Compliance licenses at tenant level
Hi, We are a small organization of about 200 employees, and we have following requirements. DLP policies configuration at Exchange, OneDrive, SharePoint BYOD security Users should not be able to send files outside the org And so on as we evaluate We already have M365 Business Premium. However, after researching we figured out that M365 Business premium will alone not solve our requirements. May be compliance license will. We want to apply security policies at tenant level in our organization but definitely do not want every user to get licenses as this will be expensive for us and there is no requirement at all for our users. The question is, Is there a way to solve the above scenario?Meraki VPN L2TP with Preshared key via Intune
Hey everyone, I'm trying to deploy Meraki VPN L2TP with Preshared key via Intune. I have previously tried to deploy the rasphone.pbk file using PS Script to "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk". The file was deployed successfully but Preshared key is not being copied. The next method I used was to create a VPN profile using PS script. I used the script below but EncryptionLevel Optional is being returned as error. # Add the VPN connection Add-VpnConnection ` -Name "MY VPN" ` -ServerAddress "myvpn.com" ` -TunnelType L2tp ` -L2tpPsk "myPSK" ` -AuthenticationMethod Pap ` -EncryptionLevel Optional ` -Force ` -AllUserConnection $True # Path to the rasphone.pbk file for all user connections $pbkPath = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk" # Ensure the file exists if (Test-Path -Path $pbkPath) { # Read the contents of the file $pbkContent = Get-Content -Path $pbkPath -Raw # Modify the contents to enforce PAP (128) and require username and password $pbkContent = $pbkContent -replace "(?msi)^(\[$([regex]::Escape("MY VPN"))\].*?^Authentication=).*$", '${1}128' # Write the modified contents back to the file $pbkContent | Set-Content -Path $pbkPath } else { Write-Error "The rasphone.pbk file does not exist at the specified path: $pbkPath" } Error: WARNING: The currently selected encryption level requires EAP or MS-CHAPv2 logon security methods. Data encryption will not occur for Pap or Chap. The requirements are to use PAP and rasphone.pbk should be created under "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk" and preshared key should be copied. So that I can connect to VPN settings via taskbar bottom right by entering username and password. Can someone assist to modify the script or provide any alternate solution?
Using Email Encryption: Remote tenants not able to authenticate / open encrypted messages
We are using automation plus a flow rule to force encrypted emails via flow rules that apply Office 365 Message Encryption and Rights Protection with the "Encrypt Only" policy. However, when we send to people who are on remote tenants, we run into an unusual problem. Some tenants "just work", while other tenants hard fail with a notice that says the following: Selected user account does not exist in tenant 'Tenant Name' and cannot access the application 'UUID Here' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account. Unfortunately, there's no option to bypass this for those recipients and no way to force one time password authentication options where they have to request a OTP and then use that. It enforces the use of MS365 Tenant auth rather than OTP, which is unusual and problematic because while *certain* remote tenants "just work" others do not. I'm confused as to where to look next. Is there a way to force OTP-only in the outgoing encryption for a message with transport rules on the Outlook 365 admin panel? Alternatively, is there a way to automatically permit external tenant accounts/recipients to just work? Please feel free to ask any questions necessary to solve this on our end, it's a core component of one of our information sending systems to partners and it's not working as intended.
Email Encryption Issues
We have an Outlook rule in place that anything that includes “Secure:” in the subject line, that email will be sent out encrypted. The issue that has been escalated recently is that if the email has “Secure:” in the subject link, plus an attachment that is not encrypted such as a PDF or Excel file, the recipient receives the email but cannot open the file. They get an error message that says your Outlook account does not have permission to open this file, please contact [senders’ email] We have O365 E1 licensing. One user has E3 and does not experience this issue.Encrypting and Decrypting sensitive Information in ASP.NET Core
In today’s digital landscape, securing sensitive information is more critical than ever. If you're using ASP.NET Core, you might store configuration settings in appsettings.json. However, hardcoding sensitive data like connection strings or API keys in plain text can expose your application to serious risks.
Outlook S/MIME issue - encryption makes mail unreadable
Hello all, since a few weeks some coworkers including myself expierence a strange behaviour in Outlook. All Outlook clients are set up to encrypt every mail via S/MIME. Some external contacts can't read those encrypted mails, that's why we deactivate the encryption for those mails over die encryption button in Outlook. If we then send the mail out, the mail appears as encrypted in the "sent mails" folder, the recipient can't open the mail and the sender itself can't even open it. It seems like Outlook has some major issues with the S/MIME encryption. Has anyone experienced any similar behaviour or maybe has a an idea what could cause this problem? Cheers, ErikOutlook desktop client is encrypting emails despite the sensitivity label setting
We have 3 different sensitivity labels set up - General, Internal and Confidential. The General label does not encrypt content, internal and confidential do. The default label for emails is Confidential. When someone uses the Outlook Desktop client (release 2407) and switches from Confidential to General, the email is still encrypted. This doesn't happen with the Outlook web client. If the switch from Confidential to Internal and then to General, the email is not encrypted. Has anyone else seen this behavior?How to Handle an Unwanted Sensitivity Label
Sometimes sensitivity labels defined for use within a Microsoft 365 tenant turn out to be unnecessary. The question then is what to do with these unwanted sensitivity labels. The answer is to pause for thought, gather information, and then make an informed decision, all of which we discuss here. https://practical365.com/how-to-handle-an-unwanted-sensitivity-label/
