Friday, July 7, 2023

Remove or Change a user's email alias in Office 365

In Office 365, changing a user's email alias has traditionally been a straightforward process that many engineers have been familiar with. However, due to recent updates by Microsoft, there have been some changes in the way we need to approach this task, causing confusion among a few of my colleagues who reached out to me for assistance. In this guide, I will outline the updated procedure for changing a user's email alias in Office 365, particularly when dealing with a Hybrid setup and synchronization between on-premises Active Directory and the cloud environment.

Change a user's email alias 


1. Open the Azure Active Directory portal by logging in to your Office 365 account.
2. Navigate to the "Users" section.
3. Locate and select the user whose email alias needs to be changed.
4. Open the user's profile and proceed to edit their properties.

Modifying the Email Alias:

1. In the user's properties, look for the "User Principal Name" and "Mail Nickname" attributes. These are the attributes that can now be modified from the cloud environment.
2. Update the "User Principal Name" field with the desired alias for the user's email address.
3. Similarly, modify the "Mail Nickname" field to reflect the new alias.
4. Save the changes to update the user's email alias.

Hybrid Setup Considerations:

It's worth noting that in a Hybrid setup, where synchronization occurs between on-premises Active Directory and Office 365, changing the email alias solely from the on-premises environment (proxy address) may not result in the desired changes. Therefore, it is crucial to utilize the Azure Active Directory portal to modify the necessary attributes mentioned above.

Remove a user's email alias 

In a Hybrid setup, when migrating from a domain removal scenario to an Onmicrosoft domain, there are specific steps that need to be followed to ensure a smooth transition. This guide outlines the necessary procedures, particularly when dealing with licensed and unlicensed users, and the synchronization of attribute changes from the on-premises Active Directory to Azure Active Directory.


Handling Licensed Users:
a. For licensed users, initiate the domain change from the on-premises Active Directory.
b. Make the necessary changes to the user's attributes, including the domain information.
c. Run an Azure AD delta sync to synchronize the exchange attributes to Azure Active Directory.
d. Note that the delta sync will only sync attribute changes to Azure if the user has an active license.

Unlicensed Users:

a. In the case of unlicensed users, a delta sync alone will not sync any attribute changes to Azure Active Directory.
b. Instead, the initial sync command must be used to ensure that the changes take effect.
c. Execute the initial sync command to synchronize the attribute changes for unlicensed users.

When migrating from a domain removal scenario to an Onmicrosoft domain in a Hybrid setup, it is crucial to follow the proper steps for both licensed and unlicensed users. For licensed users, changing the domain from the on-premises Active Directory and running an Azure AD delta sync will effectively sync the exchange attribute changes to Azure. However, for unlicensed users, the delta sync will not suffice, and the initial sync command must be utilized to ensure that the changes take effect. By adhering to these procedures, you can successfully migrate from domain removal to an Onmicrosoft domain in your Hybrid setup.

Monday, June 19, 2023

Scheduling meeting with voting poll


It is now easy to schedule a meeting when external parties are involved in the same meeting.

Last year, Microsoft released a feature called 'Find Time,' but most of us are not aware of it, and some lack knowledge about the new feature. In this article, I will share all my findings on the scheduling poll available in Outlook.

We can schedule a poll in two locations:

  • Calendar

  • New email 

Next, change the required details as per your needs.

After you create the poll, you will see it in the email or calendar request as shown below.

Check your calendar; you will see that your calendar has been tentatively booked for the selected time frame.

Once you receive the votes, you can select 'View Poll Results,' and it will open on the web (

Select the meeting title to expand the results.
With the results, you can directly schedule the meeting. After successfully completing the poll, the hold time will be released."

Tuesday, June 6, 2023

Cross-Tenant Synchronization

Some customers have requested cross-tenant synchronization, but it is not currently available in its entirety. However, we do offer several features that can enable synchronization with another tenant. Some customers utilize third-party applications, while others rely on scripting for this complex integration.

