Check for Microsoft Teams Update with PowerShell

Hi All,

I was inspired to look a little bit deeper into the Update Mechanism of Microsoft Teams by the "Teams MSI Override" GitHub Project.

You can check your Version in Teams by Settings > Info > Version


Then the current Version and update Date is shown in the top bar


You can invoke a update check in Settings > check for updates


Then Teams will search for updates


I've traced this Action in Fiddler


Now you can do your own Check in PowerShell

$Version = "1.5.00.1870"
$Url = "https://teams.microsoft.com/desktopclient/update/$Version/windows/x64?ring=general"

Write-Host "Sending request to $Url"
$updateCheckResponse = Invoke-WebRequest -Uri $Url -UseBasicParsing
$updateCheckJson = $updateCheckResponse | ConvertFrom-Json
$updateCheckJson


If you send the Current Version you get nothing back - this means there is no update available

$Version = "1.5.00.4767"
$Url = "https://teams.microsoft.com/desktopclient/update/$Version/windows/x64?ring=general"

Write-Host "Sending request to $Url"
$updateCheckResponse = Invoke-WebRequest -Uri $Url -UseBasicParsing
$updateCheckJson = $updateCheckResponse | ConvertFrom-Json
$updateCheckJson


Or you can check for OSX Updates

$Version = "1.5.00.00000"
$Url = "https://teams.microsoft.com/package/desktopclient/update/$Version/osx/x64?ring=general"

Write-Host "Sending request to $Url"
$updateCheckResponse = Invoke-WebRequest -Uri $Url -UseBasicParsing
$updateCheckJson = $updateCheckResponse | ConvertFrom-Json
$updateCheckJson


You might also find some nice Infos the Blog Article from Tom Arbuthnot

Get Microsoft Teams Version, Ring and Install Date with PowerShell
https://tomtalks.blog/get-microsoft-teams-version-powershell/

Regards
Andres Bohren


Check your M365 Licenses with Azure Automation V2 (with Microsoft Graph)

Hi All,

Over a Year ago i did wrote a Azure Automation Script to check your M365 Licenses.

Check your M365 Licenses with Azure Automation

I did rewrite that code to support Microsoft Graph for query the Licenses and also send the Mail via Microsoft Graph.

Setup Environement

I first created a new AzureAD Application (just to make a clear separation of Graph Permissions for the purpose of this Demo).


Then i uploaded a Certificate wich i also use for several other Azure AD Apps


This Script will need the following Microsoft Graph Permissions with Admin Consent
  • Directory.Read.All
  • Mail.ReadWrite
  • Mail.Send
  • User.Read.All


As you can see, with these permissions the Application could read and send from all Mailboxes. Therefore we need to secure that with an Exchange Online ApplicationAccessPolicy.

Limiting application permissions to specific Exchange Online mailboxes

Limit Microsoft Graph Access to specific Exchange Mailboxes

To restrict the Access you need to create a Mail Enabled Security Group, with the Member of the Mailbox you want to send mails from - in this case the Postmaster Mailbox.


After AAD Connect has sychronized the Group i can check it in Azure AD

Get-AzureADGroup -SearchString PostmasterGraphRestriction | ft DisplayName, ObjectId, SecurityEnabled, MailEnabled, Mail


Now i am able to create the ApplicationAccessPolicy in Exchange Online

New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId 33554333-f7a0-4d7e-9964-1bd5696ec8e4 -PolicyScopeGroupId PostmasterGraphRestriction@icewolf.ch -Description "Restrict this app to members of this Group"


I can test the ApplicationAccessPolicywith the App and diffrent Mailboxes to see if they are blocked or not

Test-ApplicationAccessPolicy -AppId 33554333-f7a0-4d7e-9964-1bd5696ec8e4 -Identity postmaster@icewolf.ch
Test-ApplicationAccessPolicy -AppId 33554333-f7a0-4d7e-9964-1bd5696ec8e4 -Identity SharedMBX@icewolf.ch


Set up Azure Automation


In Azure Atomation you need to add the Microsoft Graph Modules. I've addet the Powershell 7.x Versions
  • Microsoft.Graph.Authentication
  • Microsoft.Graph.Users.Action
  • Microsoft.Graph.Mail
  • Microsoft.Graph.Identity.Management


I've uploaded the *.pfx (Certificate containing the private Key) to Certificates in Azure Automation


You can use the Auzre Automation Connection



or use the Automation Variables instead of the Automation Connection to get the Variables for AppID and TenantID


I've published the Script on my GitHub Page


This is how it looks like



The result Email i've received.



Regards
Andres Bohren


Update VMware Tools for Windows to 12.0.0 (VMSA-2022-0007)

Hi All,

VMware published a Security Advisory for the VMware Tools on Windows.

