Ransomware Archives - DavidAtkin.com

How to Disable Office365 Integrated Apps for all Tenants (Powershell)

By David | January 17, 2018 | Comments 1 comment

What is it?

This very simple Powershell script is aimed at MSPs and Microsoft Partners that manage their clients Office365 environments. It will disable the ‘UsersPermissionToUserConsentToAppEnabled’ option within the clients Tenancy so that they are unable to give permission for third party Apps to access their Office365 Accounts.

Why would you want to do this?

It has been suggested that the next large ransomware attack may target cloud environments like Microsoft Office365. One of the ways that this could be accomplished is by end users granting permission for third party apps to access their Office365 accounts. For more information, see the link below.

Spiceworks – Cloud Ransomware

One of the ways of protecting against this is to disable the end users ability to grant permission to the third party apps in the first place. This is what the script does within Office365.

Things to consider:

– The Script is designed for Office365 Admins who manage a reasonable number of Office365 Tenancies. Using the script will mean that the setting doesn’t need to be applied manually per tenant.

– The Script requires you to be an Office365 Administrator with Delegation permissions over your clients environments

– You may want to check with your clients to make sure that they don’t need this feature.

– The script will presume that you have the correct execution policy configured.

– For those of you with fewer clients you can set this via the Office 365 Admin Center > Settings > Services & Add-ins > Integrated Apps (Refer to picture at the top of the page)

– I take no responsibility or liability for any unforeseen effects of the script. It is suggested that you read through any Powershell script before executing it.

The Script:

#Show Prompt to user [System.Windows.MessageBox]::Show('This Script will Disable the "UsersPermissionToUserConsentToAppEnabled" option for each Tenant linked to your Partner Account. Click OK to continue') #Connect to Office365 Partner Tenancy $Cred = Get-Credential Connect-MsolService -Credential $Cred #Get list of Tennant ID's $Tenant = Get-MsolPartnerContract foreach ($ID in $Tenant) {Set-MsolCompanySettings -TenantId $ID.TenantID -UsersPermissionToUserConsentToAppEnabled $False Get-MsolCompanyInformation -TenantId $ID.TenantId | Select DisplayName, UsersPermissionToUserConsentToAppEnabled}

Powershell Script Download:

Disable-UsersPermissionToUserConsentToAppEnabled (Partner)

Avoid getting infected by threats like ‘WannaCry/WCry’ – Ransomware

By David | May 16, 2017 | Comments 1 comment

I’ve been asked about the WannaCry Ransomware a few times over the last few days. My top tips on how to avoid becoming a victim to these kinds of threats are below:

Keep your Systems up-to-date.

Windows updates can be irritating. We’ve all been there when we’re ready to go home and we’re waiting for Windows update to finish installing before the PC is shutdown. However, in the case of ‘WannaCry’ ransomware, the infections could have been avoided by the Microsoft Fix being installed. The Fix itself was released months ago, with Microsoft Updates turned on there is a vastly reduced chance of you getting this kind of infection that tried to access your machine via known Vulnerabilities in Microsofts software.

Use a supported Operating System.

The support for older versions of Microsofts Operating Systems like Windows XP ended ages ago. Microsoft were under no obligation to release a fix for the SMB issue that the ‘WannaCry’ infection exploited. Users on the latest Windows 10 operating System were immune to this issue as the auto updates would have patched the vulnerability when it was released. Refer back to item number 1.

Get yourself a decent Anti-Virus.

There are far too many people out there who run their Systems with either no Anti-Virus or a poor performing free Anti-Virus. With a paid Anti-Virus you’re in safer hands.

Personally, I recommend ESET Anti-Virus. I’ve used it for many years and have it on both my Home and Work Operating Systems. It’s low on Resource consummation and has an excellent virus detection rate. Those users who already have ESET will have been immune to the ‘WannaCry’ infection as ESET can detect and stop it. The same is said for many of the other varients of Ransomware

A Link is for ESET can be found at the bottom of this page.

Email – Be cautious, if in doubt don’t open them.

Email is possibly the biggest method in which machines are infected with viruses and malware. This means that if the users are more cautious and aware then there is less risk of being infected. Scammers are getting very smart in their methods of making an email look like it has come from a legitimate source when it hasn’t. I strongly suggest that you take care when going through your emails. If you don’t think the sender is legitimate then check with them before opening it. If you can’t contact them directly, delete the email. Better safe than sorry.

Going even further than this, if you’re a company you should have some kind of Email Filtering in place. Yes, it does cost a little bit of money but probably nothing in comparison to getting an infection and losing your data!

If it’s important to you – Have a BACKUP!

Despite having all of the above in place, there is still a chance of being infected by something that you can’t remove without having to reinstall you PC. In the event of this, it’s always best to have a backup! Anything that you have that you cannot do without you’ll want to backup. Backup to multiple locations and backup often.