Thursday 14 May 2020

Connect to Exchange Online to check whether Modern Authentication is enabled or not?

Microsoft is going to disable basic/legacy authentication for Exchange Online. What does that actually mean and does that impact me?

Update: On April 3rd, the Exchange Team announced that due to the COVID019 crisis, they will postpone disabling legacy authentication until the second half of 2021.

Update: On April 30, the Exchange Team announced that OAuth 2.0 authentication for IAMP and SMTP AUTH protocols is now available. In order to leverage this functionality mail clients need to start using it (so they need an update)

On March 7, 2018 the Microsoft Exchange Team announced that on October 13, 2020 it would stop the support for Basic Authentication (also called Legacy authentication) for Exchange Web Services (EWS) in Exchange Online (EXO), the version of Exchange offered as a service part of Office 365. EWS is a web service which can be used by client applications to access the EXO environment. The team also announced that EWS would not receive any feature updates anymore, and suggests customers to transition towards using Microsoft Graph to access EXO.

One and a half year later, on November 20, 2019 the Exchange Team also announced to stop supporting Basic Authentication for Exchange ActiveSync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (IMAP) and Remote PowerShell on October 13 2020 as well. Authenticated Simple Mail Transfer Protocol (SMTP) will stay supported when used with Basic Authentication.

Instead of supporting Basic/Legacy authentication Microsoft will move towards only supporting Modern Authentication for most of the methods used to connect to Exchange Online.

So what is this Legacy/Basic and Modern Authentication exactly?

When using Basic/Legacy Authentication application sends a username and password with every request to Exchange Online which either forwards the credentials towards Azure AD or a federated authentication provider like Active Directory Federation Services (ADFS). The problem with Basic/Legacy authentication is that it’s vulnerable to brute force or password spray attacks.

Modern Authentication is based on OAuth 2.0 and the Active Directory Authentication Library (ADAL) providing token based authentication. OAuth 2.0 in this case is the protocol being used, and ADAL is used to authenticate against Azure AD.

Token based authentication, as described by the World Wide Web Consortium (W3C):

“The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource – without using their username and password. Once their token has been obtained, the user can offer the token – which offers access to a specific resource for a time period – to the remote site. Using some form of authentication: a header, GET or POST request, or a cookie of some kind, the site can then determine what level of access the request in question should be afforded.“

So Microsoft wants you to move towards Modern Authentication since it’s a more secure solution. Another big advantage of using Modern Authentication is that it can leverage Azure AD Conditional Access, giving you the option to force MFA for users among other options. See my blogpost series on Azure AD Conditional Access for more information about implementing Conditional Access..

How can I check whether Modern Authentication is enabled or not?

If your tenant was created after August 1, 2017 Modern Authentication is turned on by default, that does not mean that in the meantime someone disabled Modern Authentication of course.

The easiest way to check if Modern Authentication is enabled is by looking in the Microsoft 365 Admin Center. Once in the Admin Center go to Settings -> Settings – > Modern Authentication. Here you can check if Modern authentication is enabled.

Powershell Command to check whether Modern Authentication is enabled or not?

Connect to Exchange Online

using elevated PowerShell command run the following:

$UserCredential = Get-Credential

In the Windows PowerShell Credential Request dialog box, type your work or school account and password, and then click OK.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session -DisableNameChecking

Get-OrganizationConfig | ft name, *OAuth*

Name OAuth2ClientProfileEnabled

---- --------------------------

****365.onmicrosoft.com False

Important Note

Be sure to disconnect the remote PowerShell session when you're finished. If you close the Windows PowerShell window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you'll need to wait for the sessions to expire. To disconnect the remote PowerShell session, run the following command.

Remove-PSSession $Session

Thursday 6 February 2020

Automate Azure App Services for website

Azure App Services for website

Automate the launching of websites via Azure services. This usually is a manual process of updating DNS to point to azure and adding the domain to azure. Godaddy has an API that allows changing A, txt and CName records. I need to be able to:

a) Add a domain to aure without having to pove the a/cname records to azure so this step can be done before launch is needed

b) API or somethig that will let me add domains to a web app from an automated process (API, etc)

Information on how to manage your App Service, summary below:

How to get FTP credentials for your App Service:

In the Azure Portal, browse to the App Service and click on the "Get Publish Profile" link, the value for Publish URL is the hostname and the username and password are found afterwards (see image below):

How to access phpMyAdmin

Browse to the Advanced Tools blade on your App Service and click on the Go button, this will take you to your Kudu console, just type /phpMyAdmin at the end of the URL to manage your database (see image below):

How to find the connection string for your App Service

Click on the "Configuration" blade, you can find your connection data under the Connection strings (see image below):

How to have your developers work remotely on your database

They can use MySQL WorkBench found at https://www.mysql.com/products/workbench/, they will need the hostname, username and password found on the connection string.

