Tag: Office 365

Word 2016- Microsoft Office has identified a potential security concern

Word 2016- Microsoft Office has identified a potential security concern


You receive a security concern notification in Word 2016 when opening a document from a network location saying:

Microsoft Office has identified a potential security concern.

Microsoft Office has identified a potential security concern.
The selection contains fields that could be used to share information from other files on your computer with an external website. It is important that this file is from a trustworthy source.

What is happening:

In my case, Word was picking up some Links in the current documents that it was flagging as a security concern. The links where related to some embedded images in the document footer.


– Opening the documents from the local PC worked correctly and didn’t bring up the error.
– This was only happening with Word Documents, Excel, PDF etc were ok
– Altering Trust Center and making everything as unsecure as possible didn’t resolve the issue.
– The issue was happening with .doc and .docx files from the network location


Breaking the links (via properties) resolved the problem but wasn’t feasible due to the amount of documents that was effected in my case.

This appears to be a problem with the following release of Microsoft Office 365:
16.0.10730.20088 (1808)

The only way I could resolve the error for me was to downgrade Office to the following version:

Steps to do this:

1) Open Command Prompt as an administrator
2) cd %programfiles%\Common Files\microsoft shared\ClickToRun
3) OfficeC2RClient.exe /update user updatetoversion=16.0.10325.20118

Running the “OfficeC2RClient.exe /update user updatetoversion=16.0.10325.20118” command will start the download of this version of office. This could take a little but of time depending on your internet connection.

Set-MsolUser command returns a ‘Unable to update parameter’ error

Set-MsolUser command returns a ‘Unable to update parameter’ error

You’re trying to change a user parameter in Office365 via the Set-MsolUser PowerShell Cmdlet but it returns the following error:

Set-MsolUser : Unable to update parameter. Parameter name: DEPARTMENT.
At line:1 char:1
+ Set-MsolUser -UserPrincipalName [email protected] -Department ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Set-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.PropertyNotSettableException,Microsoft.Online

You may see something different but similar depending on which Parameter you are setting.

Error Image:

Office365 Powershell Error
Set-MsolUser Error

Reason for the Error:

In my situation the reason for the error was due to the Office365 Domain having DirSync Enabled… (Thinking about it, I should have known better).


The Solution to this problem would be to make the required changes to the local Active Directory opposed to Office365. This would then reflect in the Office365 environment upon the next Sync Cycle.

In my situation however, the domain I was using was for testing purposes and I had already removed the AD Sync Server. Therefore I used the below command to Disable DirSync:

Set-MsolDirSyncEnabled -EnableDirSync $false

Obviously you won’t want to use this command if you’re still using DirSync or it will stop syncing…

Once the DirSync had been disabled my command ran successfully.

Disable DirSync

[amazon_link asins=’1509300678,1509304789,B00JLPEL2I’ template=’ProductGrid’ store=’412294wp-21′ marketplace=’UK’ link_id=’90790869-59af-11e8-b72e-cf21e16211d5′]Problem:

Powershell Commands to remember for the Microsoft 70-346 Exam

Powershell Commands to remember for the Microsoft 70-346 Exam

Office 365 70-346

Powershell Cmdlets to remember for the Microsoft 70-346: Managing Office 365 Identities and Requirements Exam

I have recently completed the Microsoft 70-346 ‘Managing Office 365 Identities and Requirements’ Exam. The Exam focuses quite a bit around PowerShell. Below is a list of PowerShell cmdlets which may appear in the exam.

Also, I’ve created a bunch of FlashCards that may be useful for studying for this exam. You can find them here:

Office 365 Management:

Connecting to Office 365 via PowerShell:
Import-Module MSOnline
$UserCredential = Get-CredentialConnect-MsolService -Credential $UserCredential

Return all the subscriptions that are in the Office 365 Tennant (Licence Type):

Returns a list of SKU’s that the company has in their Office 365 Tenant (Licence Count):

Create a New Office 365 User and Assign a license:
New-MsolUser -UserPrincipalName -DisplayName -FirstName -LastName -LicenseAssignment -UsageLocation

Note – The UsageLocation is required for assigning a license. A user can be created without a license and without the need for defining the UsageLocation

Disable undesirable services of a Licence Subscription for a new user (e.g. Sharepoint):
$LicenceOptions = New-MsolLicenseOptions -AccountSkuId -DisabledPlans "SHAREPOINTENTERPRISE"
New-MsolUser -UserPrincipalName -DisplayName -FirstName -LastName -LicenseAssignment -LicenseOptions $LO -UsageLocation

