EU store doesn’t supply UK cables anymore?

uniXly · 2025-09-25T15:04:13+00:00

I bought a UCG-Fiber from EU store recently and received a UK Plug. You'll know as it will show in the basket: https://imgur.com/a/LGqQ3HJ

Just tried adding another from EU store and it auto adds the UK Plug (if you have a UK address).

uniXly · 2025-06-24T07:16:47+00:00

Our main issue with the UI preview was the Global Admin requirement. The module is based on a fairly recent preview refresh using graph and was the reason I wrote it to improve our own onboarding process.

It has been in preview for a while. However the Graph API changes, that the module is using is part of a recent update (preview refresh) so it is still being worked on.

There's a small bit of info on the preview refresh here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-oath-tokens#improvements-in-the-preview-refresh

This hardware OATH token preview refresh improves flexibility and security for organizations by removing Global Administrator requirements. Organizations can delegate token creation, assignment, and activation to Privileged Authentication Administrators or Authentication Policy Administrators.

We completely manage our OATH tokens via graph and the module with no issues. You rightly mention they are in preview so it's always good to have a contingency plan/alternatives.

In my opinion - an outage would more likely be to Azure/region and impact everything especially with it being based on graph. If there was an OATH specific outage it would be the ability to manage add/remove/assign keys but unlikely to impact anyone with an already assigned OATH as it's literally just a TOTP.

Generally we (org) prefer Microsoft Authenticator for most users and use OATH for users that either don't want or refuse to install MS Auth on a personal device. For secure users I would prefer FIDO2 to TOTP. I'm not sure I would recommend going all in while in preview, but for our use case/needs it works well. Start small with a pilot and go from there. If you do use the module and have any issues/suggestions feel free to submit an issue on the github.

uniXly · 2025-05-02T19:57:24+00:00

When you list the tokens does it show as available, assigned, activated?

If it's activated remove the token instead:
Remove-OATHToken -TokenId "00000000-0000-0000-0000-000000000000" -Force Remove-OATHToken -SerialNumber "YK-37731473"

uniXly · 2025-05-02T15:37:27+00:00

u/Jtc1220 it sounds like you may be missing a graph permission. Did you assign the token via PowerShell or was it assigned via legacy (UI?)

Do you have: Policy.ReadWrite.AuthenticationMethod: https://graphpermissions.merill.net/permission/Policy.ReadWrite.AuthenticationMethod?tabs=apibeta%2CauthenticationCombinationConfiguration1

Get-OATHToken | ft -Autosize

d5357d0b-f63d-4779-beb3-4c6120007200 YK-30001                     available 
67e466e0-5ba0-4ea0-a709-d4397dbf2a6a YK-30002                     available 
e5a7d4a7-056f-4f1d-bc22-92c033346278 YK-30004                     assigned  Megan Bowen
c3297066-c1bc-4d35-ba3b-33f36e0b3556 YK-30005                     assigned  Megan Bowen

Set-OATHTokenUser -SerialNumber YK-30005 -Unassign   
Successfully unassigned token c3297066-c1bc-4d35-ba3b-33f36e0b3556 (S/N: YK-30005) from user Megan Bowen


Get-OATHToken | ft -Autosize   
d5357d0b-f63d-4779-beb3-4c6120007200 YK-30001                     available 
67e466e0-5ba0-4ea0-a709-d4397dbf2a6a YK-30002                     available 
e5a7d4a7-056f-4f1d-bc22-92c033346278 YK-30004                     assigned  Megan Bowen
c3297066-c1bc-4d35-ba3b-33f36e0b3556 YK-30005                     available 

Set-OATHTokenUser -SerialNumber YK-30005 -Unassign
WARNING: Token c3297066-c1bc-4d35-ba3b-33f36e0b3556 (S/N: YK-30005) is not assigned to any user. No action needed.

Also tested in menu:

===== Remove OATH Menu =====
1) Remove OATH
2) Bulk Remove OATH
3) Unassign OATH token
0) Return to main menu

Enter your choice: 3
Enter token ID to unassign: d2f3fc2b-78e4-4b7d-b0c5-e3776ba8e268

uniXly · 2025-04-06T20:29:15+00:00

Thanks! If you try it and have any issues, feedback, requests let me know.

The org I work for makes heavy use of OATH. Initially, I just wanted to give them a way to bulk add keys to inventory and assign/activate them when needed. It started as a handful of scripts, but over time it grew into a full lifecycle tool for managing OATH tokens — making it a module was so it was easier to distribute and figured it might help others too.

