Preparing for TLS 1.2 Migration in Office 365

Recently, Microsoft announced a significant update: “We’re retiring 3DES (Triple Data Encryption Standard) in Office 365”.

3DES cipher is mostly used for TLS/SSL to encrypt HTTPS and SSH traffic. Since 2016, it has been marked as vulnerable due to SWEET32 attack (Attackers recovered small portions of plaintext when encrypted with 3DES) and planned complete usage deprecation before 2023. To provide security to data, Microsoft made changes in TLS service.

Before moving into how to plan for 3DES removal, let’s see about TLS and how 3DES removal impacts TLS.

What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a network. For ex, Websites uses TLS to secure all communications between their servers and browsers/clients. There are currently four versions of TLS protocol in use today: TLS 1.0,1.1,1.2 and 1.3

Why Office 365 moving to TLS 1.2?

Microsoft is planning to move all of its online services to TLS 1.2 or a later version to provide best-in-class encryption to its customers.  As of February 28, 2019, Microsoft will begin retiring 3DES. As a result, if your connections are currently using a 3DES cipher suite, they will fail when 3DES cipher suites are disabled. TLS versions 1.0 and 1.1 include cipher suites based on the 3DES algorithm. So,  all client-server and browser-server combinations must use TLS 1.2 or 1.2+ to maintain a connection to Office 365 services.

How does this affect me?

Office 365 stopped support for TLS 1.0 and 1.1. Hence Microsoft will not fix new issues that are found when connecting Office 365 by using TLS 1.0/1.1. To ensure uninterrupted access to the Office 365  services, you need to update TLS to 1.2 or later version.

How many users I have to migrate?

To ease your work, Microsoft has provided a new report to track users, devices or applications that use TLS 1.0/1.1 or 3DES. You need to be a tenant administrator to generate a TLS deprecation report. The report gives the following information

  • Usernames/IP addresses of the users/devices connecting to Exchange using TLS 1.0/1.1 or 3DES
  • Protocol/cipher used for the connection – this will either be TLS 1.0/1.1 or 3DES
  • The user agent string that is being used for this connection – this gives information about the type of device used for the connection

To download TLS deprecation report directly, you can use this Microsoft’s quick link:

Alternatively, to download the TLS deprecation report through Microsoft secure score portal, follow the below steps.

Step1: Login to Microsoft’s secure score: and click on “Score Analyzer”.


Step2: Scroll down to ‘All Actions’ . Search for “Remove TLS 1.0/1.1 and 3DES Dependencies” in Completed actions/Incomplete Actions. If you scored 5/5, You have already moved to TLS 1.2. Else, you need to plan for a migration.


Step3: Click on the ‘Learn more’ button to get details on who is connecting using TLS 1.0/1.1 or 3DES. It will launch a flyout where you can click on ‘Launch now’.


Remove_TLS1.0 1.1_3DES_Dependencies

Step4: ‘Launch Now’ will take you to the Secure Trust Portal ( Login and then click ‘Download’ to get TLS-Deprecation-Report.csv. Or you can use quick link to download TLS deprecation report

Microsoft Service Trust Portal Login

TLS deprecation report

Step5:  If you have users or devices listed under TLS1.0/1.1, start planning for an upgrade.

TLS 1.0 1.1 and 3DES Usage Report

The report is refreshed daily. If you have made any changes and updated any clients/devices, you would need to wait for 24hrs to see this change in the reports.

If you are reading this blog because you are planning to migrate TLS 1.2, chances are you already read and executed the Microsoft guidance to make your connection guarded. If so, please share your experience/difficulties during TLS 1.2 migration in the comment section to assist other admins.


  • Office 365 will not retire TLS 1.0/1.1 on February 28,2019, even though the report contains data about TLS 1.0/1.1 and 3DES connection. Issue will occur when you try to connect O365 services using 3DES from this date onwards. TLS 1.0/1.1 connection without the 3DES will not be affected but Office 365 stopped support for TLS 1.0/1.1.
  • If you use TLS 1.2 in Office 365, this doesn’t mean that you must disable TLS 1.0 and 1.1 in your environment. If parts of your environment require TLS 1.0/1.1, you can leave the older protocol versions enabled.
  • To know detail about which versions of TLS supported on Windows, refer:
  • To know detail about which versions of TLS supported on browsers, refer:


Posted in News, Office 365 Reports, Security | Leave a comment

New Office 365 Phishing Technique Which You Would Fall For!

As administrators, we all know that every security mechanism has a weakness: A human error. 

This applies to many security attacks and the famous one is Email phishing. In this technique, an imposter/hacker sends an email such that it is sent from someone we know/trust with malicious links and using them to steal sensitive data like passwords. 

I know you will identify a phishing mail when Microsoft asks you to enter your password on random links. But, how about this one? 

Image Credit: InfoSec 

If I say this is a genuine delivery error by Office 365, many would believe. But sadly, it isn’t. The hacker has placed a Send Again button and trick you to resend an email which many would click. 

Once clicked, you are taken to a website which exactly looks like Microsoft’s. As a trick, the hacker has enabled SSL certificate to their website which makes us skip reading the URL. Entering your password will easily share your complete Office 365 account with the hacker.  

Image credit: InfoSec 

After getting all the information, you will be taken to the genuine Microsoft website so that you don’t recognize what has happened before.  

How to protect yourself? 

  • Do not click any links directly from anyone outside your organization. If you find any links, copy the URL and verify the host before opening it. 
  • If you find any informative links that usually doesn’t require you to sign-in, open them in In-Private/Incognito window. 
  • If the email is from inside your organization and not from a known associate, use caution and follow the procedures considering it as external.  
  • If someone you know asks for some sensitive information in the email, make sure to contact them personally by calling so that you can make sure it is not the hacker emailing from your associate’s account. Hackers usually hack the weakest account in an organization and use them to exploit other employees. 

Some of the other most common phishing methods are: 

  • Sending you a password expiry email and asking you to enter your old and new password. 
  • Asking you to try out a new feature in Office 365 applications by signing in using the link in the email. 

Hope I gave you some tips. Merry Christmas in Advance! 

Posted in News, Security | Tagged , , | Leave a comment

Export Office 365 User License Report With PowerShell

As an Office 365 Administrator, often you are in the situation to get all licensed users with their assigned licenses and services. Using the O365 admin portal, you can get user’s license information, but you need to click each user to know about their license subscriptions and service status which is a cumbersome task. To ease your work, you can use PowerShell commands. Using PowerShell commands, you can get O365 licensed users and export report to CSV file.

Do you think it’s easy? Definitely not! Because we need to consider following things before jumping right away.

  1. A user can have multiple licenses.
  2. Each license gives access to a set of services.
  3. A user might not have access to all services. Some services might be enabled or disabled based on user needs.
  4. License subscription names are not user-friendly by default.

We have created a PowerShell script that will get you the detailed license usage report covering all the above cases. It reports all licensed users with their assigned licenses, services, and its status. So! Let’s jump into the script right away.

To download the script, click here.

Let’s check the script in detail:

You must have MSOnline PowerShell module installed for the this script to work. If you do not have it already, please install by executing the below command-let in PowerShell.

To get a licensed user from an O365 environment, we need to create a connection between PowerShell and O365.


Set output file to store the result. Result files will be stored in the current directory.

The friendly name of the license plan and services are stored in an external file:  LicenseFriendlyName.txt has license plans and its friendly names.  ServiceFriendlyName.txt has service names and its friendly names.


Get-Msoluser will get the details of all O365 users. Where condition used to filter out licensed users alone. Below loop( ie, User loop) executes for all licensed users one by one.


Add another foreach-loop(ie, License loop) inside of user loop to get all licenses that assigned to a current user. This loop gets services belongs to a particular license and store it in a services variable.


License subscription names are not user-friendly by default. We need to convert them to comprehensible format. LicenseFriendlyName.txt has license subscriptions and its Friendly names. Below lines convert license subscription to its friendly name. If the friendly name is not found in the hash table, the original name is used. Administrators can quickly add new SKU’s to the script by editing the LicenseFriendlyName.txt.


Another foreach-loop(ie, Service loop) added inside of license loop. It converts service name to its friendly name.


