not working
Hello everyone, Please is anyone able to connect to the aip service using powershell version 5.5 and above? Even after installing and importing the aip service module, the connect-aipservice failed to work with all its parameters. However, creating and publishing sensitivity label policy is working. Thanks.How to Handle an Unwanted Sensitivity Label
Sometimes sensitivity labels defined for use within a Microsoft 365 tenant turn out to be unnecessary. The question then is what to do with these unwanted sensitivity labels. The answer is to pause for thought, gather information, and then make an informed decision, all of which we discuss here. https://practical365.com/how-to-handle-an-unwanted-sensitivity-label/C# application with MIP SDK fails creating the FileEngine
Hi! I have a C# application which tries to create a FileEngine to unprotect AIP protected files. The application runs in Azure. Network connectivity is available. The MIP SDK logs look like this: Info 2024-06-05 11:49:15.652 common/api_utils.h:195 w3wp (6324) "Start calling success callback for API: protection_profile_load_async" mipns::TryExecuteSuccessCallback::<lambda_aa4c0887fcc47f487d59891ccfa0eff4>::operator () 5396 Info 2024-06-05 11:49:15.652 common/api_utils.h:197 w3wp (6324) "Ended calling success callback for API: protection_profile_load_async" mipns::TryExecuteSuccessCallback::<lambda_aa4c0887fcc47f487d59891ccfa0eff4>::operator () 5396 Info 2024-06-05 11:49:15.652 policy_profile_impl.cpp:522 w3wp (6324) "Starting API call: profile_add_engine_async scenarioId=55a8c9cb-bbe6-40bb-992f-10b54066f182" mipns::ProfileImpl::AddEngineAsync 1048 Info 2024-06-05 11:49:15.652 policy_profile_impl.cpp:522 w3wp (6324) "Ended API call: profile_add_engine_async" mipns::ProfileImpl::AddEngineAsync 1048 Info 2024-06-05 11:49:15.652 policy_profile_impl.cpp:522 w3wp (6324) "Starting API task: profile_add_engine_async" mipns::ProfileImpl::AddEngineAsync 1700 Info 2024-06-05 11:49:15.652 policy_profile_impl.cpp:522 w3wp (6324) "Starting API task: profile_add_engine_async scenarioId=55a8c9cb-bbe6-40bb-992f-10b54066f182" mipns::ProfileImpl::AddEngineAsync 1700 Info 2024-06-05 11:49:15.652 policy_profile_impl.cpp:244 w3wp (6324) "Starting to add policy engine with engine id: 09342290-3990-4ef9-bdeb-611113bcccee" `anonymous-namespace'::CreateEngineAsync 1700 Warning 2024-06-05 11:49:15.652 policy_engine_manager_impl.cpp:275 w3wp (6324) "Inconsistent label & sensitivity policy detected. Removing both from cache if it exists." mipns::PolicyEngineManagerImpl::DeletePolicyFromStorage 1700 Info 2024-06-05 11:49:15.652 policy_engine_manager_impl.cpp:358 w3wp (6324) "Loading new policy engine (requires fetch): 09342290-3990-4ef9-bdeb-611113bcccee" mipns::PolicyEngineManagerImpl::LoadNewEngineAsync 1700 Warning 2024-06-05 11:49:15.652 policy_engine_manager_impl.cpp:361 w3wp (6324) "New PolicyEngine was created without an identity. Dynamic content marking will be partially disabled, and URL redirect caching will be fully disabled." mipns::PolicyEngineManagerImpl::LoadNewEngineAsync 1700 Info 2024-06-05 11:49:15.652 auth_request_transformer.cpp:155 w3wp (6324) "Requesting auth token from app. Resource: 'https://syncservice.o365syncservice.com/', Authority: 'https://login.windows.net/common', Scope: '', Claims: ''" mipns::AuthRequestTransformer::GetAuthToken 1700 Info 2024-06-05 11:49:15.917 auth_request_transformer.cpp:169 w3wp (6324) "Authentication response time (seconds): 0.264937" mipns::AuthRequestTransformer::GetAuthToken 1700 Info 2024-06-05 11:49:15.932 http_director_impl.cpp:141 w3wp (6324) "Sending HTTP request: ID: {C3D930DE-50B3-40A8-8C44-0ED22007A6FB}, Type: GET, Url: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies?supportedMaxVersion=1.0.50.0, Body Size: 0, Headers['ClientInfo'] = 'mip_ver=1.14.128;os_name=win;os_ver=10-0-20348;runtime=msvc-1929;arch=x86', Headers['Capabilities'] = 'BestEffortEntityMatch,BestEffortCCSIMatch,SchematizedDataContentType', Headers['Content-Type'] = 'application/xml;charset=utf-8', Headers['Authorization'] = 'UOID:2d3ea670-a6d7-4a66-85fe-0bcc9b5f563a;Tenant:tenant id;Audience:https://syncservice.o365syncservice.com/;Roles:UnifiedPolicy.Tenant.Read;" mipns::HttpDirectorImpl::DoSendHttp 1700 Info 2024-06-05 11:49:16.104 http_client_base.cpp:44 w3wp (6324) "HTTP response time (seconds): 0.185885 ID: {C3D930DE-50B3-40A8-8C44-0ED22007A6FB}" mipns::HttpClientBase::SendAsync::<lambda_b2b0e837acbc3dca3dadb2856c35cf30>::operator () 5756 Info 2024-06-05 11:49:16.120 oneds_helper.cpp:532 w3wp (6324) "OneDsHelper::WriteTelemetryEvent(policy_sync_acquire_policy)" mipns::OneDSHelper::WriteTelemetryEvent 5756 Info 2024-06-05 11:49:16.120 diagnostic_utils.cpp:80 w3wp (6324) "Send Telemetry. Event Name : [policy_sync_acquire_policy] App.ApplicationId: [application id], Pii: [None] App.ApplicationName: [AR_COSI_TEST_AIP], Pii: [None] App.ApplicationVersion: [1.0.0], Pii: [None] App.SessionId: [], Pii: [None] Engine.SessionId: [], Pii: [None] Event.CorrelationId: [3f4d9f3a-a5a1-40fc-bbdb-049f4d40889f], Pii: [None] Event.CorrelationIdDescription: [HttpDirector], Pii: [None] Event.Duration: [0.187074], Pii: [None] Event.ErrorType: [NetworkError], Pii: [None] Event.Failed.File: [src\core\api_impl\http\http_director_impl.cpp], Pii: [None] Event.Failed.Func: [mipns::HttpTelemetryHelper::NotifyOperationComplete], Pii: [None] Event.Failed.Line: [374], Pii: [None] Event.Failed.Message: [No HTTP response. Failed with: [NetworkError: 'HTTP connection failure Inner exception: [http_exception: 'WinHttpSendRequest: 12029: A connection with the server could not be established'], NetworkError.Category=NoConnection, HttpRequest.SanitizedUrl=https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies, HttpRequest.Id={C3D930DE-50B3-40A8-8C44-0ED22007A6FB}']], Pii: [None] Event.ParentCorrelationId: [948d1c35-91a9-47be-af1f-6d6a241125e5], Pii: [None] Event.ParentCorrelationIdDescription: [PolicyProfile], Pii: [None] Event.UniqueId: [eacab4b6-2048-4cf0-8d5c-cba215bcb6a0], Pii: [None] EventInfo.Level: [10], Pii: [None] EventInfo.PrivTags: [33554432], Pii: [None] MIP.Version: [1.14.128], Pii: [None] Request.CorrelationId: [{C3D930DE-50B3-40A8-8C44-0ED22007A6FB}], Pii: [None] Request.IsAsynchronous: [true], Pii: [None] Request.RequestBodySize: [0], Pii: [None] Request.TokenTenantId: [tenant id], Pii: [None] Request.Url: [https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies], Pii: [None] iKey: [ce9aa5fb5a414ecebb15af10715bd8ff-831d197e-fc97-4df6-b998-c8c13a0fc3ce-6768], Pii: [None] " mipns::WriteTelemetryEventToLog 5756 Info 2024-06-05 11:49:16.120 http_director_impl.cpp:38 w3wp (6324) "Received HTTP response: " `anonymous-namespace'::LogHttpOperationDetails 5756 Error 2024-06-05 11:49:16.120 http_director_impl.cpp:42 w3wp (6324) "HTTP operation {C3D930DE-50B3-40A8-8C44-0ED22007A6FB} failed: Failed with: [NetworkError: 'HTTP connection failure Inner exception: [http_exception: 'WinHttpSendRequest: 12029: A connection with the server could not be established'], NetworkError.Category=NoConnection, HttpRequest.SanitizedUrl=https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies, HttpRequest.Id={C3D930DE-50B3-40A8-8C44-0ED22007A6FB}']" `anonymous-namespace'::LogHttpOperationDetails 5756 This error does not occur on every tenant! Does anyone have a clue why this error occurs?
