CHANGE LOG: View Quarantine add-in for Outlook

Monday, October 11, 2021

View Quarantine add-in for Outlook Change Log

Please see How to install an Outlook add-in to view the Microsoft 365 End-User Quarantine for a full description and installation instructions.

Version 1.0.0.0: Microsoft won't certify my add-in because they say it "does not provide significant value or benefits to commercial marketplace customers". I think most of you will disagree. I'll keep trying to get it certified, but in the meantime you can always install it from my website using the procedures from my blog article.

Version 1.0.1.0: Added automatic localization for 37 languages. Reinstall the add-in to if you need one of these languages. Please let me know if my translations need adjustments.


Version 1.1.1.0 : Added new manifest.xml (option 1) and ZIP file (option 2) deployments for GCC (Government Cloud) and GCC High (Government Cloud High) tenants.

Read more ...
by at No comments:
Tags , , ,

Install an Outlook add-in to view the Microsoft 365 End-User Quarantine

Thursday, October 7, 2021
This article explains how to install an Outlook add-in called View Quarantine that will open the Microsoft 365 end-user quarantine in a browser with a single click. This makes it really easy to access the quarantine directly from Outlook. And since this is a true Office add-in, it also displays and works in Outlook mobile and Outlook on the web!

I'm happy to announce that the add-in now also works with Microsoft Government Community Clouds (GCC and GCC High)! View the change log for status and feature updates.

The add-in shows in the Outlook ribbon when viewing any folder that contains mail items. 

The View Quarantine add-in for Outlook

Simply click the button to open the Microsoft Defender Online end-user quarantine in your default browser. You may need to sign-in to view the quarantine.

The Microsoft 365 end-user quarantine

I originally built this add-in using the Build your first Outlook add-in - Office Add-ins documentation. This gave me a good head start to build and customize the add-in.

The add-in consists of three files plus icons in various sizes for the different platforms.

Source File

Description

commands.html

An HTML "wrapper" that calls the JavaScript used by the add-in when the button is clicked.

commands.js

The JavaScript functions that provide status and open the end-user quarantine in a browser.

manifest.xml

The real heart of the add-in. It defines the unique ID for the add-in and describes when to display the View Quarantine button and how the add-in functions.

assets folder

Contains six icon files of different sizes and opacity for Outlook, OWA, and Outlook mobile.

I'm currently in the process of publishing this add-in to the AppSource marketplace via the Microsoft Partner Center. Please see the change log. In the meantime, there are two ways you can install the View Quarantine add-in now.

Option 1 -- Install via the Web

You can install the add-in from my website until Microsoft publishes it on AppSource.
  • Open Outlook and click the Get-Add-ins button in the ribbon. Alternatively, click File and click the Manage Add-Ins button at the bottom.
  • Click My add-ins in the top left.
  • Click the + Add a custom add-in dropdown at the bottom of the window under Custom add-ins, then select Add from URL...
  • Enter the following URL: https://www.expta.com/quarantine/manifest.xml and click OK.
    • If your mailbox is in a GCC tenant use the following URL: https://www.expta.com/quarantine-gcc/manifest.xml
    • If your mailbox is in a GCC High tenant use the following URL: https://www.expta.com/quarantine-gcch/manifest.xml

  • You will see a warning before installation. Click Install to install the add-in.

  • The add-in will now be listed under Custom add-ins. Note: To remove the View Quarantine add-in at any time, click the ellipses (...) and select Remove.
  • Close the Add-ins window to add it to the Outlook ribbon.

Option 2 -- Install from Source Files

You can also install the add-in using the manifest.xml file in my source files.
  • Open Outlook and click the Get-Add-ins button in the ribbon (shown above).
  • Click My add-ins in the top left.
  • Click the + Add a custom add-in dropdown at the bottom of the window under Custom add-ins, then select Add from file...
  • Browse to the manifest.xml file and click Open.
  • You will see a warning before installation. Click Install to install the add-in.

  • The add-in will now be listed under Custom add-ins.
  • Close the Add-ins window to add it to the Outlook ribbon.

Deploying to All Users in the Organization

Once you're satisfied that the add-in is installed and working properly, you can deploy it to all users in your organization. Here's how to do that:
  • Open the Microsoft Admin Center and navigate to Settings > Integrated Apps > Add-Ins.
  • Click Deploy Add-In and Next.
  • Click the Upload Custom Apps button.
  • Select I have a URL for the manifest file and enter one of the following URLs:
    • For standard M365 use https://www.expta.com/quarantine/manifest.xml
    • For GCC use https://www.expta.com/quarantine-gcc/manifest.xml
    • For GCC High use https://www.expta.com/quarantine-gcch/manifest.xml
  • Select whether to install the add-in for everyone or specific users.
  • Select a Deployment Method.
    • Fixed (Default). The add-in will be automatically deployed to the assigned users and they will not be able to remove it from their ribbon.
    • Available. Users may install this add-in by clicking the Get More add-ins button on the home ribbon in Outlook and going to Admin-managed.
    • Optional. The add-in will be automatically deployed to the assigned users but they can choose to remove it from their ribbon.

