DOS MZ executable format

Hi all,

I recently checked some *.exe, *.com and *.dll Files with Notepad.
I did notice, that they all start with the Caracters "MZ"


I found some explanation in Wikipedia

DOS MZ executable

The DOS MZ executable format is the executable file format used for .EXE files in DOS.
The file can be identified by the ASCII string "MZ" (hexadecimal: 4D 5A) at the beginning of the file (the "magic number"). "MZ" are the initials of Mark Zbikowski, one of the leading developers of MS-DOS.

Out of curiousity i have created a TXT File starting with the MZ Characters.


If you try to execute a File starting with MZ Characters, the following Error Message appears



Regards
Andres Bohren


MicrosoftTeams PowerShell Module 3.1.1 released

Hi all,

Yesterday Microsoft has released the MicrosoftTeams PowerShell Module v3.1.1 to the PSGallery.
Here are the Release notes


Get-Module MicrosoftTeams -ListAvailable
Uninstall-Module MicrosoftTeams
Find-Module MicrosoftTeams
Install-Module MicrosoftTeams

Let's see how long it takes to load the Module. I am impressed, it's only 3 Seconds wich feels so good after having to wait for more than 20 Seconds in Previous Versions.

Measure-Command -Expression {Import-Module MicrosoftTeams}


My usual Tests

Get-Team
Get-CsOnlineUser -Identity a.bohren@icewolf.ch | fl *Ent*, *host*, *voice*, *um*


Get/Set-CsUserCallingSettings are still Preview Commands and not included in this GA Version of the PowerShell Module

Get-CsUserCallingSettings

Get-Command *CsUserCallingSettings



Regards
Andres Bohren


Hidden WhatsApp Backup on Google Drive

Hi All,

I've always asked myself, where on Google the Whatsapp Backup will be stored. It's kind of hidden and does not count against the Quota of Google Drive.


Once logged into Google Drive, click on "Speicherplatz". As you can see the 18GB Whatsapp Backup is not counted against the 17 GB Quota of Google Drive.


Then on top right "Sicherungen"


Now you can see your Whatsapp Backup



Regards
Andres Bohren


Microsoft Teams routing calls to unassigned Numbers

Hi All,

In my M365 Tenant i use Direct Routing from Sunrise, a Telco Provider here in Switzerland.
I own a Numberrange with 10 Number +41 21 555 39 70-79.

If i call with my Mobilephone to a Number, that is not assignet to a User, Callflow or Autoattendant, i get an Anouncement from the Provider (Sunrise) that the Number is not active. This is because the Session Border Controller at the Provider receives a SIP 404 Not Found.

If i call the same number in my own Tenant, Teams is ringing and ringing. Now here comes the handling of unasigned numbers into the Game.

Routing calls to unassigned numbers


There are two possibilities for handling unassigned Numbers:
  • Announcement Service
  • Route to Auto Attendand or Callqueue

Variant 1) Announcement Service

######################################################################
# Variant 1) Announcement Service
######################################################################
Get-CsTeamsUnassignedNumberTreatment
$Content = Get-Content "E:\Temp\ss-noservice.mp3" -Encoding byte -ReadCount 0
$AudioFile = Import-CsOnlineAudioFile -FileName "E:\Temp\ss-noservice.mp3" -Content $Content
$fid = [System.Guid]::Parse($AudioFile.Id)
New-CsTeamsUnassignedNumberTreatment -Identity IcewolfUnasignedNumbers -Pattern "^\+4121555397\d{1}$" -TargetType Announcement -Target $fid.Guid -TreatmentPriority 1

Note:
The custom audio file supported formats are WAV (uncompressed, linear PCM with 8/16/32-bit depth in mono or stereo), WMA (mono only), and MP3.
The audio file content cannot be more than 5 MB.

For the Audio File i used one of the License Free Files from the Website below

Recordings for use in Voicemail, Queues, or Auto Attendants


It takes some time until the Configuration is working. Usually less than 5 Minutes.

If you now call an unasigned Number, the call is forwarded to the Announcement Playback Service, that plays your uploaded Audio File twice. But the Call is then not ended. The Caller has to hang up.

If you call from External you now also hear this Announcement instead of the Anouncement from the Provider.


