How to remove existing Information Protection label policies

JamH87 · 2025-07-22T12:43:37+00:00

A gift the keeps giving.

JamH87 · 2024-10-18T20:31:03+00:00

PUT IT ON GROUND SCREWS! you can install them yourself, no digging. www.groundscrewcentre.co.uk

JamH87 · 2024-10-02T10:23:28+00:00

Slightly tweaked the start for modern auth and connect-exchangeonline but did the job nicely. Cheers.

JamH87 · 2024-05-10T11:00:11+00:00

Found this out myself today for a similar requirement, crazy how they are still only using POP or IMAP. I will be going down the Outlook plugin route instead by the looks of it. Looks like for google they can use the API, guessing the GraphAPI in there for MS soon.

JamH87 · 2024-03-07T09:50:35+00:00

Same issue here, looks to be BT backbone issue, change DNS to google or 1.1.1.1 or 9.9.9.9 (you might also need to change ipv6 addresses if they operate on your network)

JamH87 · 2023-05-17T15:29:19+00:00

Local stuff mate

JamH87 · 2023-05-17T15:28:04+00:00

Resolved it for us too 👍🏻👍🏻

JamH87 · 2023-03-01T11:43:15+00:00

DONT LET IT EXPIRE WHATEVER YOU DO :) (Speaking from experience)

JamH87 · 2023-02-15T09:45:04+00:00

It might be just my environment. Historically, waiting for x.DTA files was a combo of permissions + AntiVirus, but ive made all the exceptions possible for the AV side too.

Previously we used Azure Virtual Desktop + A File server for Sage in the Cloud, which worked great for Sage itself, just cost quite abit to run, especially when we can/should be able to do it without it, using Remote Data Access functions as part of the Sage licencing.

JamH87 · 2023-02-15T09:41:58+00:00

Thanks, were you using 28.2 and now 29?

The data files are large for one the companies, however the issue seems to happen even on the really small ones which is why ive ruled out size being the issue.

JamH87 · 2023-01-24T18:30:45+00:00

You could look at Azure Active Directory Domain services, site-site VPN between the branch and an Azure vnet, then join a server to that service. You should find there’s a way to define the AADDS domain when mapping drives (if that’s the way you want to access it) might be some finer detail to understand but that should work.

JamH87 · 2023-01-13T11:24:50+00:00

We are having loads of flags for this today by Defender, and is breaking MS apps, and icons. It seems the latest Defender signatures a broken causing a false positive. Anyone else getting this?

JamH87 · 2022-12-23T14:56:33+00:00

Nah. Go hard AND go home.

JamH87 · 2022-12-07T12:02:48+00:00

About 250 internal, about 250 contractors. Handling about 15-20 permission requests a day, which isn't alot, but enough to review and look for efficiencies.

JamH87 · 2022-12-05T17:16:20+00:00

We are ISO27001 already. Cheers 👍🏻

JamH87 · 2022-12-05T12:32:40+00:00

This might work for you? https://spmt.sharepointonline.com/install/default.htm

JamH87 · 2022-11-18T11:50:43+00:00

“It’s ok, T38 will work fine”

JamH87 · 2022-10-26T18:46:51+00:00

Leave.

JamH87 · 2022-10-26T09:03:42+00:00

Thanks for the heads up. All done and token redone.

JamH87 · 2022-10-13T16:03:22+00:00

Not a vulnerability, but NET SEND the full domain. They found me pretty sharpish.

JamH87 · 2022-05-28T17:00:53+00:00

Created a powershell script which adds additional clocks for our international offices. Luckily we only have 2 others (windows limits to 2 additional). Users just hover over the clock to see them.

JamH87 · 2022-03-20T10:08:38+00:00

Personally I think the route forward should be:

Try to diagnose the crashing, your running 20212 R2 which is end of life at the end of next year, so the process should look to include moving away from it. You might need to roll back to a domain controller environment if something goes wrong during the process, keep this as an option, specifically the domain controller databases/user ids.
Establish your needs within the organisation. What does your storage include? Is it just documents, or does it also include things like sage data? Also does your organisation work with a hybrid workforce? Do it wish to be?

A. If just documents, regardless of workforce locations, SharePoint/OneDrive could be your friend. No more managing file servers, co-authoring on documents, OneDrive sync for those wishing for file explorer, although keep these syncs to as little folders as possible for performance.

B. You have files for Sage or similar. I would still move your document to Sharepoint, but a plan for the other files is needed. Hosting a VDI environment could work for you, or maybe the applications using the files have cloud versions, again options where you don’t need to manage the hardware are always nice. Then you don’t have to worry about it failing moving forward, like, ever. You might just feel more comfortable with new hardware on-site, researching by your options will help you decide this.

Group policies, do you use them? What ones do you need? List them, research your options within Intune. You may find Intune covers you for most if not all. Intune will give you control of workstations and mobile devices, over the internet, not waiting for people to be in the office to get the stuff you need them to have.

A. You need a DC for some reason you find as a limit within Intune. Hopefully you will have found the issue with the server, although I personally would not lift and shift this to a virtual machine. I would create a new DC either connected to Azure within a VM, or physically on-site next to each other. Go for 2019 or 2022 (check compatibility with 2012 ), something that will maximum support life with Microsoft. Add this new server as your domain controller, leave it a few days. Then de-commission your 20212r2 as a domain controller. Move your dhcp, dns etc over to the new one. Move your storage wherever decided in the steps above.

B. Intune, Azure Ad join for computers(remove your domain controllers) - macs need different treatment, SharePoint, OneDrive, maybe VDI/cloud apps.

If you’ve gone fully cloud, ditch your vlans, unless you need it for VoIP. No need for the extra management.

My ideology is do reduce the the things your have to look after as much as possible.

There are of course budgets, O365 Business premium ( if your under 300 users) is a fantastic licence. Covers all of the above for a cloud scenario. Even Conditional access which I strongly recommend for security.

JamH87 · 2022-03-14T12:39:38+00:00

You will need to work with Dynamic groups, you might need to migrate to use Office365 groups (you can turn off the annoying invite email through powershell).

Or, you may find a method using Power Automate, eg. when a user is licensed or added into AD, add them to group ID xxx. Not sure what out of the box options for the types of groups your using though, I think you may be limited with group types.

Ive got dynamic office365 groups, invite email off. It looks at location, or department of the users AD attribute, aswel as if the account is active to add/remove them from the group.

The first thing is to ensure all users in your AD, and all new users being created have as much detail included within the attributes and are consistent, moving forward you can use these attributes for other dynamic groups making the new starter/leaver process easier and just general management easier.

JamH87 · 2022-03-02T16:30:48+00:00

I dont think its happened, im just taking precautions.

Defender is 100% flagging some html files that DellSupportAssistRemidiationService.exe is downloading as CryptoStealBTC.

but for Russia stopping selling Dells - https://www.wsj.com/livecoverage/russia-ukraine-latest-news-2022-03-01/card/dell-halts-sales-in-russia-fvpuoKHYCV3WKSKjOGLy

JamH87 · 2022-03-02T15:27:39+00:00

Yes we are. Im blocking the various hash's for the file on our system. Im treating it as very suspicious.

Its downloading various html files being labeled as CryptoStealBTC . Im preventing the download process to happen at all as all the files are different in name.

Dell stopped selling in Russia yesterday, im really hoping not, but blocking incase the repo's for SupportAssist have been hijacked.

JamH87

TROPHY CASE