You receive a security concern notification in Word 2016 when opening a document from a network location saying:
Microsoft Office has identified a potential security concern.
Microsoft Office has identified a potential security concern.
The selection contains fields that could be used to share information from other files on your computer with an external website. It is important that this file is from a trustworthy source.
What is happening:
In my case, Word was picking up some Links in the current documents that it was flagging as a security concern. The links where related to some embedded images in the document footer.
Observations:
– Opening the documents from the local PC worked correctly and didn’t bring up the error.
– This was only happening with Word Documents, Excel, PDF etc were ok
– Altering Trust Center and making everything as unsecure as possible didn’t resolve the issue.
– The issue was happening with .doc and .docx files from the network location
Resolution:
Breaking the links (via properties) resolved the problem but wasn’t feasible due to the amount of documents that was effected in my case.
This appears to be a problem with the following release of Microsoft Office 365:
16.0.10730.20088 (1808)
The only way I could resolve the error for me was to downgrade Office to the following version:
16.0.10325.20118
Steps to do this:
1) Open Command Prompt as an administrator
2) cd %programfiles%\Common Files\microsoft shared\ClickToRun
3) OfficeC2RClient.exe /update user updatetoversion=16.0.10325.20118
Running the “OfficeC2RClient.exe /update user updatetoversion=16.0.10325.20118” command will start the download of this version of office. This could take a little but of time depending on your internet connection.
Set-MsolUser command returns a ‘Unable to update parameter’ error
You may see something different but similar depending on which Parameter you are setting.
Error Image:
Set-MsolUser Error
Reason for the Error:
In my situation the reason for the error was due to the Office365 Domain having DirSync Enabled… (Thinking about it, I should have known better).
Solution:
The Solution to this problem would be to make the required changes to the local Active Directory opposed to Office365. This would then reflect in the Office365 environment upon the next Sync Cycle.
In my situation however, the domain I was using was for testing purposes and I had already removed the AD Sync Server. Therefore I used the below command to Disable DirSync:
Set-MsolDirSyncEnabled -EnableDirSync $false
Note: Obviously you won’t want to use this command if you’re still using DirSync or it will stop syncing…
Once the DirSync had been disabled my command ran successfully.
Powershell Cmdlets to remember for the Microsoft 70-346: Managing Office 365 Identities and Requirements Exam
I have recently completed the Microsoft 70-346 ‘Managing Office 365 Identities and Requirements’ Exam. The Exam focuses quite a bit around PowerShell. Below is a list of PowerShell cmdlets which may appear in the exam.
Connecting to Office 365 via PowerShell: Import-Module MSOnline $UserCredential = Get-CredentialConnect-MsolService -Credential $UserCredential
Return all the subscriptions that are in the Office 365 Tennant (Licence Type): Get-MsolSubscription
Returns a list of SKU’s that the company has in their Office 365 Tenant (Licence Count): Get-MsolAccountSku
Create a New Office 365 User and Assign a license: New-MsolUser -UserPrincipalName -DisplayName -FirstName -LastName -LicenseAssignment -UsageLocation
Note – The UsageLocation is required for assigning a license. A user can be created without a license and without the need for defining the UsageLocation
Disable undesirable services of a Licence Subscription for a new user (e.g. Sharepoint): $LicenceOptions = New-MsolLicenseOptions -AccountSkuId -DisabledPlans "SHAREPOINTENTERPRISE" New-MsolUser -UserPrincipalName -DisplayName -FirstName -LastName -LicenseAssignment -LicenseOptions $LO -UsageLocation
Set a license for a specific user: Set-MsolUserLicense -UserPrincipalName "[email protected]" -AddLicenses
