Exchange Online & Splunk – Automating the solution

13th of November, 2017 / / No Comments

NOTES FROM THE FIELD:

I have recently been consulting on, what I think is a pretty cool engagement to integrate some Office365 mailbox data into the Splunk reporting platform.
I initially thought about using a .csv export methodology however through trial & error (more error than trial if I’m being honest), and realising that this method still required some manual interaction, I decided to embark on finding a fully automated solution.
The final solution comprises the below components:

  • Splunk HTTP event collector
    • Splunk hostname
    • Token from HTTP event collector config page
  • Azure automation account
    • Azure Run As Account
    • Azure Runbook
    • Exchange Online credentials (registered to Azure automation account

I’m not going to run through the creation of the automation account, or required credentials as these had already been created, however there is a great guide to configuring the solution I have used for this customer at  https://www.splunk.com/blog/2017/10/05/splunking-microsoft-cloud-data-part-3.html[Keep reading] “Exchange Online & Splunk – Automating the solution”

A tool to find mailbox permission dependencies

5th of November, 2017 / / 30 Comments

First published at https://nivleshc.wordpress.com
When planning to migrate mailboxes to Office 365, a lot of care must be taken around which mailboxes are moved together. The rule of the thumb is “those that work together, move together”. The reason for taking this approach is due to the fact that there are some permissions that do not work cross-premises and can cause issues. For instance, if a mailbox has delegate permissions to another mailbox (these are permissions that have been assigned using Outlook email client) and if one is migrated to Office 365 while the other remains on-premises, the delegate permissions capability is broken as it does not work cross-premises.… [Keep reading] “A tool to find mailbox permission dependencies”

Azure Functions Cold Start Workaround

4th of November, 2017 / / No Comments

Intro

I love Azure Functions. So much power for so little effort or cost. The only downside is that the consumption model that keeps the cost so dirt-cheap means that unless you are using your Function constantly (in which case, you might be better off with the non-consumption options anyway), you will often be hit with a long delay as your Function wakes up from hibernation.

So very cold…

This isn’t a big deal if you are dealing with a fire and forget queue trigger scenario, but if you have web app that is calling the HTTP trigger and you need to wait for the Function to do it’s job before responding with a 200 OK… that’s a long wait (well over 15 seconds in my experience with a PowerShell function that loads a bunch of modules).… [Keep reading] “Azure Functions Cold Start Workaround”

Enabling and using Managed Service Identity to access an Azure Key Vault with Azure PowerShell Functions

19th of September, 2017 / / 4 Comments

Introduction

At the end of last week (14 Sept 2017) Microsoft announced a new Azure Active Directory feature – Managed Service Identity. Managed Service Identity helps solve the chicken and egg bootstrap problem of needing credentials to connect to the Azure Key Vault to retrieve credentials. When used in conjunction with Virtual Machines, Web Apps and Azure Functions that meant having to implement methods to obfuscate credentials that were stored within them. I touched on one method that I’ve used a lot in this post here whereby I encrypt the credential and store it in the Application Settings, but it still required a keyfile to allow reversing of the encryption as part of the automation process.… [Keep reading] “Enabling and using Managed Service Identity to access an Azure Key Vault with Azure PowerShell Functions”

Ok Google Email me the status of all vms – Part 2

10th of September, 2017 / / No Comments

First published at https://nivleshc.wordpress.com
In my last blog, we configured the backend systems necessary for accomplishing the task of asking Google Home “OK Google Email me the status of all vms” and it sending us an email to that effect. If you haven’t finished doing that, please refer back to my last blog and get that done before continuing.
In this blog, we will configure Google Home.
Google Home uses Google Assistant to do all the smarts.… [Keep reading] “Ok Google Email me the status of all vms – Part 2”

Ok Google Email me the status of all vms – Part 1

10th of September, 2017 / / No Comments

First published at https://nivleshc.wordpress.com
Technology is evolving at a breathtaking pace. For instance, the phone in your pocket has more grunt than the desktop computers of 10 years ago!
One of the upcoming areas in Computing Science is Artificial Intelligence. What seemed science fiction in the days of Isaac Asimov, when he penned I, Robot seems closer to reality now.
Lately the market is popping up with virtual assistants from the likes of Apple, Amazon and Google.… [Keep reading] “Ok Google Email me the status of all vms – Part 1”

Configuring Remote PowerShell to a Remote Active Directory Forest for FIM/MIM GalSync

7th of September, 2017 / / No Comments

Introduction

Windows Remote Management (aka Remote PowerShell) is a wonderful thing; when it works straight out of the box when you’re in the same domain. Getting it working across Forests though can feel like jumping through hoop after hoop, and sometimes like the hoops are on fire.  When configuring GALSync ([Exchange] Global Address List Synchronisation) with FIM/MIM this always means across AD Forests. The graphic below shows the simplest relationship. If there is a firewall(s) in between then you’ll have additional hoops to jump through.… [Keep reading] “Configuring Remote PowerShell to a Remote Active Directory Forest for FIM/MIM GalSync”

Receive Push Notifications from Microsoft Identity Manager on your Mobile/Tablet/Computer

5th of September, 2017 / / No Comments

Background

Recently in a FIM/MIM environment a daily automated process was executing but the task it was performing was dependent on an upstream process that generates a feed, and the schedule for that feed had changed (without notice to me). Needless to say FIM/MIM wasn’t getting the information it needed to process. This got me thinking about notifications.
If you’re anything like me you probably have numerous email accounts and your subconscious has all but programmed itself to ignore “new email” notifications.… [Keep reading] “Receive Push Notifications from Microsoft Identity Manager on your Mobile/Tablet/Computer”

Exchange Online – Mapi over Http Transition

1st of September, 2017 / / No Comments

Microsoft has announced that from 31st October 2017, outlook clients using RPC over Http protocol to connect to Office 365 will be no longer supported. Only Mapi over Http clients will be in action onwards. This announcement has left many administrators thinking, What exactly does that mean for my organization? What actions are required to avoid any business impact? Is it time to update outlook clients and upto what level? And last but not the least how can I verify if all necessary steps have been taken to ensure business as usual.… [Keep reading] “Exchange Online – Mapi over Http Transition”

Certificate Management using PowerShell and Lambda Functions

17th of August, 2017 / / No Comments

Certificate Management

1. Why Certificate Management is required.

Certificates installed on client machines are one of the critical resources in the client’s infrastructure. Monitoring certificates is critical to any company willing to successfully provide Certificate Management service. The process of manually reporting certificate details is tedious is time consuming, so it better to automate it.
The following document will explain the steps to configure AWS services to provide certificate management for customers with AWS hosted infrastructure.… [Keep reading] “Certificate Management using PowerShell and Lambda Functions”