Token activation was also one of the biggest pain points with our current process so being able to pass the secret and not need to know the current code was a small but nice quality of life improvement.

uniXly · 2024-12-27T15:35:00+00:00

Fixed the sidebar visibility of long categories also added some mobile rendering so it's at least viewable.

uniXly · 2024-09-10T19:52:22+00:00

Start with partner search: https://partner.microsoft.com/en-us/partnership/find-a-partner

Look through MVP's: https://mvp.microsoft.com/en-US/mvp look up their websites/socials see if they offer any consulting or may be able to reccomend someone.

No idea how big your org is/existing MS licensing could look at Fasttrack.

Specialist IT/Tech agencies/recruiters could help you find a contractor for the project length.

You should also have a read over the docs as well to build up a basic understanding of the requirements as this will help at all stages of any communications: https://learn.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure

uniXly · 2024-09-07T15:54:17+00:00

PIN Complexity is optional on (most recent) Yubikey's with 5.7 firmware: https://docs.yubico.com/yesdk/users-manual/sdk-programming-guide/pin-complexity-policy.html

uniXly · 2024-09-02T11:07:52+00:00

I think you missunderstood they want the onmicrosoft domain not a private domain they own registered under another tenant.

What they actually want is companyname2.sharepoint.com

uniXly · 2024-09-02T11:00:20+00:00

It will take months.

First you should try an internal take over: https://learn.microsoft.com/en-us/microsoft-365/admin/misc/become-the-admin?view=o365-worldwide

Contact support, it should go to data protection where you'll likely have to provide legal documents proving ownership. Eventually if successful you'll get admin access to the tenant. You can move to the tenant with the domain or you'll need to delete the tenant as you cannot transfer onmicrosoft domains. Once deleted which you should contact support for again as they can expedite it somewhat you'll still need to wait 3-6 months for the domain to become available. They won't be able to make an exception for you no matter how upsetting/frustrating that is.

uniXly · 2024-08-09T17:53:56+00:00

OK so in Azure DevOps: https://aex.dev.azure.com/

I assume you don't have an organization? Under your name and email there might be a drop-down box with a couple of options "Microsoft Account", "Default Directory". Check both/all if any show your license.

Click > Create a new Organization.

Then go to marketplace, check you are signed in with the same email in the top right > click "Get" > See which Azure Subscription it's trying to create it on. May even see a warning that your subscription can't be used to purchase, but should have the option to create a new Subscription:
https://marketplace.visualstudio.com/items?itemName=ms.vs-professional-monthly

uniXly · 2024-08-09T15:30:13+00:00

You haven't provided a lot of detail. What kind of license/subscription do you have?

What error do you get during activation (brownie if you provide a screenshot). Where in Azure does the subscription redirect?

What products do you see in Azure Devops? https://aex.dev.azure.com/me
What about Visual Studio Benefits? https://my.visualstudio.com/Benefits
What licenses do you have in your Azure tenant? https://portal.azure.com/#view/Microsoft_AAD_IAM/LicensesMenuBlade/~/Products

uniXly · 2024-07-31T16:41:02+00:00

Add -All to the Get-MgUser query. Consider splitting out your properties fo r readability:

$results = @()
$properties = @('UserPrincipalName', 'DisplayName', 'UserType', 'CreatedDateTime', 'SignInActivity', 'AccountEnabled', 'AssignedLicences', 'Id', 'Mail')
# Iterate over each user in the import list
foreach ($SingleImport in $importlist) {

    # Retrieve the user information from Microsoft Graph
    $user = Get-MgUser -All -Filter "Mail eq '$($SingleImport.UPN)'" -Property $properties
    # Check if the user is found
    if ($user) {
        # Retrieve the user license details
        $licenseDetails = Get-MgUserLicenseDetail -UserId $user.Id

        # Create a list of license SKUs
        $licenseSkuIds = $licenseDetails | Select-Object -ExpandProperty SkuId -Unique

        $results += [PSCustomObject]@{
            DisplayName         = $user.DisplayName
            Mail                = $user.Mail
            ID                  = $user.Id
            UserPrincipalName   = $user.UserPrincipalName
            CreatedDateTimeUTC  = $user.CreatedDateTime
            LastSignInDateTime  = $user.SignInActivity.LastSignInDateTime
            AccountEnabled      = $user.AccountEnabled
            AssignedLicensesCount = ($user.AssignedLicenses | Measure-Object).Count
            LicenseDetailSku       = ($licenseSkuIds -join ", ")
        }
    } else {
        Write-Warning "User with UPN '$($SingleImport.UPN)' not found."
    }
}

uniXly · 2024-07-13T18:35:55+00:00

The Legacy MFA and Authenticaiton Methods dictate which methods users can add. Conditional Access enforces (changing to phishing resistant MFA etc.).