(UsageLocation must be set)
Set the Usage Location for a specific Office 365 User:
Set-MsolUser -UserPrincipalName -UsageLocation
Get a list of Domain Names assigned to your Office 365 Tennant: Get-MsolDomain
Set a default Office 365 Domain Name: Set-MsolDomain -Name o365.davidatkin.com -IsDefault
Remove a Domain Name from your Office 365 Tennant: Remove-MsolDomain -DomainName o365.davidatkin.com -Force
Get the records required for Verifying a domain name in your Office 365 Tennant: Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com -Mode DnstxtRecord Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com -Mode Dnsmxrecord)
Get Office 365 to check that the Verification DNS Records against a domain are correct: Confirm-MsolDomain -DomainName o365.davidatkin.com
Set the Office 365 Password Policy: Set-MsolPasswordPolicy -DomainName -NotificationDays <30> -ValidityPeriod <90>
Set a single users Office 365 account to Password Never Expires: Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true
Disable the requirement for Strong Passwords for a single Office 365 User: Set-MsolUser -UserPrincipleName -StrongPasswordRequired $false
Get a list of all Office 365 Users without a license assigned to their account: Get-MsolUser -UnlicensedUsersOnly
Change an Office 365 Users User Principal Name (logon username): Set-MsolUserPrincipalName -ObjectID
Get all members of a specific Office 365 Role: $role = Get-MsolRole -RoleName "name" Get-MsolRoleMember -RoleObjectId $role.ObjectId
Get a list of Soft Deleted Users in the Office 365 Tenancy: Get-MsolUser -UserPrincipleName -ReturnDeletedUsers
Permanently delete a Soft Deleted User in the Office 365 Tenancy: Remove-MsolUser -UserPrincipleName -RemoveFromRecycleBin
Change a Domain authentication type to Single Sign On (SSO): Set-MsolDomainAuthentication
Azure Active Directory Rights Management (AADRM):
Connect to Azure Active Directory Rights Management (AADRM): Import-Module aadrm $UserCredential = Get-Credential Connect-AadrmService -Credential $UserCredential
Control User Onboarding for Azure Active Directory Rights Management: Set-AadrmOnboardingControlPolicy -SecurityGroupObjectID "ID"
Note: This must be a security group – Not a User
Enable only users with an Azure Active Directory Rights Management licence to protect documents: Set-aadrmOnboardingControlPolicy -UserRmsUserLicence $true -Scope All
Get a list of all AADRM Administrators: Get-AadrmRoleBasedAdministrator
Remove administrative rights to the Azure Rights Management service for the user via their email address: Remove-AadrmRoleBasedAdministrator -EmailAddress "[email protected]"
Enable the AADRM Super User Feature to allow users to encrypt and decrypt documents: Enable-AadrmSuperUserFeature
Disable the AADRM Super User Feature to allow users to encrypt and decrypt documents: Disable-AadrmSuperUserFeature
Grant an Office 365 User AADRM Super User rights by Email Address: Add-AadrmSuperUser -EmailAddress "[email protected]"
Grant an Office 365 Group AADRM Super User rights by Email Address: Add-AadrmSuperUserGroup -GroupEmailAddress [email protected]
Get a list of current AADRM Super User Users: Get-AadrmSuperUser
Show the current AADRM Super User Group: Get-AadrmSuperUserGroup
Remove the AADRM Super User Group: Clear-AadrmSuperUserGroup
As an Azure Active Directory Rights Management SuperUser, get the status of a file to see if it is protected by RMS: Get-RMSFileStatus -File ""
Import the RMS Protection Module into PowerShell (For AADRM Super Users): Import-Module RMSProtection
Protect/UnProtect a file as an AADRM Super User: Protect-RMSFile -File "" UnProtect-RMSFile -File ""
Get a list of current RMS Templates:
Get-RMSTemplate
Get a list of Office 365 Global Admins: $role = Get-MsolRole -RoleName "Company Administrator" Get-MsolRoleMember -RoleObjectID $role.ObjectId
Add/Remove an Office 365 User from a Role: Add-MsolRoleMember -RoleName Remove-MsolRoleMember -RoleName
Azure Active Directory Connect:
Get Configuration Settings about the Azure AD Scheduler: Get-ADSyncScheduler
