Author: Bob Lin

Situation: the client would like to use outside Reception agent and forward the reception phone call to the agent. Here is how to do so.

Step 1: Configure

Step 2: Call Routing on reception Mitel Connect

1. Login Operator on Mitel Connect.
2. Click Connect.

3. Click on Settings.

4. Click on Call Routing, and then Power Routing.

5. Click on Create New Power Rule.

6. Enter the Rule Name and select +time is.

7. Enter the Reception forwarding extension #.

8. Save the rule.

9. You should have the Forwarding ready.

1. Sign in to the Azure portal 
2. Select Azure Active Directory

3. Click Roles and administrators to see the list of all available roles.

4. Select a role you want to assign to someone, Helpdesk administrator in our example.

5. Click on Add assignments.

6. Enter the username in the Search bar and then click on Add.

7. Now, the ITHElper has a Helpdesk administrator role.

It is recommended to use IMAP for Outlook read Yahoo emails. However, in some cases you may want to setup POP in Outlook. Here is how.

1. When setup Outlook, select Manual setup or additional server types.

2. In Choose Your Account type, check Pop or IMAP.

3. In POP and IMAP Account Settings, enter user information, server information, and Logon information. Click More Settings.

4. Click on Outgoing Server, check My outgoing server (SMTP) requires authentication.

5. Click on Advanced. Enter 995 for POP3, 465 for SMTP. Also enable SSL.

6. Clock OK to continue to set up Outlook.

You can then select “POP3”, click Next, enter your email address, server information (pop.mail.yahoo.com for POP3 and smtp.mail.yahoo.com for SMTP), and all other user information.

You can then select the Advanced tab and change the POP3 number to “995” and the SMPTP number to “465”. You should then ensure that “Log-in Requires Authentication” is unchecked, click OK, and Finish. Outlook should then start downloading all messages from your Yahoo Mail account.

Situation: the client would like to restrict access to Azure administration portals to known IP addresses (their company public IP addresses) only.

Step 1: Created a Named Location. 

1. Login Azure portal.
2. Click on Active Directory.

3. Click Security on the left pane.

4. Click on Named location on the left.

5. Click on IP ranges Location.

6. Enter the Name and then click on +.

7. Enter the IP range you want to use and click Add.

8. You can add as many IP addresses as you want. Then click Create.

Step 2: Create a Conditional Access Policy

1. Under Security, select Condition Access.

2. Click + New policy.

3. Enter the policy name.

Step 3: Modify Assignments

1. Click on Users or workload identities.

Under Include, check All users.

To exclude yourself from this policy, click on Exclude. Add users or groups who will be excluded from this policy.

2. Click on Cloud Apps or Action

Under Cloud apps, Select apps. In our example, Microsoft Azure Management.

Click on Conditions.

Click on Locations.

Under Include, check Any Location.

Click on Exclude, then select the IP Range you create on step 1.

Step 4: Save and test.

1. After Log into your Palo Alto Network Dashboard, navigate to Device >Certificate Management > Certificates

2. click on Generate in the bottom of the page.

3. The Generate Certificate window will appear. Please, enter the following information:

Certificate Type: check Local

Certificate Name: give your SSL Certificate a friendly name

Common Name: enter the FQDN (fully-qualified domain name) you want to secure (e.g., vpn.pafirewall.com)

Note: For a wildcard SSL Certificate, add an asterisk (*) in front of the domain name. For example,*.pafirewall.com

Signed by: from the drop-down list, select External Authority (CSR)

Certificate Authority: Don’t check the radio button. Leave it blank

OCSP responder: leave the default setting

Algorithm: RSA

Number of bits: select 2048 bits

Digest: sha256

Expiration (days): leave this field blank

4. Click Add in the Certificate Attributes and enter the required details:

Country: enter the two-letter ISO code of your country. For example, US

State: write the full name of the state where your company is registered. For instance, Hawaii

Locality: type the full name of the city where your business is located. For example, Honolulu

Organization: specify the full legal name of your company. For instance, Your Company LLC

5. Click Generate. You will have Generate Certificate popup. Click OK to complete it.

6. Click Export at the bottom of the page. The Status changes to Pending. Note: you should import the new SSL ASAP. Otherwise, you may have a problem to login.