To facilitate seamless synchronization between two tenants, we have a few key features that can be directly enabled and provide significant benefits:

  1. Calendar Cross-Tenant Synchronization: This feature allows for the synchronization of calendars between different tenants. It ensures that appointments, events, and important dates are shared and updated across multiple tenants.
  2. Collaboration Cross-Tenant Synchronization: With this feature, users from different tenants can collaborate effortlessly. It enables real-time collaboration enabling smooth teamwork and productivity across tenants.
  3. Application Access Cross-Tenant Synchronization: By enabling this feature, users from one tenant can seamlessly access and interact with applications and data from another tenant. It simplifies the process of sharing resources and enhances efficiency in cross-tenant workflows.

By leveraging these features, we aim to provide a robust and efficient solution for cross-tenant synchronization. Although complete synchronization is not currently available, these enabled features offer significant benefits for customers seeking to streamline their operations and enhance collaboration between tenants.

Calendar Cross-Tenant Synchronization

This is how we can enable the Calendar synchronization. 

Go to the Exchange admin Center, click Organization ad Select Sharing.

Select Organization relationship 

Manage ownerless Microsoft 365 groups and teams


To ensure smooth functioning within groups, it is essential for each group to have an owner responsible for managing membership and settings. Owners possess unique permissions, including the ability to modify group configurations. However, situations may arise when the owner leaves, leaving members in need of assistance to add a new owner. This can potentially disrupt the ecosystem, especially within Microsoft Teams.

To address this issue, one possible solution is to implement a system where an email notification is automatically sent to active group members when there is no owner present. The email would request one of the active members to step up and become the new owner. This process can be facilitated through the following steps:

  1. Log in to the O365 admin center.
  2. Navigate to the Settings section.
  3. Locate the Microsoft 365 Groups option.
  4. Enable the functionality to identify ownerless groups by ticking the corresponding checkbox.

By implementing this option, the system will proactively identify groups without owners. This will trigger an email notification to active group members, alerting them to the vacancy and asking for someone to assume the ownership role. This approach ensures continuity and prevents the ecosystem from breaking due to lack of ownership.

By following these steps, you can improve the management of groups within Microsoft Teams, promoting a seamless experience for all members and maintaining the integrity of the ecosystem.

Friday, May 19, 2023

Which Authentication is the best Authentication?


In the O365 login page, we log in with our username and password. Is this secure?

I have seen multiple incidents where our clients complain that their accounts have been hacked. Someone has sent spam emails using their accounts and they have logged in from different countries, etc. If someone steals our password, what will happen? Let's see what authentication mechanisms are available to us and the benefits of using them.

Password: Passwords can be stolen through keyloggers. To protect ourselves, we can increase the password length, add characters and symbols, and increase password history.

PIN: For PC login, we can use a PIN instead of a password. PINs are more secure than passwords because they are easy to remember and unique to one device. Even if a PIN is stolen, the potential damage is much lesser than a compromised password.

Text Message or Voice Call: This method is more secure than a PIN or password because we receive a real-time code from the authentication service that is valid for a certain time period. A few years ago, I personally told my customers that two-factor authentication using text or voice call was the secure method to safeguard our users. However, this method is not valid nowadays as text messages or voice calls can be accessed through third-party applications.

Biometric or Face ID: Compared to the previous three methods, this is the most secure way because it requires your fingerprint or face to authenticate. This method is unique to you only.

Authenticator App: The Microsoft Authenticator app is one of the most secure apps we can use for authentication. You can set up biometric or Face ID to access applications.

Which is the newest method and most recommended by security experts? 

"Go with PasswordLess"

How do we authenticate with passwordless?

You can select passwordless as your main authentication method. When you enter your username, it will automatically redirect and ask you to enter a number on your Authenticator app. To log in, you will not need a password, but you will need your mobile Authenticator app and biometric or Face ID. It will show you the location and application that is trying to authenticate.

Thursday, May 11, 2023

Thursday, May 4, 2023

Sign up for Windows Known issues Email Alerts



The Windows release health page, located within the Microsoft 365 admin center, provides access to up-to-date information regarding known issues related to both monthly and feature updates for Windows. These known issues are problems that have been identified within a Windows update and are impacting Windows devices. By accessing the Windows release health page, you can stay informed about these issues and leverage this information to help troubleshoot any problems that your users may be experiencing. Additionally, this resource can help you make informed decisions about when and how to deploy updates within your organization based on the scale and severity of the known issues.