Force an Immediate AD Sync Cycle: Start-ADSyncSyncCycle -Policy Full
Stop a current AD Sync Cycle Stop-ADSyncSyncCycle
Change the Azure AD Connect Sync Cycle interval: Set-ADSyncScheduler -CustomizedSyncCycleInterval
Check the status of an ongoing AD Connector Sync: Get-ADSyncConnectorRunStatus
ADFS:
Install ADFS On Windows Server 2012: Install-WindowsFeature -Name ADFS-Federation -IncludeManagementTools
Install an Additional Server into an existing ADFS Farm: Add-AdfsFarmNode -PrimaryComputerName -CertificateThumbprint -GroupServiceAccountIdentifier
Convert an existing Office 365 Managed Domain into a Federated Domain Name: Convert-MsolDomainToFederated -DomainName o365.davidatkin.com
Convert a Federated Domain back to a ‘Standard’ Office 365 Managed Domain: Convert-MsolDomainToStandard
Convert a Federated User back to an Office 365 Managed User Account: Convert-MsolFederatedUser
Specify the Primary Federation Server when installing an additional Server into an Existing Farm (Command to be run if not on the Primary Server): Set-MsolADFSContect -Computer
Set the ADFS Organization Information Properties by piping infromation from the New-AdfsOrganization command: $MyOrg = New-AdfsOrganization -DisplayName "Org Name" -OrganizationUrl "http://" Set-AdfsProperties -OrganizationInfo $MyOrg
Get existing ADFS Settings: Get-MsolDomainFederationSettings
Set a new SSL Certificate on Federation Servers: Set-AdfsCertificate -Thumbprint
Set a new SSL Certificate onto ADFS WAP Servers: Set-WebApplicationProxySslCertificate -Thumbprint
Set a new ADFS Communications Certificate: Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint
Customise Web Links and wording on the ADFS Logon Web Page: Set-AdfsGlobalWebContent
Customise the Logo and Illustration on the ADFS Logon Web Page: Set-AdfsWebTheme
Create a new Theme for the ADFS Logon Web Page: New-AdfsWebTheme -TargetName "Name"
Set the Active Theme for the ADFS Logon Web Page: Set-AdfsWebConfig -ActiveThemeName
Enable Modern Authentication in Exchange Online: Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Verify the status of Modern Authentication in Exchange Online: Get-Organizationconfig | FT Name,*Oauth*
Enable Modern Authentication in Skype for Business Online: Set-CdOAuthConfiguration -ClientAdalAuthOveride Allowed
Verify the status of Modern Authentication in Skype for Business Online: Get-CdOAuthConfiguration | select *adal*
Change the Authentication of a Domain Name from Federated to Standard temporarily until ADFS can be repaired: Set-MsolDomainAuthentication -DomainName -Authentication
Add Owners Actions to the Exchange Online Mailbox Auditing: Set-Mailbox -AuditOwner
Disable / Enable the Office 365 Admin Audit log: Set-AdminAuditLogConfig
Get Exchange Online Stale Mailbox Reports (Mailboxes not being used): Get-StaleMailboxReport Get-StaleMailboxDetailReport
Get Exchange Online Usage Reports: Get-MailboxUsageReport Get-MailboxUsageDetailedReport
Carry out an Exchange Online Message Trace for the past 7-Days: Get-MessageTrace Get-MessageTraceDetail
Carry out a Message Trace for Items upto 90 Days Old: Start-HistoricalSearch Stop-HistoricalSearch
Show Historical Message Trace history for the past 10 Days: Get-HistoricalSearch
Thank you for reading. If there are any errors or you feel there should be some addition’s, please comment and I will look at them. You may also be interested in the ‘Powershell Commands to remember for the Microsoft 70-347 Exam’ Article here: http://davidatkin.com/powershell-commands-remember-microsoft-70-347-exam/
The Reading Pane in Outlook 2013/2016 suddenly stops displaying email content and instead shows nothing.
Resolution:
In my instance the problem was resolved by disabling Hardware Graphics Acceleration in Microsoft Outlook. To do this, follow the below instructions:
1) In Outlook, Click File> Options
2) In Outlook Options, Click Advanced
3) Scroll Down to the ‘Display’ Settings
4) Check the box for ‘Disable Hardware Graphics Acceleration’
5) Restart Outlook for it to take affect