I hope you enjoy this free Outlook add-in and you find it useful!

Read more ...
by at No comments:
Tags , , , , , ,

Notes and details on the eradication of Basic Authentication in Exchange Online

Wednesday, October 6, 2021



Unless you've been living under a rock, or are just blissfully unaware, Microsoft has been making a concerted push to remove Basic authentication from Exchange Online for some time.

There's a very good reason for this. Basic auth is a single factor authentication method (username/password), which is just too easy for the bad guys to guess and exploit. Modern Authentication, on the other hand, supports MFA and is much more secure. Disabling Basic auth in your tenant requires you to use Modern Auth for all authentication requests.

The trouble is that some legacy apps and clients still only use Basic auth. Fortunately, that list is getting shorter. As you may have read in the Microsoft Message Center or the Exchange Team Blog, Microsoft is currently disabling Basic auth in tenants that they've determined are not using it. I applaud this endeavor.

At a recent MVP meeting we discussed how this effort is being undertaken. Here are some notes and details on certain aspects that you might find useful or interesting.

  • Microsoft is examining tenants for actual Basic auth usage. They are not checking to see if the tenant has an Authentication Policy set or is using Conditional Access to block Basic authentication.
  • Basic auth is being disabled in the tenant configuration for all protocols except Autodiscover. Basic auth is required by Autodiscover for legacy (read, old) Outlook clients like Outlook 2013 and earlier. This alone is one of the best reasons to get off these old clients ASAP. See New minimum Outlook for Windows version requirements for Microsoft 365 starting November 1, 2021.
  • Basic auth for SMTP is being disabled for customers that don't use it by using the Set-TransportConfig -SmtpClientAuthenticationDisabled:$true command. Admins can reenable it by setting the value to $false. This setting can also be configured as a per-user setting, which is recommended. The user setting overrides the tenant setting.
  • Authentication Policies are the preferred way to disable Basic auth, rather than Conditional Access policies. CA policies only apply AFTER the user has already signed in.
  • You can use Authentication Policies to disable Basic auth for Autodiscover (and all other protocols). That means that if you may have two areas to check if you need to reenable Basic auth for a protocol -- the Auth Policy and the tenant configuration settings that Microsoft is using.
  • For a limited time, tenant admins can use the Basic Auth troubleshooter to run diagnostics and provide self-service options to reenable Basic auth for Exchange Online protocols such as POP3, IMAP4, Exchange ActiveSync, Exchange Web Services, Offline Address Book, MAPI, RPC and Remote PowerShell. Simply click the Help & Support button on any O365 portal and type Diag: Enable Basic Auth in EXO.

  • So far, they have disabled Basic auth in thousands of tenants since they started. Only 0.06% of tenants have reenabled Basic auth for a specific protocol, and all of them using the self-help troubleshooter.
  • Tenant admins can tell if Basic auth has been disabled in their tenant by connecting to Exchange Online PowerShell and running Get-OrganizationConfig | fl basic*. The BasicAuthBlockedApps property value will be 0 if Basic auth is still enabled or 255 if it's been fully disabled. This value is a bit mask for each of the following protocol values, totaling 255. Thanks to Greg Taylor for the secret decoder ring. 😊

Protocol

Action

Value

ActiveSync

Block Basic for Exchange ActiveSync

1

WebServices

Block Basic for Exchange Web Services

2

POP

Block Basic for POP3 Clients

4

IMAP

Block Basic for IMAP4 Clients

8

PowerShell

Block Basic for PowerShell

16

MAPI

Block Basic for MAPI Protocol

32

OAB

Block Basic for Offline Address Book

64

RPC

Block Basic for RPC Protocol

128
  • Be aware that if you've configured a client to connect using Basic auth (Outlook for Mac, for example), it will likely require you to reconfigure the client profile to use Modern Auth after Basic is disabled.
This information should be helpful in your "Death to Basic Auth" journey.

Read more ...
by at No comments:
Tags , , , , , , ,

Time is running out for Comms vNext 2021

Wednesday, October 6, 2021
Do you manage the exciting Microsoft Teams collaboration workspace? Are you tired of the thin content of virtual conferences? Do you miss the in-person collaboration and relationship-building that only an in-person conference can bring? Then you should come to Comms vNext Reconnect on October 25-26, 2021 in Denver, CO!



Comms vNext is an independent, Community-led event, created and fashioned with the Community in mind.

Here, you will meet with leaders in the Microsoft Teams community to learn best practices and how to be successful in your engagements. This in-person event will be held at the  Renaissance Denver Central Park Hotel in Denver, Colorado, with special pricing for Comms vNext attendees.


Read more ...
by at No comments:
Tags , , , , , , ,
Subscribe to: Posts (Atom)