PowerShell cmdlets not available within a script unless it is run as administrator
I wonder if somebody can help with this issue. Essentially I want to be able to connect to Exchange Online and the Security and Compliance PowerShell from within a script run as a regular user, not administrator. If I drop these commands into my un-elevated PS window they will connect successfully and give me back some info on the two commands. If I drop the same commands into a PS1 file and execute it in an elevated PS console they also run successfully. Connect-IPPSSession Get-Command Get-DlpCompliancePolicy Connect-ExchangeOnline Get-Command Get-Mailbox If I run Get-ConnectionInformation in the script I can see the two connections are there - ConnectionId : 745f6176-5d1f-46ec-a786-b8e84f273791 State : Connected Id : 1 Name : ExchangeOnlineProtection_1 UserPrincipalName : ********* ConnectionUri : https://eur01b.ps.compliance.protection.outlook.com AzureAdAuthorizationEndpointUri : https://login.microsoftonline.com/organizations TokenExpiryTimeUTC : 20/04/2024 10:01:24 +00:00 CertificateAuthentication : False ModuleName : C:\Users\*******\AppData\Local\Temp\tmpEXO_5lnrtren.etr ModulePrefix : Organization : DelegatedOrganization : AppId : PageSize : 1000 TenantID : 081cc50b-e5a5-4e76-b6b7-d7c274899193 TokenStatus : Active ConnectionUsedForInbuiltCmdlets : False IsEopSession : True ConnectionId : 3d3547ec-f35e-4dc3-ba50-ed2f93ef0c35 State : Connected Id : 2 Name : ExchangeOnline_2 UserPrincipalName : ******* ConnectionUri : https://outlook.office365.com AzureAdAuthorizationEndpointUri : https://login.microsoftonline.com/organizations TokenExpiryTimeUTC : 20/04/2024 11:50:29 +00:00 CertificateAuthentication : False ModuleName : C:\Users\*******\AppData\Local\Temp\tmpEXO_a2axh3gk.iwh ModulePrefix : Organization : DelegatedOrganization : AppId : PageSize : 1000 TenantID : 081cc50b-e5a5-4e76-b6b7-d7c274899193 TokenStatus : Active ConnectionUsedForInbuiltCmdlets : True IsEopSession : False If I run Get-Module I can see the modules I understand are necessary - Name : ExchangeOnlineManagement Path : C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.4.0\netFramework\ExchangeOnli neManagement.psm1 Description : This is a General Availability (GA) release of the Exchange Online Powershell V3 module. Exchange Online cmdlets in this module are REST-backed and do not require Basic Authentication to be enabled in WinRM. REST-based connections in Windows require the PowerShellGet module, and by dependency, the PackageManagement module. Please check the documentation here - https://aka.ms/exov3-module. For issues related to the module, contact Microsoft support. Guid : b5eced50-afa4-455b-847a-d8fb64140a22 Version : 3.4.0 ModuleBase : C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.4.0 ModuleType : Script PrivateData : {PSData} AccessMode : ReadWrite ExportedAliases : {} ExportedCmdlets : {[Add-VivaModuleFeaturePolicy, Add-VivaModuleFeaturePolicy], [Get-ConnectionInformation, Get-ConnectionInformation], [Get-DefaultTenantBriefingConfig, Get-DefaultTenantBriefingConfig], [Get-DefaultTenantMyAnalyticsFeatureConfig, Get-DefaultTenantMyAnalyticsFeatureConfig]...} ExportedFunctions : {[Connect-ExchangeOnline, Connect-ExchangeOnline], [Connect-IPPSSession, Connect-IPPSSession], [Disconnect-ExchangeOnline, Disconnect-ExchangeOnline]} ExportedVariables : {} NestedModules : {Microsoft.Exchange.Management.RestApiClient, Microsoft.Exchange.Management.ExoPowershellGalleryModule} Name : Microsoft.PowerShell.Management Path : C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerS hell.Management.psd1 Description : Guid : eefcb906-b326-4e99-9f54-8b4bb6ef3c6d Version : 3.1.0.0 ModuleBase : C:\Windows\System32\WindowsPowerShell\v1.0 ModuleType : Manifest PrivateData : AccessMode : ReadWrite ExportedAliases : {[gcb, gcb], [gin, gin], [gtz, gtz], [scb, scb]...} ExportedCmdlets : {[Add-Computer, Add-Computer], [Add-Content, Add-Content], [Checkpoint-Computer, Checkpoint-Computer], [Clear-Content, Clear-Content]...} ExportedFunctions : {} ExportedVariables : {} NestedModules : {Microsoft.PowerShell.Commands.Management.dll} Name : Microsoft.PowerShell.Utility Path : C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShel l.Utility.psd1 Description : Guid : 1da87e53-152b-403e-98dc-74d7b4d63d59 Version : 3.1.0.0 ModuleBase : C:\Windows\System32\WindowsPowerShell\v1.0 ModuleType : Manifest PrivateData : AccessMode : ReadWrite ExportedAliases : {[CFS, CFS], [fhx, fhx]} ExportedCmdlets : {[Add-Member, Add-Member], [Add-Type, Add-Type], [Clear-Variable, Clear-Variable], [Compare-Object, Compare-Object]...