All posts by JosL

Excluding Skype for Business from ADFS MFA

12/05/2016 JosL 20 Comments

When you want to use Skype for Business Online, but are using an on premises ADFS implementation and require MFA for all logins, Skype for Business will fail to authenticate. It cannot handle the ADFS Multi-Factor challenge because MFA is not yet supported for Office 365 Online Skype for Business tenants.

To exempt Skype for Business from your ADFS RPT, use the following claims rule


$rp = Get-AdfsRelyingPartyTrust -name "Microsoft Office 365 Identity Platform"

Set-AdfsRelyingPartyTrust –TargetRelyingParty $rp –AdditionalAuthenticationRules 'NOT EXISTS([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)skype"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)ACOMO"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)lync"]) => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");'

*With thanks to the IT team at NHTV 😉

O365Migrator, Office 365, Sharepoint Online

O365Migrator v0.8 released!

11/05/2016 JosL 22 Comments

Version 0.8 of O365Migrator is now available as a free download.

A frequently asked feature has been added to O365Migrator: in addition to migrating all your user’s homedirectories, O365Migrator can now also migrate entire fileservers (shares) to Sharepoint Online!

You can find the new version here.

OneDriveMapper

OnedriveMapper v2.31 released!

29/04/2016 JosL Leave a comment

Version 2.31 of OneDriveMapper has been released.

Changed elevation mediation method to scheduled task (used to be a registry hack)
Added logging to screen (in addition to logging to file), turned on by default
Added support for Sharepoint Mappings based on AD Security Groups
Fixed two minor bugs

Get the new version here

Office 365

Getting the Webdav URL of an Office 365 Group

28/04/2016 JosL 5 Comments

If you want to map a Sharepoint or Onedrive site to a drive, the required address to use in a net use command for the WebDav client (WebClient) can be found in the URL when you browse to it. This is not the case for Office 365 Groups, but the URL is fairly easy to find.

Make an office 365 group
Browse to the group’s files
Create a folder there
Enter the folder and note the current URL

Let’s say my group is called ‘OnedriveMapper’. If I’m at the root of the group’s files, the URL looks like this:

https://lieben.sharepoint.com/sites/onedrivemapper/_layouts/15/Group.aspx?GroupId=7010df87%2Da308%2D4904%2D975d%2Ddb1d0a0e5c1c&AppId=Files

However, if I enter my folder, the URL changes to this:

https://lieben.sharepoint.com/sites/onedrivemapper/_layouts/15/Group.aspx?GroupId=7010df87%2Da308%2D4904%2D975d%2Ddb1d0a0e5c1c&AppId=Files&id=%2Fsites%2Fonedrivemapper%2FGedeelde%20%20documenten%2Ftestfolder

So, it seems the default folder name in my tenant is ‘Gedeelde Documenten’, which is Dutch for Shared Documents. Putting the two together gives us the following final URL to map to:

https://lieben.sharepoint.com/sites/onedrivemapper/Gedeelde%20%20documenten

And yes, this works fine with Onedrivemapper 🙂

Exchange 2007, Powershell

Exchange 2007 or 2010 Public Folder report incl rights, email addresses and size

22/04/2016 JosL 5 Comments

Because I couldn’t quickly find a good script/tool to make a report of my Public Folders that includes a complete drilldown including if they’re mail enabled, what email addresses it has, who has rights on the folder and what size the folders are, I’m sharing this script with you 🙂

Edit: added support for Exchange 2010, uncomment the correct section and comment the 2007 code if you run this on 2010.

Continue reading →

Liebensraum