 Variant 2) Auto Attendand

First i remove the Settings from Variant 1

Get-CsTeamsUnassignedNumberTreatment
Remove-CsTeamsUnassignedNumberTreatment -Identity IcewolfUnasignedNumbers
Get-CsTeamsUnassignedNumberTreatment


######################################################################
# Variant 2) Auto Attendand
######################################################################
######################################################################
# Create Resource Account
######################################################################
#ApplicationID
#Auto Attendant: ce933385-9390-45d1-9512-c8d228074e07
#Call Queue: 11cd3e2e-fccb-42ad-ad00-878b93575e07
#New-CsOnlineApplicationInstance
#https://docs.microsoft.com/en-us/powershell/module/skype/new-csonlineapplicationinstance?view=skype-ps

$UPN = "AAUnasignedNumber@icewolf.ch"
$DisplayName = $UPN.Split("@")[0]
New-CsOnlineApplicationInstance -UserPrincipalName $UPN -DisplayName $DisplayName -ApplicationId "ce933385-9390-45d1-9512-c8d228074e07"


Then i set the Location of the Account and add the Phone System Virtual License to it. Note that i use the Microsoft Graph PowerShell here.

######################################################################
# Assign PhoneSystem Virtual Licence and Location
######################################################################
#Configure Microsoft 365 user account properties with PowerShell
#https://docs.microsoft.com/en-us/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-worldwide

#Assign PhoneSystem Virtual Licence and Location
Connect-MgGraph -Scopes User.ReadWrite.All, Directory.ReadWrite.All
Update-MgUser -UserId $UPN -UsageLocation "CH"
Set-MgUserLicense -UserId $UPN -AddLicenses @{SkuId = '440eaaa8-b3e0-484b-a8be-62870b9ba70a'} -RemoveLicenses @()


After assigning the License you have to wait until Teams notices and you can set the Phone Number (4-5 Minutes worked in my case - you might adapt to your environement).

######################################################################
# Assign Number to Resource Account
######################################################################
$Error.Clear()
Write-Host "Waiting 240 Seconds"
Start-Sleep -Seconds 240
Set-CsOnlineApplicationInstance -Identity $UPN -OnpremPhoneNumber +41215553979

If ($Error -ne $null)
{
    Write-Host "Waiting 60 Seconds"
    Start-Sleep -Seconds 60
    Set-CsOnlineApplicationInstance -Identity $UPN -OnpremPhoneNumber +41215553979
}


Now it's time to create the actual Autoattendant

######################################################################
# Upload AudioFile
######################################################################
#Upload Audio File Import-CsOnlineAudioFile
$Content = Get-Content "E:\Temp\ss-noservice.mp3" -Encoding byte -ReadCount 0
$AudioFile = Import-CsOnlineAudioFile -ApplicationId "HuntGroup" -FileName "ss-noservice.mp3" -Content $content
$AudioFile

######################################################################
#Default Call Flow
######################################################################
#New-CsAutoAttendantCallFlow
#https://docs.microsoft.com/en-us/powershell/module/skype/new-csautoattendantcallflow?view=skype-ps

#Menu Disconnect Call
$menuOption = New-CsAutoAttendantMenuOption -Action DisconnectCall -DtmfResponse Automatic

#Default Call Flow
$AAMenu = New-CsAutoAttendantMenu -Name "Default Menu" -MenuOptions @($menuOption) -DirectorySearchMethod None
$WelcomePrompt = New-CsAutoAttendantPrompt -AudioFilePrompt $AudioFile
$DefaultCallFlow = New-CsAutoAttendantCallFlow -Name "AAUnasignedNumber Default call flow" -Menu $AAMenu -Greetings @($WelcomePrompt)

######################################################################
#Auto Attendant
######################################################################
#New-CsAutoAttendant
#https://docs.microsoft.com/en-us/powershell/module/skype/new-csautoattendant?view=skype-ps

$aaName = "AAUnasignedNumber"
$language = "de-DE"
$TimeZone = "W. Europe Standard Time"
New-CsAutoAttendant -Name $aaName -LanguageId $language -TimeZoneId $TimeZone -DefaultCallFlow $DefaultCallFlow


######################################################################
#Assign ResourceAccount to AutoAttendant
######################################################################
$applicationInstanceId = (Get-CsOnlineApplicationInstance -Identities $upn).ObjectId
$AutoAttendantID = (Get-CsAutoAttendant -NameFilter $DisplayName).Identity
New-CsOnlineApplicationInstanceAssociation -Identities @($applicationInstanceId) -ConfigurationId $AutoAttendantID -ConfigurationType AutoAttendant


Now we finnally set the Unassigned Number Configuration

######################################################################
# UnassignedNumbers
######################################################################
Get-CsTeamsUnassignedNumberTreatment

#Route to Autoattendand or CallQueue
$RAObjectId = (Get-CsOnlineApplicationInstance -Identity $upn).ObjectId
New-CsTeamsUnassignedNumberTreatment -Identity UnassignedNumbers -Pattern "^\+4121555397\d{1}$" -TargetType ResourceAccount -Target $RAObjectId -TreatmentPriority 1


Let's look at the Resource Account


Let's check out the AutoAttendant


Default Call Flow: Play the Audio File  and then disconnect






It takes some time until the configuration is working. Usually less than 5 Minutes.

If i now call an unassigned Number from Teams Client, the Call is redirected to the Autoattendant that plays the Audio File and then Disconnects.

If you call from External you now also hear this Announcement from the Autoattendant instead of the Anouncement from the Provider.




Regards
Andres Bohren


PowerShell Script to check for AAD Apps with expiring ClientSecrets and Certificates

Hi all,

I guess we all wrote Applications or Scripts that use AAD Applications and used ClientSecrets or Certificates to Authenticate. But what will happen when the Certificate or ClientSecret will expire? Simple - the Application won't work anymore, because the Authentication will fail.

So i searched for a way to check if the ClientSecret or Certificate will soon expire.

Let me show an Application that has multiple ClientSecrets and Certificates.

Here's the Overview of an AAD Application in the Azure AD Portal https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps


There are two ClientSecrets


There are two Certificates


Make sure there is an Owner of the Application with an Emailaddress


All you need is the AzureAD PowerShell Module

Connect-AzureAD
$AzureADApp = Get-AzureADApplication -ObjectId 004258ac-3519-4e30-a849-1dd6cdb3d275
$AzureADApp | fl ObjectId, AppID, DisplayName, KeyCredentials, PasswordCredentials


You can also find the Application Owner with PowerShell

#App Owner
Get-AzureADApplicationOwner -ObjectId e09b2538-a844-4889-9af9-78405bb289f7 | Format-List UserPrincipalName, Mail


We have all we need to create a simple Script, that will send out Notifications to the Owners if theyr ClientSecrets or Certifications are about to Expire. The Script is quite Simple and can be improved for sure. It's just a starting point...
It can be easy ported to a Runbook in Azure Automation

###############################################################################
# Check AzureAD Apps for Certificates and Clientsecrets that are about to expire
# 2022.02.28 Andres Bohren
###############################################################################
# Interactive Script
# Modules: AzureAD
# Needed Azure AD Role: Directory readers

###############################################################################
#Send Mail Function
###############################################################################
Function Send-EmailNotification{

    Param(
    [parameter(Mandatory=$true)][String]$to,
    [parameter(Mandatory=$true)][String]$Subject,
    [parameter(Mandatory=$true)][String]$Body
    )
    

    $from = "admin@runbook.icewolf.ch"
    #$to = "a.bohren@icewolf.ch"
    #$subject = "Azure AD App"
    $smtpserver = "icewolfch.mail.protection.outlook.com"
    $port = "25"
    #$Body = $HTMLBody
    #Send-MailMessage -From $From -To $to -Subject $Subject -Body $Body -BodyAsHtml -SmtpServer $SMTPServer -port $port
    Send-MailMessage -From $From -To $to -Subject $Subject -Body $Body -SmtpServer $SMTPServer -port $port

}


#Connect AzureAD
Connect-AzureAD

#Get Azure AD Apps
$AzureADApps =Get-AzureADApplication -All $true

#Expiration Comparsion Date
$ExpirationDate = (Get-Date).Adddays(+60)

#Loop through Azure AD Apps
Foreach ($App in $AzureADApps)
{
    #Write DisplayName and AppID
    Write-Host "$($App.DisplayName) > $($App.AppID)" -ForegroundColor Green

    #Show App Owner UPN/Mail
    $AppObjectID = $App.ObjectID
    $AppOwners = Get-AzureADApplicationOwner -ObjectId $AppObjectID
    Foreach ($AppOwner in $AppOwners)
    {
        Write-Host "AppOwnerUPN: $($AppOwner.UserPrincipalName) > Mail: $($AppOwner.Mail)"
    }
    