VMSA-2022-0007


VMware Tools 12.0.0 Download


On my ESXi the VM's the VMware Tools are currently running Version 11.3.5


I've extracted the "windows.iso" and renamed it to "WMwareTools12_Windows.iso"


Then uploadet it to the Datastore


Attached it to the VM


And started the setup64.exe












Regards
Andres Bohren


Get/Set-PhishFilterPolicy will be soon replaced with Tenant Allow Block list

Hi All,

Recently there was an Annoucement in the M365 Message Center that announced the depreciation of the Get/Set-PhishFilterPolicy.

Move to the new Commands
  • Get-TenantAllowBlockListSpoofItems
  • New-TenantAllowBlockListSpoofItems
  • Set-TenantAllowBlockListSpoofItems
  • Remove-TenantAllowBlockListSpoofItems


The Get-PhishFilterPolicy will soon be depreciated

Get-PhishFilterPolicy | ft Sender, SpoofedUser, NumberOfMessages, DecisionSetBy, AllowedToSpoof, SpoofType


To see only the entrys, that are allowed to Spoof

Get-PhishFilterPolicy | where {$_.AllowedToSpoof -eq "Yes"} | ft Sender, SpoofedUser, NumberOfMessages, DecisionSetBy, AllowedToSpoof, SpoofType

Instead use this Command now

Get-TenantAllowBlockListSpoofItems | ft SpoofedUser, SendingInfrastructure, SpoofType, Action


To add a new Entry use this Command
New-TenantAllowBlockListSpoofItems

New-TenantAllowBlockListSpoofItems -SendingInfrastructure tcgms.net -SpoofedUser sorellhotels.com -SpoofType External -Action Block -Identity icewolf.ch\Default

Get-TenantAllowBlockListSpoofItems | ft SpoofedUser, SendingInfrastructure, SpoofType, Action








Regards
Andres Bohren


Outlook Editor Options Paste Text only

Hi All,

As many of you i use a lot of Copy & Paste when creating Emails.
By default, the Format of the Source will be used - but did you know that you can change that?


These are the default Settings


If you select and copy a few Lines from a Website

This will happen - and you need to use the Paste Context Menu to select "Text only"


I've changed it to "Text only" in the Outlook Options


When i paste now, by default the Text only is pasted


You still can use the Paste Content Menü and select "Keep orginal formating"



Regards
Andres Bohren


Export Azure SQL database and import on local SQL Server

Hi All,

In this Blog Article i show how you can Export an Azure SQL Database and import it back on your local SQL Server

In the Azure Portal go to your SQL database and hit "Export"


You need to set the Storage Target for your Export


I create a new container at my Storage Account



Once the export starts it takes a while until the Data is exportet


Wait until its completed


Then check your Azure Storage


Now you are able to download the *.bacpac File


If you add *.zip do the *.bacpac File you can see that it is actually a ZIP File that contains the Database Schema and the Data


For each Table is a Folder


In the Folder the Data is stored in a *.bcp file


Import the Database into your SQL Server. Select Databases and from the Context Menu choose "Import Data-tier Application".




Maybe you need to adjust the Database Name






And here it is fully restored on your local SQL Server



Regards
Andres Bohren


Install SQL Server Management Studio (SSMS)

Hi All,

In my previous Article i have explained how to install SQL Server 2019 Express Edition. That comes without a Management Interface - therefore we need Install SQL Server Management Studio (SSMS)

Download SQL Server Management Studio (SSMS)





Now it can be found in the Start Menü


You will be welcomed with the Splash Screen


Then you have to Select your SQL DB Instance


Or you can Browse for DB's on your Server or Network


Now you can do SQL Querys against the Database



Regards
Andres Bohren


Sending "Reset Password" Links may be considered as phishing in Exchange Online

Hi All,

A few Weeks ago i received the Mail below that was filtered out as Junk-E-Mail.
So i took a closer look as it is legitimate. It contained a "Forgot Password" Link to theyr Portal.
These are classic Phishing Techniques-


I took a look at the Mailheaders with the Message Header Analyzer https://mha.azurewebsites.net/

As you can see the Spam Confidence Level (SCL) is high at 5 and it's classified also as spam (SPM).
The Phishing Message is very high - i expect the "Password Reset" Link was responsible for that.
The Authentication Results are fine: SPF, DKIM and DMARC are all valid.


While looking at the Message in Threat Explorer you can see that the Message was considered as Spam and delivered into the Junkmail Folder. No Link was considered Malicious.

This seems a bit odd - i would have expected to be threated as Phishing. But sometimes the Lines between Spam and Phishing are a little bit blurry.


Finnaly i would say - good Job Microsoft. You detected some of the classic behaviours how phishing threat actors send theyr emails.

Regards
Andres Bohren