This feature provides an advantage to IT teams when troubleshooting Windows-level issues. Previously, we had to check each endpoint to see which update was recently installed and then search for known issues related to the update. However, with this new approach, we can proactively receive information on all known issues related to the selected product in your inbox. This enables us to take a more efficient and effective approach to troubleshooting.

Monday, May 1, 2023

Deploy Windows LAPS [Step by step guide]


Microsoft Local Administrator Password Solution (LAPS) is a free solution that provides a secure way to manage local administrator passwords on Windows computers. LAPS works by randomly generating a complex password for the local administrator account on each computer and storing it securely in Active Directory/. The password is then periodically changed and updated, helping to prevent attackers from gaining access to the local administrator account and compromising the computer or network. LAPS is a simple and effective way to improve the security of local administrator accounts across an organization's network.

Windows LAPS is the newer solution  Microsoft has introduced to us. It's much easy to deploy and much easy to maintain the Administrative password.  Windows LAPS also adds many features that aren't available in legacy Microsoft LAPS. You can use Windows LAPS to back up passwords to Azure Active Directory, encrypt passwords in Windows Server Active Directory, and store your password history.

Windows LAPS doesn't required to install any agent on the PCs like legacy Microsoft LAPS. Old day we used MECM (SCCM), GPO or Any 3rd party application to Deploy the client. 

Windows LAPS Support Hybrid Azure AD  Join and Azure AD join but doesn't support the Azure AD registered.  

Same as Microsoft LAPS, Windows LAPS also freely available with Azure AD basic and above but you might be need to purchase Azure AD Premium plan 1 or plan 2 for conditional Access and Intune license for benefit the Windows LAPS other features.

Sunday, April 30, 2023

Hyper-V Windows 11 VM Creation Error - "This PC doesn't meet the minimum System requirements to install this version of windows.



When we create a VM on the Hyper-V, Windows 11 we getting these errror. these are the minimum system requirements you need to create the Windows 11 VM.

Blow things we need to check when we are creating the VM

  • VM Generations

We need to select Generation 2 because its the one support UEFI Secure boot.

  •  Processor

In the Settings we need to make sure that we have selected more than 2 virtual processers.

  • Enable Trusted Platform Module

Go to settings and select Security and mark "Enable Trusted Platform Module". Most of the time this might be the issue we getting about error. default its not enable the Trusted Platform Module.

Friday, April 28, 2023

MD-100 & MD-101 Exam will be Rename to Microsoft 365 Certified: Endpoint Administrator Associate (MD-102)


Microsoft has announced that it will be renaming its popular certification program for desktop administrators, the Microsoft 365 Certified: Modern Desktop Administrator Associate, to the Microsoft 365 Certified: Endpoint Administrator Associate. The new certification program will come into effect on July 1, 2023, and is aimed at addressing the evolving needs of modern workplaces, where endpoint management has become a critical aspect of IT administration.

The Microsoft 365 Certified: Endpoint Administrator Associate certification is designed to equip IT professionals with the skills and knowledge they need to manage and secure endpoints across a range of devices and platforms, including Windows, macOS, iOS, and Android. It will cover topics such as device management, application management, security, and compliance, among others.

To earn the new certification, IT professionals will need to pass the MD-102 exam, which will be available from May 2, 2023. The exam will test candidates on their ability to configure, manage, and secure endpoint devices and applications, as well as their knowledge of Microsoft 365 security and compliance solutions.

The renaming of the certification program reflects Microsoft's commitment to keeping pace with the changing technology landscape and ensuring that its certification programs remain relevant and up-to-date. By aligning its certification programs with the evolving needs of modern workplaces, Microsoft is helping to ensure that IT professionals have the skills and knowledge they need to succeed in their roles and contribute to the success of their organizations.

In conclusion, the renaming of the Microsoft 365 Certified: Modern Desktop Administrator Associate certification to the Microsoft 365 Certified: Endpoint Administrator Associate certification reflects the changing needs of modern workplaces and underscores Microsoft's commitment to providing IT professionals with the skills and knowledge they need to succeed in their roles. The MD-102 exam, which will be available from May 2, 2023, will test candidates on their ability to manage and secure endpoints across a range of devices and platforms, and is a crucial step for IT professionals looking to enhance their skills and advance their careers.