TechShizz | All posts by rich

Setting up Encrypted email in Office 365 in 5 Steps

1. Ensure you have assigned an Azure right Management license to the user in Office 365.

2. Run the following from a an Elevate PowerShell instance.

If you have never installed Encrypted email before, you may need to install AzureRM and AADRM.

Install-Module -Name AzureRM -AllowClobber
Install-Module -Name AADRM

3. Next run this script (you will need the tenant office 365 credentials):

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
$cred = Get-Credential
Get-Command -Module aadrm
Connect-AadrmService -Credential $cred
Enable-Aadrm
$rmsConfig = Get-AadrmConfiguration
$licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl
Disconnect-AadrmService
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
$irmConfig = Get-IRMConfiguration
$list = $irmConfig.LicensingLocation
if (!$list) { $list = @() }
if (!$list.Contains($licenseUri)) { $list += $licenseUri }
Set-IRMConfiguration -LicensingLocation $list
Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
Set-IRMConfiguration -ClientAccessServerEnabled $true

4. To test it is working run:

Test-IRMConfiguration -Sender user@domain.co.uk

5. Next, in the Office 365 Exchange Admin centre, set up a mail flow rule like this:

Activating Volume License Project and Visio Click to Run installations

Problem

You are unable to install Project or Visio Volume License editions along side normal Office 2013/2016 click to run installations. You may get an error like "this product key is for the volume-licensed version of project 2016"

Cause

Microsoft keep moving the goal posts! 

Solution
  1. Use the Office 365 Offline Deployment tool to download the "ProjectStdXVolume" product.
  2. Before running the setup, amend the config file to include the PID key Like so:

<Product ID="VisioProXVolume" PIDKEY="69WXN-MBYV6-22PQG-3WGHK-RM6XC">

Choose te correct PID for the required edition:

Edition ID PIDKEY
Visio Standard 2016  VisioStdXVolume  NY48V-PPYYH-3F4PX-XJRKJ-W4423 
Visio Professional 2016  VisioProXVolume  69WXN-MBYV6-22PQG-3WGHK-RM6XC 
Project Standard 2016  ProjectStdXVolume  D8NRQ-JTYM3-7J2DX-646CT-6836M 
Project Professional 2016  ProjectProXVolume  WGT24-HCNMF-FQ7XH-6M8K7-DRTW9 
Next, to activate the software make sure you have the C2R-P MAK key, not the MSI MAK key.

MAK keys that you use for Windows Installer (MSI) installations of Visio and Project won't work with the Office Deployment Tool. You need a different MAK key to deploy volume licensed editions of Visio and Project with the Office Deployment Tool. To get that MAK key, log into the Volume Licensing Service Center (VLSC) and use the key listed under "C2R-P for use with the Office Deployment Tool."

Reference, Links and Imges

https://docs.microsoft.com/en-us/deployoffice/use-the-office-deployment-tool-to-install-volume-licensed-editions-of-visio-2016 

Redirected Folders In-Accessible OR Access Denied

Problem

User logs on and there are no icons (Redirectoed Folder). Error states that the server \\Server\RedirectedFolders is Inaccessible OR access denied. You are able to access the redirected folders via \\192.168.x.x but not by the NetBios or FQDN.  

Cause

Unknown but suspect this is to do with the TCP/IP stack on the machine. Issue appears to be DNS however fix suggests it's TCP/IP.

Solution

A WINSOCK reset resolved this issue. 

netsh winsock reset

Disable ADAL for Outlook 2016

Problem

Various authentication issues including:

  • O365 profiles sets up instead of on prem mailbox
  • Outlook wont authenticate on Office 365
  • Outlook wont authenticate on Office 365 with SSO
Cause

ADAL is the new authentication method for azure cloud solutions. It over-rides the standard kerberos, basic and NTLM protocols.

Solution

ADAL can be disabled by registry key:

To disable modern authentication on a device, set the following registry keys:

Registry key

    Type

       Value

HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL

    REG_DWORD

        0


Reference, Links and Imges

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook/modern-authentication-on-outlook-2016-keeps-on/98a263f4-ab9c-4d6f-b5eb-2728a8e77412