    
    #Certificates
    If ($Null -ne $App.KeyCredentials)
    {
        Foreach ($KeyCredential in $App.KeyCredentials)
        {
            #Write-Host "$($App.DisplayName)" -ForegroundColor Green
            $KeyID = $KeyCredential.KeyID
            $StartDate = $KeyCredential.StartDate
            $EndDate = $KeyCredential.EndDate
            Write-Host "KeyID: $KeyID > StartDate: $StartDate > EndDate:  $EndDate"
            If ($ExpirationDate  -gt $EndDate)
            {
                Write-Host "Certificate will soon expire" -foregroundColor Yellow
                Send-EmailNotification -to $AppOwner.Mail -Subject "$($App.DisplayName) Certificate will Expire" -Body "The Azure AD App Certificate will soon expire `r`nKeyID: $KeyID > StartDate: $StartDate > EndDate:  $EndDate"
            } else {
                #Write-Host "Certificate Enddate: $($KeyCredential.Enddate)"
            }
        }
    }
    
    #ClientSecrets
    If ($null -ne $AzureADApp.PasswordCredentials)
    {
        Foreach ($PasswordCredential in $App.PasswordCredentials)
        {
            #Write-Host "$($App.DisplayName)" -ForegroundColor Green
            $KeyID = $PasswordCredential.KeyID
            $StartDate = $PasswordCredential.StartDate
            $EndDate = $PasswordCredential.EndDate
           
            Write-Host "KeyID: $KeyID > StartDate: $StartDate > EndDate:  $EndDate"
            If ($ExpirationDate  -gt $EndDate)
            {
                Write-Host "Client Secret will soon expire" -foregroundColor Yellow
                Send-EmailNotification -to $AppOwner.Mail -Subject "$($App.DisplayName) ClientCertificate will Expire" -Body "The Azure AD App ClientSecret will soon expire `r`nKeyID: $KeyID > StartDate: $StartDate > EndDate:  $EndDate"
            } else {
                #Write-Host "Certificate Enddate: $($KeyCredential.Enddate)"
            }
        }
    }
}


This is the Email generated for the AzureAD App: "O365PS"



Regards
Andres Bohren


Azure File Sync Agent 14.1 has been released

Hi all,

On the last Microsoft Patchday, i've seen, that a new Azure File Sync Agent has been released. The Title is "Azure File Sync Agent v14.1 Release - November 2021 (KB5001873)" - but when you check the download Link it is from mid December.


When i check the Storage Sync Service in Azure Portal, i can see that i'm using the Agent Verion 13.0. The Download Link to the New Version also comes handy.


Azure File Sync Agent 14.1.0.0

MicrosoftTeams PowerShell Module 3.1.0 released

Hi All,

Just a few days ago, Microsoft has released the MicrosoftTeams PowerShell Module v3.1.0 to the PSGallery.
Here are the Release notes


Time to uninstall the old Modules and get the new one. Unfortunately i had still code open, that's why 3.0.1-Preview couln't be uninstalled in the first place-

Get-Module MicrosoftTeams -ListAvailable
Uninstall-Module MicrosoftTeams
Uninstall-Module MicrosoftTeams
Uninstall-Module MicrosoftTeams


Now Install the MicrosoftTeams PowerShell Module from the PSGallery
Find-Module MicrosoftTeams
Install-Module MicrosoftTeams


Let's see how long it takes to load the Module. I am impressed, it's like half of the time than the previous modules, but still not as fast as te 2.x.x Versions.

Measure-Command -Expression {Import-Module MicrosoftTeams}


As you can see the Module is loaded

Get-Module


The

Get-CsOnlineUser | ft UserPrincipalname, SipAddress, EnterpriseVoiceEnabled, HostedVoiceMail
Get-CsOnlineVoiceUser


Get/Set-CsUserCallingSettings are still Preview Commands and not included in this GA Version of the PowerShell Module

Get-CsUserCallingSettings

Get-Command *CsUserCallingSettings


Get-Team
Get-CsOnlineUser -Identity a.bohren@icewolf.ch | fl *Ent*, *host*, *voice*, *um*


Regards
Andres Bohren


PFX Certificate Password Recovery Tool (Brute Force)

Hi All,

A customer recently could not remember the Password of the PFX File.
I was curious and searched for a PFX Password Recovery Tool.

I created a PFX with a Password
  • 9 chars
  • uppercase chars
  • lowercase cars
  • numbersspecial caracter

Certificate Password Recovery Tool


I startet the Tool on Friday 14 January 23:41:41



After about 9 Days there where tested 569'890'000 diffrent combinations. And we're still at 5 Characters.


Conclusion:
If you have a weak password or know parts of the Password - this might work for you in an acceptable time.
If it is a secure Password and you don't know anything, it will take simply too much time.
It's not that hard to create a new CSR and issue a new Certificate.

Regards
Andres Bohren