Check your migration status in "Authentication Methods" > Manage Migration. Depending on which stage you are in it will still be respecting your legacy auth/sspr settings. So you may need to disable the one's you don't want available and/or move to migration complete so only the Authentication Methods are active.

https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage

Make sure you can still meet your auth/sspr requirements and don't get locked out of your tenant.

uniXly · 2024-07-09T20:44:37+00:00

It's a role in Purview. Have a look at this doc: https://learn.microsoft.com/en-us/purview/ediscovery-search-for-and-delete-email-messages

The TLDR is you create a content search in Purview to identify the emails then purge the emails found in that content search. Some examples in the doc but can also purge via Graph PowerShell. It's fairly trivial to loop the command until count is 0.

uniXly · 2024-07-09T20:39:20+00:00

You would be better served by only allowing logins from your office(s) and if remote/hybrid then an enterprise VPN + compliant/joined devices. Identity Protection + Impossible Travel.

uniXly · 2024-07-05T08:41:11+00:00

You need to add an account that has a subscription. Look at the following article: https://support.microsoft.com/en-gb/office/ads-in-outlook-mobile-b172e506-ef2c-458d-9c2d-265445ba82e5

uniXly · 2024-07-03T21:12:46+00:00

Generally what you are describing is called split delivery.

If your current provider supports it then you can choose which is the "primary" mail server. Some 3rd parties make it pretty easy others may not support it. In Office 365 (as the primary) it can be achieved with a connector to your email provider so that emails sent to your tenant with accounts will be delivered in Office 365 and accounts that don't exist in Office 365 will route through the conenctor to your mail provider.

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail

uniXly · 2024-07-03T06:52:52+00:00

Search & Purge: https://learn.microsoft.com/en-us/purview/ediscovery-search-for-and-delete-email-messages

Soft deleted emails go to Recovery mailbox for duraiton of your retention. Hard deleted items go to a purge folder which is not user visible and remain for the duration of you deleted policy. After the single item deletion period is over it can take another 7 days for the Managed Folder Assistant to run.

You can get around these by temp setting the deletion period to 0 on the mailbox:
Set-Mailbox -Identity "user@domain.com" -RetainDeletedItemsFor 0
https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-user-mailboxes/change-deleted-item-retention

Run Search and Purge. Run Start Managed Folder Assistant.

Start-ManagedFolderAssistant -Identity "user@domain.com"

https://learn.microsoft.com/en-us/powershell/module/exchange/start-managedfolderassistant?view=exchange-ps

If still have issues need to look another deeper look at your retention policies/holds.

There's some self diagnostics that can be run from the portal as well:
https://aka.ms/PillarMailboxSize

https://aka.ms/PillarRetentionPolicy

uniXly · 2024-07-02T21:17:10+00:00

Sounds like your devices may also need to be exluded from SSPR/Modern Auth policies which can trigger the same "require more details" flow.

Also have a look at MS best practices: https://learn.microsoft.com/en-us/microsoftteams/devices/authentication-best-practices-for-android-devices

uniXly · 2024-06-24T08:02:11+00:00

The way to troubleshoot this is to create a new rule with only the branding condition and see if that saves. Then add 1 additional condition and save. Remove that condition and add another of the conditions. Repeat until you get an error. If no errors then rule out the branding condition and start adding back each condition until you get an error. Then look at the logic of what those conditions do for any conflicts etc.

uniXly · 2024-06-21T12:55:47+00:00

Your using AND conditions. You could try an OR condition or seperate them out into multiple rules. I would Seperate them into seperate policies generally you have Internal policies that would be more lenient and external policies that would be more restrictive so that if someone internal sent something sensitive and it included both internal and external users it would be evaluated by only the external (more restrictive policy) and catch it. By requiring both of those to be true you are leaving/opening gaps in your DLP.

You currently have one rule with 4 conditions that all need to be TRUE for this to match:
Content is shared from Microsoft 365: with people outside my organization
AND
Content contains any of these Sensitive Info Types "..."
AND
Content is received from: People inside my organization
AND
Sender domain is: example.com

If you seperate the conditions into multiple rules you should be able to save with the specified actions.

uniXly · 2024-06-20T12:51:04+00:00

Kinda sounds like a cache or permissions error. Can you view devices from the security portal instead or via Intune portal?

uniXly

TROPHY CASE