The script produces two output files. One with the detailed report of O365 Licensed user another with the simple detail. For each service, user’s name, License, service and its status get stored in the hash table. Detailed report contains user’s display name, upn, license plan, friendly name of license plan, service name, friendly name of service, and service status.


The simple report contains user’s display name, upn, and friendly name of assigned license with their respective services.


Opens the output file after getting confirmation from administrator.


Sample Output:

Detailed Output File:

“UserPrinciPalName”,”LicensePlan”,”FriendlyNameofLicensePlan”,”ServiceName”,  “FriendlyNameofServiceName”,”ProvisioningStatus”
“John”,”DEVELOPERPACK”,”OFFICE 365 ENTERPRISE E3 DEVELOPER”,”INTUNE_A”,”Moblile Device Mgmt”,”PendingInput”
“”,”ATA”,”Advanced Threat Analytics”,”EXCHANGE_S_FOUNDATION”,”Exchange”,”PendingProvisioning”
“”,”ATA”,”Advanced Threat Analytics”,”ATA”,”ATA”,”Success”
“”,”AAD_PREMIUM_P2″,”Azure Active Directory Premium P2″,”EXCHANGE_S_FOUNDATION”,”Exchange”,”PendingProvisioning”
“”,”AAD_PREMIUM_P2″,”Azure Active Directory Premium P2″,”ATA”,”ATA”,”Success”
“”,”FLOW_FREE”,”Microsoft Flow Free”,”EXCHANGE_S_FOUNDATION”,”Exchange”,”PendingProvisioning”

Simple Output File:

“John Doe”,””,”OFFICE 365 ENTERPRISE E3 DEVELOPER[All services]”
“Smith”,””,”OFFICE 365 ENTERPRISE E3 DEVELOPER[All services]”
“Linda”,””,”ENTERPRISE MOBILITY + SECURITY E5[All services]”
“Mike”,””,”ENTERPRISE MOBILITY + SECURITY E5[Exchange,ATA,Moblile Device Mgmt,AAD_PREMIUM_P2,Multi Factor Service,AAD_PREMIUM]”


Posted in O365 Powershell | Leave a comment

Getting Distribution Group Members

So, your organization moved to office 365 and you have crossed your faithful years of managing its IT infrastructure, suddenly you are into the cloud generation now. Everyone talks about security which makes your security auditor ask constant reports about group membership details. If you are this person and does not deal the traditional way of logging into office 365 for reports, instead by using the extensive powershell options that suits your own customizations, then you are in the right page. Let me explain the below script #DroidWay 😉 .

Below given script explains how to export distribution (list)group members in office 365. The Get distribution group members powershell office 365 cmdlet is used to retrieve the members from Office 365 distribution list. Office 365 distribution list management can be a easy task with the help of cmdlets available in powershell, with a variety of supported actions such as Office 365 distribution group management, Export group members to csv from Office 365, etc,.




Save the above script(example: script.ps1), execute it as script.ps1 -O365Username -O365password StrangePwd  (OR) Just execute script.ps1 and type the O365 credentials in the UI.


This blog explains few powershell scripting techniques that can be used to Export list of distribution group members from Office 365 to csv file .


Step1:  We have to declare argument parameters that will be specified as input during script execution, in this Example I have used the Office 365 username and password.



Step2: Create powershell session for Office 365 and import it for use.


Step3: Declare parameters that will store the Export CSV Output , Get-group will get the names of all Office365  Distribution groups, which is stored in $name to For loop to Get-distributionGroupmember users from it, which is further to be stored in $member. Mention the file location of output file (Empty .CSV file) where you need the Office365 distribution group members list to be exported in $ExportCSV .



Step4: Add another For loop within the previous Step3 For loop to receive each Office 365 Distribution Group member($member) of the Office 365 distribution list($name) and store it in two variables enclosed within the $details parameter. Create New object for each $details and add it into the $results object.



Step5: Export the results and end the powershell session.




Sample OUTPUT CSV Content:


“Alex Wilber”,”Tailspin Toys”
“Joni Sherman”,”Tailspin Toys”
“Megan Bowen”,”Tailspin Toys”
“Lynne Robbins”,”Tailspin Toys”
“Henrietta Mueller”,”Tailspin Toys”
“Lidia Holloway”,”Tailspin Toys”
“Joni Sherman”,”Executives”
“Henrietta Mueller”,”Executives”
“Joni Sherman”,”Legal Team”
“Lynne Robbins”,”Finance Team”
“Alex Wilber”,”Sales Team”
“Megan Bowen”,”Sales Team”
“Henrietta Mueller”,”Sales Team”
“Lidia Holloway”,”Sales Team”
“Alex Wilber”,”Northwind Traders”
“Joni Sherman”,”Northwind Traders”
“Megan Bowen”,”Northwind Traders”

Posted in O365 Powershell | Leave a comment

OneDrive for Business Files Restore

Announcing New Feature: OneDrive for Business Files Restore

Keeping our files safe and secure is always everyone’s top priority.

There are some occasions where our files could be compromised due to accidental end-user deletion, file corruption, or malware infection. Until now the recovery process from such an event could take time and potentially result in data loss. But now it’s not as Microsoft just announced Files Restore for OneDrive for Business.



Files Restore is a complete self-service recovery solution that allows administrators and end users to restore files from any point in time during the last 30 days. If a user suspects their files have been compromised, they can investigate file changes and allow content owners to go back in time to any second in the last 30 days.


Now users or administrators can rewind changes using activity data to find the exact moment to revert to.


To use Files Restore, all a user needs to do is choose Settings and then Restore OneDrive

OneDrive Settings PaneOneDrive Settings Pane


Users are presented with a histogram showing file activity over the last 30 days with an intuitive slider to “rewind” those changes.

Files Restore HistogramFiles Restore Histogram


They can then easily select the file or files to restore from that point in time.

Files Restore HistogramFiles Restore Histogram


The user then is prompted with a date range as well as the number of files to restore. The user chooses to restore and the files are then restored back into the users OneDrive.

Files Restore ProceedFiles Restore Proceed


As you can see, Files Restore for OneDrive for Business can save time and stress when file loss occurs, putting end users in control.


This capability started rolling out from 22nd Jan to all OneDrive for Business users and will continue to roll out over the next few weeks.

More Links:

This article was originally published in Microsoft TechCommunity

Posted in Uncategorized | Leave a comment

KnockKnock attack targets Office 365 corporate email accounts – It’s time to monitor failed login attempts in your Office 365

What’s KnockKnock?

Researchers uncovered KnockKnock, an attack on Office 365 Exchange Online email accounts, originating from 16 countries around the world.


Who are all most affected?

KnockKnock targeted on automated corporate email accounts not tied to a human identity, which often lacked advanced security policies like no MFA and no recurring password reset.


Where are the attack originated from?

  • Hackers used 63 networks and 83 IP addresses to conduct their attacks.
  • Roughly 90 percent of the login attempts came from China, with additional attempts originating from Russia, Brazil, U.S., Argentina and 11 other countries.


Am I affected?

Maybe. You need to monitor failed login activities regularly to know whether you are under any security threat.


How to monitor failed login activities?

You can go to audit log option available in security & compliance center and search for failed login attempts. but it’s very difficult to search and find as O365 produce huge audit data.


Is there any easy way to monitor failed login attempts?

Yes, you can use AdminDroid Office 365 Reporter tool to monitor failed login attempts. The favorite view available under ‘User Activities Dashboard‘ will clearly show daily failed login activities with the top user details.

You can find the demo of the dashboard here.

User Login Activities

User Login Activities


KnockKnock research was conducted by SkyHigh.

Posted in News, Security | Leave a comment

SharePoint Online Site Collection Admin Audit Log Retention

What is Site Collection Admin Audit Log?

Site Collection Admin Audit Log helps the administrators to keep a log of what is happening inside the site collection. Knowing who has done what with which information is critical for achieving regulatory compliance and record management.

Note: This option is not enabled by default as enabling this may potentially generate a large number of audit events.

What is the default retention period for the audit log?

By default, the audit log has 90 days retention period, but the administrator had more control over this retention period. Begining July 24th, 2017, there is a major change going to be rolled out regarding audit log retention.