Friday 10 January 2020

Export Your SSL Certificate w/Private Key Using the DigiCert Certificate Utility

Exporting Your SSL Certificate from a Microsoft Server for Importing to Another Microsoft Server or Apache server

SSL Certificate Export Instructions (PFX Format)

Thursday 9 January 2020

Ventej Castle - House warming and musical event

Ventej Castle, Highlights

Ventej Castle Music Event: House warming

Monday 16 December 2019

Creating a CSR

Use the instructions on this page to create your certificate signing request (CSR) and then to install your SSL certificate in IIS 8 on Windows Server 2012 or IIS 8.5 on Windows Server 2012 R2.

1. To create your CSR via IIS 8 and IIS 8.5: How to Create Your CSR on Windows Server 2012.

2. To install your SSL certificate, via IIS 8 and IIS 8.5: How to Install and Configure Your SSL Certificate on Windows Server 2012.

Step 1: Create Your CSR in IIS 8 or IIS 8.5 on Windows Server 2012

1. From the Start screen, find Internet Information Services (IIS) Manager and open it.

2. In the Connections pane, locate and click the server.

3. In the server Home page (center pane) under the IIS section, double-click Server Certificates.

4. In the Actions menu (right pane), click Create Certificate Request.

5. In the Request Certificate wizard, on the Distinguished Name Properties page, provide the information specified below and then click Next.

Common name:	The fully-qualified domain name (FQDN) (e.g., www.example.com).
Organization:	Your company’s legally registered name (e.g., YourCompany, Inc.).
Organizational unit:	The name of your department within the organization. This entry will usually be listed as "IT", "Web Security", or is simply left blank.
City/locality:	The city where your company is legally located.
State/province:	The state/province where your company is legally located.
Country/region:	The country/region where your company is legally located. Use the drop-down list to select your country.

7. On the Cryptographic Service Provider Properties page, provide the information specified below and then click Next.

Cryptographic service provider:	In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider).
Bit length:	In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length).

9. On the File Name page, under Specify a file name for the certificate request, click the … button to specify a save location for your CSR.

Note: Remember the filename and save location of your CSR file. If you enter a filename without specifying a location, your CSR will be saved to C:\Windows\System32.

10. When you are done, click Finish.

11. Open the CSR file using a text editor (such as Notepad), then copy the text (including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags) and paste it into the DigiCert order form.

12. After you receive your SSL certificate from DigiCert, you can install it.

Creating a CSR and Installing and configuring your SSL

Step 1:Creating a CSR

Step 2: Install and Configure Your SSL Certificate in IIS 8 or IIS 8.5 on Windows Server 2012

Detailed Steps are provided at the Certificate Authority site. refer here

Quick Shortcut in Windows 10 - Recording sessions

Windows key + shift-S

You can also use keyboard shortcut Windows key + shift-S to capture a screenshot with Snip & Sketch. Your screen will dim and you'll see Snip & Sketch's small menu at the top of your screen that will let you choose with type of screenshot you want to capture.

Alt + Print Screen

To take a quick screenshot of the active window, use the keyboard shortcut Alt + PrtScn. This will snap your currently active window and copy the screenshot to the clipboard. You'll need to open the shot in an image editor to save it.

PSR.exe to record steps to reproduce a problem

"every swing is precious in life..!" - Rinith

"you cant let failures to define you, you have to let failures to teach you"

"If you fail to plan you are planning to fail"

"When you point your finger at someone, three fingers are pointing back at you"

"Fools laugh at others. Wisdom laughs at itself"

"Every Step you Leap is at the Bottom of Another" - Rinith

"If you don't listen to elders, you end up with incidents and accidents" - Rinith

"my blogspot is meant to dance on the ripples of hours" -Rinith

paraDisE beyond the eArTH

Pages