7. the CSR will be saved to the local folder, for example Download.

Note: The private key will remain on the Palo Alto Network system.

In several cases you might want to import Outlook items from an Outlook Data File (.pst).

• You want to move Outlook items from one user email account to replacement email account
• You want to move Outlook items from one computer to aa new computer
• You want to move Outlook items between local folders and an IMAP or Exchange server.

Step 1: Export email, contacts, and calendar items from Outlook to a .pst file

1. Click File.

2. Click on Open & Export.

3. Then Import/Export.

4. Select Export to a file.

5. Click Outlook Data File (.pst)> Next.

6. Click Browse to select where to save the Outlook Data File (.pst). Enter a file name, and choose Next to continue.

7. Click Finish to complete the export.

Step 2: Import Outlook items from a .pst file in another outlook

Process the same procedure to import the .pst file. The only different is Select Import from another program or file

For Word, Go to File > Options

 Click on Display. Under Always show these formatting marks on the screen, turn on or off each formatting mark.

For Outlook, with the message window open, click on the Format Text, in the Paragraph group, click the button that looks like a paragraph mark. (When you point your mouse at the button, the tooltip says Show/Hide ¶).

Alternatively, with a new email message open, go File > Options > Mail > Editor Options 

Click on Display. Check or uncheck the formatting marks you want to see on or off.

You can also use Keyboard shortcut     CTRL+SHIFT+*

The Microsoft Local Administrator Password Solution (LAPS) provides management of local account passwords of domain joined computers. This article shows how to deploy and configure LPAS.

A. Microsoft LAPS Prerequisites

To install Microsoft LAPS, we need at least one management computer, some client workstations, Microsoft Active Directory. Microsoft LAPS also needs a specific Group Policy client-side extension (CSE) installed in each computer to do all managements task.

The management computer could be Domain Controller or any joined domain computer.

B. Installing Microsoft LAPS

1. Download Microsoft LAPS Package by going to by this link: https://www.microsoft.com/en-us/download/details.aspx?id=46899

2. Check the LAPS file you want to download, for example, LAPS.x64.msi file.

3. Double on the downloaded LAPS.x64.msi and click run to continue.

4. Click on Next in Welcome to the Local Administrator Password Solution Setup Wizard.

5. Check I accept the terms in the License Agreement and click on Next.

6. in Custom Setup,

right click on Management Tools, and select Entire Features will be installed on local hard drive. Then Next.

7. Click Install.

8. Click Yes to continue.

9. Click on Finish to complete LAPS setup.

C. Update Active Directory Schema

We need to extend AD schema so that the LAPS can use two new attributes in computer objects.

1. ms-Mcs-AdmPwd – Save the administrator password in clear text
2. ms-Mcs-AdmPwdExpirationTime – Save the timestamp of password expiration.

1. Launch PowerShell run as Administrator

2. Run this PowerShell command:
    Import-module AdmPwd.PS

to import module.

3. Now, run Update-AdmPwdADSchema to update the schema.

4. After schema update, we can see these two new attributes by going to the computer’s property: ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime

During the password update process, the computer object itself should have permission to write values to ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime attributes. To do that we need to grant permissions to SELF built-in account.

To do that,

Step 1: Run Microsoft Management Console (MMC).

Step 2. Add Snap-in

Step 3. Add Certificate.

Step 4. Check Computer account.

Step 5. Import Certificate, for example Highlight Personal>All Tasks>Import.

Step 6. Click Next in Welcome to the Certificate Import Wizard and make sure Local Machine is checked.

Step 7. Follow the wizard to complete the import.

11. Check the Certificate by double click on the imported certificate.

 LAPS manages the password of the local administrator account of the domain-joined clients or servers on the domain controller by GPO.  If you want to deploy LAPS to all workstations only but not server and domain controllers, you can only add the computers you want to this OU.