Author: Bob Lin

1. After login, go to OBJECTS>Custom Objects>URL Category.

Yes, Microsoft Office 365 does offer an archive for terminated employees. This is usually achieved through the use of inactive mailboxes, which allow you to retain the email data of a terminated user for a specified period of time. During this time, you can access the data in the inactive mailbox for compliance and legal purposes.

Once the specified retention period has ended, the data in the inactive mailbox can either be deleted permanently or moved to a longer-term archival solution. This functionality is available in the Exchange Online component of Office 365 and can be configured through the Exchange Admin Center or using PowerShell scripts.

The specified retention period for an inactive mailbox in Office 365 is determined by your organization’s policies and requirements. You can set the retention period to any length of time, and it can be different for different types of data. For example, you may want to retain email data for a longer period of time than other types of data, such as OneDrive files.

The exact steps for setting the retention period for an inactive mailbox in Office 365 will depend on your organization’s setup, but typically involve creating a retention policy and applying it to the inactive mailbox. You can then configure the policy to specify the length of time you want to retain the data and specify what should happen to the data once the retention period has ended.

If you suspect your PC may be hacked by Malware or virus, you can check it using Microsoft Defender on Windows. This example is based on Windows 11.

1. Click on Start icon.

2. Click on Settings.

3. Click on Privacy & security.

4. Click on Windows Security.

5. Windows Security will show you any issues. If you do see any problem or Action recommended, click on it to fix the problem.

Situation: The client has a Palo Alto Firewall and configure GloablProtect MFA using DUO. Here are the steps to activate GloablProtect DUO for using MFA.

1. Login DUO.com and click on Users.

2. Click on Inactive Users (assuming you already created the users).

3. Add Phone and click on Activate Duo Mobile.

4. Click on Generate Duo Mobile Activation Code.

5. The user’s phone receive a text message with link. Click on the link to Activate (assuming you have DUO app on the phone). On DUO website, it shows Reactive DUO Mobile.

6. Now, try to login Gl;oablProtect. the user’s phone DUP app should have a popup. Tape Approve and you should be able to login.

Note: If it doesn’t work, you can check Bypass in User’s Status to test if you can login GloabalProtect without MFA. If you login with Bypass enabled, it is MFA issue. If you can’t, it is possible GloablProtect has a configuration issue.

1. I downloaded the 2016 Exchange server eval – Download the latest version of Exchange. For more information, see Updates for Exchange Server.
2. Ran the command to update AD Schema
3. Manually syncd ad/o365 afterwards and hoped for the best.

It turns out that nothing changed for any users already syncd with office365, so id call that a success.

However, you will need to go in to the Azure ad sync tool on your DC and manually tell it what to export from AD to the cloud that is now new…. Such as the hide from address book attribute for example. If you set it in AD, it won’t sync that attribute until you edit the export in the ad sync tool.

I ended up getting it all to work just as intended fairly quickly being there was zero documentation that I could find regarding this part of it.

A guest account in Windows OS allows users to access the computer, share folders and printers from remote computers. There are many ways to enable or create a Guest accounts.

Option 1: Enable guest account via Local Users & Groups

1. In the Start menu or taskbar search box, type Lusrmgr.msc and then press Enter key to open Local Users and Groups.

2. Click Users under Local Users and Groups (local).

3. Right-click the Guest and then click Properties or double-click on Guest to open its properties.

4. Uncheck Account is disabled.

Option 2: Enable Guest account via Command Prompt

1. Type CMD in the Start menu or taskbar search box, and then Run as administrator.

2. Click Yes when you see the User Account Control prompt.

3. Type the following command and then press Enter key.

net user guest /active:yes

Option 3: Enable Guest account via Group Policy

Note that Group Policy is not part of the Home edition of Windows 10. So, this method doesn’t work on Windows 10 Home edition.

