Check DKIM using CMD

 in CMD

Type nslookup -q=txt <selector>._domainkey.<domain> where <selector> is the DKIM selector and <domain> is the domain name.

e.g --

nslookup -q=txt abc1._domainkey.himanshu.xyz

By at No comments:
Labels: ,

Audit Teams chat

Auditing Private Chats in Teams - Microsoft Community


 Microsoft Teams > Find Chat Conversations Between Users

7/9/2021 · Applies to the Security and Compliance Center using eDiscovery to find conversations in Microsoft Teams

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

By at No comments:
Labels: ,

Change Recoverable Items retention time/days

Change Recoverable Items retention time/days

Get

Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Get-Mailbox | ft displayname,primarysmtp*,RetainDeletedItemsFor -autosize


Set

Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Set-Mailbox -RetainDeletedItemsFor 30

By at No comments:
Labels:

Get Motherboard Model and Serial

Get Motherboard Model and Serial

In CMD

 wmic baseboard get product,Manufacturer,version,serialnumber

By at No comments:
Labels:

Search and Purge permission

Microsoft 365 Defender: Threat Explorer - Permissions

I've had a user want permissions to hard/soft delete emails found to be potentially malicious in M365 Defender Threat Explorer (https://security.microsoft.com/threatexplorer)

What you need to be able to access Threat Explorer in M365:

  • Organization Management
  • Security Administrator (assign this in the Azure Active Directory admin center (https://aad.portal.azure.com)
  • Security Reader (if you PIM upto SecAdmin then you won't need SecReader

Required Licenses

You must have Microsoft Defender for Office 365 to use Explorer or Real-time detections.

  • Explorer is included in Defender for Office 365 Plan 2.
  • The Real-time detections report is included in Defender for Office 365 Plan 1.
  • Plan to assign licenses for all users who should be protected by Defender for Office 365. Explorer and Real-time detections show detection data for licensed users.

Digging into it....

Assign AAD Security Administrator to the user if they don't have it already. It's likely if they are in a SOC or InfoSec that they will probably have this.

The user was able to access Threat Explorer after pimming up to SecAdmin but couldn't access hard or soft delete.

This delete function was something that I was able to perform but actually couldn't see why I could or where the permission was that enabled me to.

So, let's head over to Permissions & Roles @ https://security.microsoft.com/securitypermissions and select "Roles" under "Email & collaboration roles".

You'll now see a list of roles and permission specific to M365 Defender

The magic role you need now is "Search & Purge" which appears in "Data Investigator".

The side window will swipe in and you'll see "Search & Purge" under assigned roles.

Assign the member to this role then they should be able to purge any emails they look up (making sure they are pimmed upto AAD SecAdmin first).

  

By at No comments:
Labels: