Tag: Security

How to Disable Office365 Integrated Apps for all Tenants (Powershell)

How to Disable Office365 Integrated Apps for all Tenants (Powershell)

Disable integrated Apps

What is it?

This very simple Powershell script is aimed at MSPs and Microsoft Partners that manage their clients Office365 environments. It will disable the ‘UsersPermissionToUserConsentToAppEnabled’ option within the clients Tenancy so that they are unable to give permission for third party Apps to access their Office365 Accounts.

Why would you want to do this?

It has been suggested that the next large ransomware attack may target cloud environments like Microsoft Office365. One of the ways that this could be accomplished is by end users granting permission for third party apps to access their Office365 accounts. For more information, see the link below.

Spiceworks – Cloud Ransomware

One of the ways of protecting against this is to disable the end users ability to grant permission to the third party apps in the first place. This is what the script does within Office365.

Things to consider:

 The Script is designed for Office365 Admins who manage a reasonable number of Office365 Tenancies. Using the script will mean that the setting doesn’t need to be applied manually per tenant.

– The Script requires you to be an Office365 Administrator with Delegation permissions over your clients environments

– You may want to check with your clients to make sure that they don’t need this feature.

– The script will presume that you have the correct execution policy configured.

– For those of you with fewer clients you can set this via the Office 365 Admin Center > Settings > Services & Add-ins > Integrated Apps (Refer to picture at the top of the page)

– I take no responsibility or liability for any unforeseen effects of the script. It is suggested that you read through any Powershell script before executing it.

The Script:

#Show Prompt to user
[System.Windows.MessageBox]::Show('This Script will Disable the "UsersPermissionToUserConsentToAppEnabled" option for each Tenant linked to your Partner Account. Click OK to continue')
#Connect to Office365 Partner Tenancy
$Cred = Get-Credential
Connect-MsolService -Credential $Cred
#Get list of Tennant ID's
$Tenant = Get-MsolPartnerContract
foreach ($ID in $Tenant) {Set-MsolCompanySettings -TenantId $ID.TenantID -UsersPermissionToUserConsentToAppEnabled $False
Get-MsolCompanyInformation -TenantId $ID.TenantId | Select DisplayName, UsersPermissionToUserConsentToAppEnabled}

Powershell Script Download:

Disable-UsersPermissionToUserConsentToAppEnabled (Partner)

Password Managers – Be Safer Online.

Password Managers – Be Safer Online.

I created this Article about Password Managers back in 2015 and published it to a well known Tech Forum called Experts Exchange. The Article is still relevant so I’ve decided to publish it on my blog as well. Happy Reading.

A brief insight into online Password Managers – Be Safer Online.

A few customers have recently asked my thoughts on Password Managers. As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords. But as I was getting asked about them more and more I decided to trial one so I could offer a better opinion. The one I decided to trial was called ‘LastPass’. It came highly recommended from a couple of my Web Developer friends who now use it for every website that requires some form of login!

In addition to the recommendation I did some research on the program to give me a little more confidence and understanding – I suggest reading a few reviews prior to jumping into anything.

What is a Password Manager?

A password manager is a program that helps a user to better manage and organise their passwords for online accounts. Most Password managers store your passwords and then encrypts them. The programs then require the user to enter a Master Password to decrypt them before they can be access.

What is the benefit of having a Password Manager?:

If you’re anything like me you will have lots of online logins, then over time this can become difficult to manage. I found myself trying multiple login credentials on sites before finding the one that works, eventually getting there but sometimes I would have to do a password reset.

Using a Password Manager takes away this problem. All you have to do is remember the one password and the program does the rest.

Getting Starter – The Master Password:

The first thing that a Password Manager will ask you to do is to create a ‘Master Password’. This is the password that you will use to access the program and the access your ‘Password Vault’ (where your passwords are kept). Because this is the password that allows you to access your other online accounts I would highly suggest making this as Complex as possible. The password needs to be completely unique and not used anywhere else – I can’t stress this enough. Make sure that you remember this password. If you forget it you will not be able to access your account.

Master Password tips:

– Make the password as long as possible. At least 12 Characters long would be a good goal.

– The password should contain Lower and Upper case letters

– The password should contain Numbers (0-9)

– The password should contain Special Characters – e.g. £ * ( ) $

– The password must be Unique

First thoughts:

I started using the program for some of sites that I don’t really care about – Mostly online games and a couple of forums etc. I found it was easy to add the sites to the ‘Password Vault’ and it replicated to all of my other devices (PC/Mobile/Laptop) where LastPass was installed. One great feature is that when you’re logged into LastPass and visit a site that you’ve saved it will auto-complete the login fields for you – Saves time which is great and stops the ‘which password is this’ problem.

Boosting my online security with The ‘Security Challenge:

LastPass has a built-in ‘Security Challenge’ which ranks you based on the type of usernames and passwords that you’ve used on the stored online sites. My rating was pretty low. This didn’t surprise me much as the sites I’d stored were of little importance so wasn’t using any of my secure passwords.  What did surprise me is that it gave me an option to visit the site and change the password to something randomly generated and more secure.

I visited a couple of my ‘weak’ sites and let the program generate a new random/secure password which boosted my security rating and technically made me safer online. The password was then saved into the password vault and again updated to all of my other machines that had the program on.

An example of one of the automatically generated passwords is:            !dDOoDgLs8Jp

Why Random passwords are such a good thing:

A lot of the people that I speak with tend to have one or two passwords for everything that they use online. The reason that this is a problem is because if an attacker gained access to one of your accounts then they could potentially use the information to get into any of your other online accounts.

For example:

Say you register on a website to play an online game. You register with your normal email address and password. One week later the website is hacked and your username and password are in the hands of a hacker. I can almost guarantee that these people will try your username and password on other well-known sites to see if they can get in… They will try accessing your facebook, email, twitter etc. I know this because if I was a hacker, I would do the same.

There are literally hundreds of cases where people’s lives have been ruined because they’ve used the same password everywhere. The random password generator solves this problem. With the random password, if my details where leaked that could try accessing any of my accounts but because all the passwords are different they will fail.

After the trial:

Since trying LastPass I’ve added most of my online accounts into it and I’m now using it on all of my devices. I’ve updated my passwords on various sites to improve the security and I’m happy that everything can be managed from one place. The program also allows me to create various sub folders in the Password Vault so that I can easily find any details I may need in the future. Another nice feature is that if I want to I can share my login details with other LastPass users which gets around the sending passwords via email problem.

Other Password Managers:

There are plenty of other Password Managers to choose from. As I said previously, I used LastPass because it came recommended and I was happy with the features that it offered. I would advise you to have a look at the others on the market before making a decision on using one. The features on most of the Password Managers are very similar but some do offer more than others. For example, one feature that I would like to see on LastPass is fingerprint authentication for the mobile devices, this is something that others offer.