1. Open Group Policy Editor by typing Edit Group Policy in the Start or taskbar search box and then pressing Enter key.

2. In the Group Policy Editor, navigate to the following policy: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

3. On the right-side, double click on Accounts: Guest account status to open its Properties.

4. Check Enable.

5. Click OK to save the settings.

Option 4 Create a regular user account using GUI

1. Open the Start menu and click on the Settings icon.

2. In the Settings window, click on Accounts.

3. Select Family & other users from the left-side panel.

4. Click on Add account in Other users.

5. Click on I don’t have this person’s sign-in information in How will this person sign in?.

6. Click on Add a user without a Microsoft account.

7. Click on Add a guest.

The Guest account will be enabled and you can use it to log in to the computer without affecting the main user account’s settings and files.

Update: Microsoft has hidden the Guest account from Windows 10 and 11. Also, Microsoft has moved almost all user account settings to the new Settings app, but there is no option under the Accounts section of Settings to enable the guest account. The Settings app only allows you to create standard local or Microsoft accounts.

To enable the guest account in Windows 10 and 11, we may have Mutiple options.

Option 1: Enable guest account via Local Users & Groups

1. In the Start menu or taskbar search box, type Lusrmgr.msc and then press Enter key to open Local Users and Groups.

2. Click Users under Local Users and Groups (local).

3. Right-click the Guest and then click Properties or double-click on Guest to open its properties.

4. Uncheck Account is disabled.

Option 2: Enable Guest account via Command Prompt

1. Type CMD in the Start menu or taskbar search box, and then Run as administrator.

2. Click Yes when you see the User Account Control prompt.

3. Type the following command and then press Enter key.

net user guest /active:yes

Option 3: Enable Guest account via Group Policy

Note that Group Policy is not part of the Home edition of Windows 10. So, this method doesn’t work on Windows 10 Home edition.

1. Open Group Policy Editor by typing Edit Group Policy in the Start or taskbar search box and then pressing Enter key.

2. In the Group Policy Editor, navigate to the following policy: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

3. On the right-side, double click on Accounts: Guest account status to open its Properties.

4. Check Enable.

5. Click OK to save the settings.

1. Open the GlobalProtect app
2. Open the menu button
3. Choose Settings
4. Go to the Troubleshooting tab
5. Click the Collect Logs button
6. When the process completes, click Open Folder to view the collected log package (GlobalProtectLogs.zip), which you can email to the ITS Service Desk for troubleshooting

To modify the AuthOrig attribute in Active Directory (AD), you can use the following steps:

1. Open the Active Directory Users and Computers console.
2. Locate the object you want to modify and right-click it.
3. Select “Properties”.
4. Go to the “Attribute Editor” tab.
5. Locate the AuthOrig attribute and double-click it.
6. For this example, let’s say you want to add user named Bob in Chicagotech.net to the AuthOrig attribute. Enter CN=Bob,OU=Users,DC=Chicagotech,DC=Net in the value field and click “OK”.
7. Click “OK” again to close the properties of the object.
8. Close the Active Directory Users and Computers console.

There are multiple methods to achieve this goal.

Option 1: Create a mail flow rule

1. Login Microsoft 365 admin center
2. Go to  Exchange online admin center.
3. Go to ->mail flow.

3. Rules.

4. Select Restrict messages by sender or recipient.

5. In Set rule conditions, Apply this rule if: The sender is…-> a member of…-> select distribution group address. Do the following: Block the message and Delete the message without notifying anyone. Except if: the sender is a member of…:

6. Click on Next in Set rule settings.

7. Click Finish on Review and finish.

Option 2: Modify “delivery management” setting:

1. Go to Exchange admin center->recipients->groups

2. Double-click the Distribution group to edit it.

2. Select “delivery management”->and add specific senders as well as groups that are allowed to send message to the group, by which way messages sent by anyone else will be blocked.

After you configure Azure Conditional Access policy which block all out of country access, you may want to add trusted location by country or IP addresses to access Microsoft 365. Here is how.

1. Login the Azure portal and go to Azure Active Directory > Security > Conditional Access > Named locations. 

2. You have options configure Countries location or IP ranges location.

3. These are some examples.