Set a license for a specific user:
Set-MsolUserLicense -UserPrincipalName "[email protected]" -AddLicenses

(UsageLocation must be set)

Set the Usage Location for a specific Office 365 User:
Set-MsolUser -UserPrincipalName -UsageLocation

Get a list of Domain Names assigned to your Office 365 Tennant:

Set a default Office 365 Domain Name:
Set-MsolDomain -Name o365.davidatkin.com -IsDefault

Remove a Domain Name from your Office 365 Tennant:
Remove-MsolDomain -DomainName o365.davidatkin.com -Force

Get the records required for Verifying a domain name in your Office 365 Tennant:
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com -Mode DnstxtRecord
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com -Mode Dnsmxrecord)

Get Office 365 to check that the Verification DNS Records against a domain are correct:
Confirm-MsolDomain -DomainName o365.davidatkin.com

Set the Office 365 Password Policy:
Set-MsolPasswordPolicy -DomainName -NotificationDays <30> -ValidityPeriod <90>

Set a single users Office 365 account to Password Never Expires:
Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true

Disable the requirement for Strong Passwords for a single Office 365 User:
Set-MsolUser -UserPrincipleName -StrongPasswordRequired $false

Get a list of all Office 365 Users without a license assigned to their account:
Get-MsolUser -UnlicensedUsersOnly

Change an Office 365 Users User Principal Name (logon username):
Set-MsolUserPrincipalName -ObjectID

Get all members of a specific Office 365 Role:
$role = Get-MsolRole -RoleName "name"
Get-MsolRoleMember -RoleObjectId $role.ObjectId

Reset an Office 365 Users Password:
Set-MsolUserPassword -UserPrincipleName -NewPassword -ForceChangePassword $true

Get a list of Soft Deleted Users in the Office 365 Tenancy:
Get-MsolUser -UserPrincipleName -ReturnDeletedUsers

Permanently delete a Soft Deleted User in the Office 365 Tenancy:
Remove-MsolUser -UserPrincipleName -RemoveFromRecycleBin

Change a Domain authentication type to Single Sign On (SSO):

Azure Active Directory Rights Management (AADRM):

Connect to Azure Active Directory Rights Management (AADRM):
Import-Module aadrm
$UserCredential = Get-Credential
Connect-AadrmService -Credential $UserCredential

Control User Onboarding for Azure Active Directory Rights Management:
Set-AadrmOnboardingControlPolicy -SecurityGroupObjectID "ID"

Note: This must be a security group – Not a User

Enable only users with an Azure Active Directory Rights Management licence to protect documents:
Set-aadrmOnboardingControlPolicy -UserRmsUserLicence $true -Scope All

Get a list of all AADRM Administrators:

Remove administrative rights to the Azure Rights Management service for the user via their email address:
Remove-AadrmRoleBasedAdministrator -EmailAddress "[email protected]"

Enable the AADRM Super User Feature to allow users to encrypt and decrypt documents:

Disable the AADRM Super User Feature to allow users to encrypt and decrypt documents:

Grant an Office 365 User AADRM Super User rights by Email Address:
Add-AadrmSuperUser -EmailAddress "[email protected]"

Grant an Office 365 Group AADRM Super User rights by Email Address:
Add-AadrmSuperUserGroup -GroupEmailAddress [email protected]

Get a list of current AADRM Super User Users:

Show the current AADRM Super User Group:

Remove the AADRM Super User Group:

As an Azure Active Directory Rights Management SuperUser, get the status of a file to see if it is protected by RMS:
Get-RMSFileStatus -File ""

Import the RMS Protection Module into PowerShell (For AADRM Super Users):
Import-Module RMSProtection

Protect/UnProtect a file as an AADRM Super User:
Protect-RMSFile -File ""
UnProtect-RMSFile -File ""

Get a list of current RMS Templates:

Enable RMS integration with Exchange Online:
Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"
Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"
Set-IRMConfiguration -InternalLicensingEnabled $true Test-IRMConfiguration -Sender

Connect to Exchange Online:
$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Get a list of Office 365 Global Admins:
$role = Get-MsolRole -RoleName "Company Administrator"
Get-MsolRoleMember -RoleObjectID $role.ObjectId

Add/Remove an Office 365 User from a Role:
Add-MsolRoleMember -RoleName
Remove-MsolRoleMember -RoleName