What are the new changes to SharePoint Online Site Collection Admin Audit Logging?

Microsoft will be making changes to the SharePoint Online Site Collection Administration Audit Log feature by enforcing a 90-day retention period. Customers who used this feature previously will be automatically updated to the new retention policy and settings. New customers who subscribed to Office 365 after this change will be forced to use the 90-day retention period.

Important: This change does not impact the Unified Auditing experience from the Office 365 Security & Compliance Center.

When are these changes going to be rolled out?

Microsoft has planned to roll out this changes to its first Release enabled Office 365 Tenants from July 24th, 2017.

How can I view data beyond the 90-day retention period?

Once the 90-day retention period is met an Excel file will automatically get created in the document library specified. These files will contain audit data from specific periods of time.

Is there any solution to store activities for a longer time period?

Yes, PowerShell is always the savior whenever you bogged by certain limitations. But it takes more time to develop the required functionality and it may be error prone as this functionality requires scheduling. It’s better to implement a 3rd party auditing tool.

Solution: Already a full-fledged Office 365 Auditing Report Tool available for download from Microsoft TechNet Gallery.  It allows you to keep track of all Office 365 auditing information to your local server for as long as it’s required.

You can know more about the announcement in Microsoft Tech Community.


Posted in News, Office 365, SharePoint Online | Leave a comment

Office 365 Adoption and Activation Reports using Power BI

As an Office 365 admin, I always wanted to get a detailed analytics on how Office 365 services are used in my environment. It will help me to decide whether any users are facing any hiccups in accessing any of the services or do they need any training to get start with any of the Office 365 services.

Office 365 is lacking in this space for a long time. Now it seems Microsoft has committed to having a short plan to overcome this limitation. Recently Microsoft announced the limited preview of Office 365 Adoption Content Pack in Power BI.

Dashboard of Office 365 Reports -Power BI

Office 365 Reports – Using Power BI

Let me just dive into the available metrics in the pack. The metrics are split into four reports: Adoption Communication, Collaboration and Activation.

Adoption Reports:

These metrics will greatly help you to understand how your users have adopted Office 365 and its services. All the analytics can be seen separately for Exchange, OneDrive, SharePoint, Skype and Yammer. The following are the highlights of metrics available in adoption reports.

  • How many users have assigned a license?
  • How many users actively use the services?
  • How many are the first time users for this month?
  • How many are the returning users for this month?
Adoption Overview - Office 365 Reports using Power BI

Office 365 Adoption Report – Power BI

Communication Reports:

This report provides detailed metrics about how the usage of different communication methods is used.

  • Average number of emails sent
  • Average number of Yammer posts read
  • Average amount of time spent using Skype
  • Which client apps are used to read email?
  • Which client apps are used to Skype?
Adoption Overview - Office 365 Reports using Power BI

Communication Overview – Office 365 Reports using Power BI

Collaboration Report:

This report provides information regarding OneDrive and SharePoint collaboration.

  • How many users share documents externally
  • How many users share documents internally
  • How many users store documents in OneDrive and SharePoint
  • How many users collaborate SharePoint and OneDrive documents.

Activation Report:

Activation report helps you to get the number of activation of Office 365 ProPlus, Project and Visio. It gives you the following information.

  • Total activation counts across users
  • Number of users that have activated the products
  • The number of devices that has activated the products
  • The type of device that has activated the products

Usage Reports:

Usage reports are available for most of the Office 365 services. The links to these reports can be found at the bottom of the main reporting page.

Yammer Usage Report: It gives information like how many people post messages, how many consume content by liking or reading a message and new user activation

Skype for Business Usage Report: It gives the information like how many users leverage Skype to connect with others using the message or video conferencing and the Skype activity.

OneDrive for Business Usage Report:  Shows admins how users leverage OneDrive to collaborate with others. This report includes following statistics.
– How many users use OneDrive to share files
– File storage utilization metrics
– Active OneDrive accounts
– Average number of files stored in OneDrive

SharePoint Usage report: It shows how SharePoint team sites and groups sites are being used to store files.  This report includes following statistics.
– Active SharePoint sites
– Number of files stored on average

Office 365 Top User report: It helps admins to identify Office 365 power users and the products they are using.