} ExportedFunctions : {[ConvertFrom-SddlString, ConvertFrom-SddlString], [Format-Hex, Format-Hex], [Get-FileHash, Get-FileHash], [Import-PowerShellDataFile, Import-PowerShellDataFile]...} ExportedVariables : {} NestedModules : {Microsoft.PowerShell.Commands.Utility.dll, Microsoft.PowerShell.Utility} Name : PSReadLine Path : C:\Program Files\WindowsPowerShell\Modules\PSReadLine\2.0.0\PSReadLine.psm1 Description : Great command line editing in the PowerShell console host Guid : 5714753b-2afd-4492-a5fd-01d9e2cff8b5 Version : 2.0.0 ModuleBase : C:\Program Files\WindowsPowerShell\Modules\PSReadLine\2.0.0 ModuleType : Script PrivateData : AccessMode : ReadWrite ExportedAliases : {} ExportedCmdlets : {[Get-PSReadLineKeyHandler, Get-PSReadLineKeyHandler], [Get-PSReadLineOption, Get-PSReadLineOption], [Remove-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler], [Set-PSReadLineKeyHandler, Set-PSReadLineKeyHandler]...} ExportedFunctions : {[PSConsoleHostReadLine, PSConsoleHostReadLine]} ExportedVariables : {} NestedModules : {Microsoft.PowerShell.PSReadLine} Name : tmpEXO_5lnrtren.etr Path : C:\Users\******\AppData\Local\Temp\tmpEXO_5lnrtren.etr\tmpEXO_5lnrtren.etr.psm1 Description : This is a Powershell module generated by using the AutoGEN infra. Guid : 2c604488-886e-4090-ac70-2b9a3130c449 Version : 1.0 ModuleBase : C:\Users\********\AppData\Local\Temp\tmpEXO_5lnrtren.etr ModuleType : Script PrivateData : {PSData} AccessMode : ReadWrite ExportedAliases : {} ExportedCmdlets : {} ExportedFunctions : {[Add-ComplianceCaseMember, Add-ComplianceCaseMember], [Add-eDiscoveryCaseAdmin, Add-eDiscoveryCaseAdmin], [Add-RoleGroupMember, Add-RoleGroupMember], [Cancel-DlpEdmSession, Cancel-DlpEdmSession]...} ExportedVariables : {[HelpFileNames, System.Management.Automation.PSVariable]} NestedModules : {} Name : tmpEXO_a2axh3gk.iwh Path : C:\Users\*******\AppData\Local\Temp\tmpEXO_a2axh3gk.iwh\tmpEXO_a2axh3gk.iwh.psm1 Description : This is a Powershell module generated by using the AutoGEN infra. Guid : e84305bc-e9b9-45bd-bb9f-d38a411419b2 Version : 1.0 ModuleBase : C:\Users\********\AppData\Local\Temp\tmpEXO_a2axh3gk.iwh ModuleType : Script PrivateData : {PSData} AccessMode : ReadWrite ExportedAliases : {} ExportedCmdlets : {} ExportedFunctions : {[Add-AvailabilityAddressSpace, Add-AvailabilityAddressSpace], [Add-DistributionGroupMember, Add-DistributionGroupMember], [Add-MailboxFolderPermission, Add-MailboxFolderPermission], [Add-MailboxLocation, Add-MailboxLocation]...} ExportedVariables : {[HelpFileNames, System.Management.Automation.PSVariable]} NestedModules : {} And once the script exits, I can then do 'Get-Command Get-Mailbox' and get a good response. So the connection is clearly working, the script just cannot seem to access the functions/cmdlets while it is running. This is Twilight Zone stuff right!? I do not know if it's relevant, but we use AppLocker. So in my unelevated PS session I am in ConstrainedLanguage mode, but the script is excluded from AppLocker so executes in FullLanguage mode. I feel like I'm missing something fundamental about how PS sessions or scopes operate within a script run as admin vs a regular user, or is there a bug in Connect-ExchangeOnline, but no amount of Google searching has saved my mind yet! Thanks
Unable to create a centralised email address containing ”.admin” when ending in @outlook.com
Seeking some guidance how it would be possible to create a centralised email address containing xxxx”.admin” to an @outlook.com email address? The “.admin” address will be used as the front desk / home base for (non-personal) incoming emails and enquires, as well as a central calendar account.
Exclude Microsoft first party applications in Azure conditional access policy
We have app built on Microsoft Graph resource and we have a conditional access policy that targets all cloud apps. when users sign into this app using Chrome browser on iOS they get error and prompt to use Edge. We do not want users to change the browser and tried to exclude Microsoft Graph from CA policy using all options including API but fails with the below error. Policy contains invalid applications: unsupported firstpartyapplication. Is there a way to exclude Microsoft Graph from the policy?