Azure Active Directory Connect:

Get Configuration Settings about the Azure AD Scheduler:

Force an Immediate AD Sync Cycle:
Start-ADSyncSyncCycle -Policy Full

Stop a current AD Sync Cycle

Change the Azure AD Connect Sync Cycle interval:
Set-ADSyncScheduler -CustomizedSyncCycleInterval

Check the status of an ongoing AD Connector Sync:


Install ADFS On Windows Server 2012:
Install-WindowsFeature -Name ADFS-Federation -IncludeManagementTools

Install an Additional Server into an existing ADFS Farm:
Add-AdfsFarmNode -PrimaryComputerName -CertificateThumbprint -GroupServiceAccountIdentifier

Convert an existing Office 365 Managed Domain into a Federated Domain Name:
Convert-MsolDomainToFederated -DomainName o365.davidatkin.com

Convert a Federated Domain back to a ‘Standard’ Office 365 Managed Domain:

Convert a Federated User back to an Office 365 Managed User Account:

Specify the Primary Federation Server when installing an additional Server into an Existing Farm (Command to be run if not on the Primary Server):
Set-MsolADFSContect -Computer

Set the ADFS Organization Information Properties by piping infromation from the New-AdfsOrganization command:
$MyOrg = New-AdfsOrganization -DisplayName "Org Name" -OrganizationUrl "http://"
Set-AdfsProperties -OrganizationInfo $MyOrg

Get existing ADFS Settings:

Set a new SSL Certificate on Federation Servers:
Set-AdfsCertificate -Thumbprint

Set a new SSL Certificate onto ADFS WAP Servers:
Set-WebApplicationProxySslCertificate -Thumbprint

Set a new ADFS Communications Certificate:
Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint

Customise Web Links and wording on the ADFS Logon Web Page:

Customise the Logo and Illustration on the ADFS Logon Web Page:

Create a new Theme for the ADFS Logon Web Page:
New-AdfsWebTheme -TargetName "Name"

Set the Active Theme for the ADFS Logon Web Page:
Set-AdfsWebConfig -ActiveThemeName

Enable Modern Authentication in Exchange Online:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Verify the status of Modern Authentication in Exchange Online:
Get-Organizationconfig | FT Name,*Oauth*

Enable Modern Authentication in Skype for Business Online:
Set-CdOAuthConfiguration -ClientAdalAuthOveride Allowed

Verify the status of Modern Authentication in Skype for Business Online:
Get-CdOAuthConfiguration | select *adal*

Change the Authentication of a Domain Name from Federated to Standard temporarily until ADFS can be repaired:
Set-MsolDomainAuthentication -DomainName -Authentication

Enable Multiple Federated Domain support:
Update-MSOLFederatedDomain -SupportMultipeDomain

Office 365 Monitoring:

Enable Exchange Online Mailbox Auditing:
Set-Mailbox -Identity -AuditEnabled $true

Add Owners Actions to the Exchange Online Mailbox Auditing:
Set-Mailbox -AuditOwner

Disable / Enable the Office 365 Admin Audit log:

Get Exchange Online Stale Mailbox Reports (Mailboxes not being used):

Get Exchange Online Usage Reports:

Carry out an Exchange Online Message Trace for the past 7-Days:

Carry out a Message Trace for Items upto 90 Days Old:

Show Historical Message Trace history for the past 10 Days:

Thank you for reading. If there are any errors or you feel there should be some addition’s, please comment and I will look at them. You may also be interested in the ‘Powershell Commands to remember for the Microsoft 70-347 Exam’ Article here:

[amazon_link asins=’1509304797,B015YM96S0,0735678235′ template=’ProductGrid’ store=’412294wp-21′ marketplace=’UK’ link_id=’4f617f19-5844-11e8-bb9c-078c9c87d02c’]

Outlook 2013 / 2016 Reading Pane not showing any email content

Outlook 2013 / 2016 Reading Pane not showing any email content


The Reading Pane in Outlook 2013/2016 suddenly stops displaying email content and instead shows nothing.

In my instance the problem was resolved by disabling Hardware Graphics Acceleration in Microsoft Outlook. To do this, follow the below instructions:

1) In Outlook, Click File> Options
2) In Outlook Options, Click Advanced
3) Scroll Down to the ‘Display’ Settings
4) Check the box for ‘Disable Hardware Graphics Acceleration’
5) Restart Outlook for it to take affect

See below for reference:

Disable Hardware Graphics Acceleration