How to sign-up for the preview program?

To get the limited preview of this adoption content pack, you need to send an email to and include your tenant ID.


  • Sign-up closes by October 16, 2016; and space is limited.
  • It will take 2-3 weeks to prepare the data. Once it is done, you will receive an email with instructions.

The adoption content pack will become available for all customers to opt in by the end of December.


Posted in News, Office 365, Office 365 Reports | Tagged , , | Leave a comment

Office 365 Project Time Reporter

What is Office 365 Project Time Reporter?

Office 365 Project Time Reporter is a mobile app which helps you to manage your Project Online through the mobile app.

Mobile preview of Office 365 Project Time Reporter - AdminDroid

Mobile preview of Office 365 Project Time Reporter – iOS


OK, but what is Project Online?

If you are hearing about Project Online for the first time, then here you go; “Project Online is a project management service from Microsoft. It comes with Office 365 suite (but available only with certain plans). It helps you to manage your project with ease.”

– I will make a separate detailed blog about Project Online soon.

What can be done using Office 365 Project Time Reporter?

As this is the first release of the app, you will find only the major features to manage your Project Online.  I expect more features will come in the upcoming releases.

  • Using this app, team members can submit their timesheets and report progress.
  • Add new assignments or non-project work to your timesheets.
  • Create new task or update the existing task progress.

What platforms are supported?

Currently, only iOS app is out. Microsoft said that Android and Windows Phone version would hit soon to the Google Play Store and Windows Store.

You can download the iOS app in Apple Store.


If you want to know more about ‘Office 365 Project Time Reporter’ then you can check out this link.


source: Office Blogs


Posted in News | Tagged , | Leave a comment

Everything You Want to Know About Dynamic Office 365 Groups

What is Dynamic Office 365 Group?

What if your group always up to date based on certain properties of the user account, yes this is called dynamic office 365 groups.

The group membership of the most of the groups we use in day to day basis always depends on some of the user properties like department, city, office-location, country, manager, job title, etc., These are the strong candidates to fit in the Dynamic Office 365 Groups.


Screenshot of Office 365 Dynamic Distribution Groups Preview

Screenshot of Office 365 Dynamic Distribution Groups Preview

How long will it take to update the Dynamic Office 365 Group?

Microsoft confirmed that the dynamic group membership is usually updated within a minute.

This one-minute latency won’t be an issue because if we want to add the user to a group manually then it will take more than a minute of our time.

How easy is it to create Dynamic Membership for Groups?

Most of the time to access the advanced features always one need to use the PowerShell, but Microsoft provides nice GUI for creating dynamic membership for a group; with one condition, you need to have Azure AD Premium License to access this feature!.

Just in three easy steps.

  • Go to Azure classic Portal, Select Active Directory from the LHS, and then open your org’s directory.
  • Click on the Groups tab, and then select the desired group.
  • Now head to Configure tab, just turn on the ‘Enable Dynamic Membership’ switch, now you can define your simple membership condition easily.

Can I create a Dynamic Membership with complex rules.

Yes, you can.

Microsoft offers Advanced Rule option right under where you defined your dynamic membership condition. Currently, no GUI is available for framing the advanced rule, so one need to construct the rule manually with lots of commitment.

I always wonder why Microsoft releases half-baked features when it will just take few days of work to build a GUI for constructing the Advanced Rule.

To know more about how to create an ‘Advanced Rule, ‘ you can check out this Microsoft article.

What should I consider before switching to use new Dynamic O365 Groups?

There is no doubt it is the most needed feature for admin which will save you tons of hour which you can concentrate on more productive works.

But the single most important thing which you need to consider is the PRICING.

You need to have Azure Active Directory Premium license to use this cool feature. This license currently costs you 6$/user/month. Wel, the Azure Premium comes with some more cool features,  but if dynamic membership is the only thing you are going to use means you have to reconsider this option.

Tony Redmond has shared his thought about the big cost on dynamic distribution group here. I suggest you check out the link for more detail.

Note: Currently this feature in the preview.

Posted in Office 365 | Tagged , , , | Leave a comment