IdFix – Pre AdConnect assessment for your on-prem AD

IdFix is a tool to discover and remediate identity problems pre synchronization to Azure Active Directory.

To use IdFix you will need:

  • A domain joined computer / server
  • A user account with at least read access to the AD objects

The process is really straightforward.

Get IdFix from here:

Install and open IdFix, then click on “Query”.

After the process has been completed you will be shown all the problems you might have with your environment, if any.

Screen shot of the tool running
Image from

If no errors are shown, or you are confident you can work around them, you can begin the synchronization.


Set up synchronization:

Microsoft guide on how to use IdFix:

Enable Known Folder Move using regedit – OneDrive

Known Folder Move is a “new” functionality in OneDrive that enables you to seamlessly recreate the same user experience across multiple devices .

Expecially useful in a Windows Virtual Desktop / VDI environment, it automatically syncs all the “Known Folders” (Desktop, Documents, Pictures etc.) when a user logs in.

To enable it via Registry Editor you’ll first have to get your tenant ID. Find it here under “Directory ID”:

Then you can proceed to create a new string value in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive

Name: KFMSilentOptIn

Value: Insert your Office 365 Tenant ID

How to cancel a reservation – Azure

To cancel a reservation you have to have specific permissions on the reservation order. The permissions are not inherited from the subscription, so… contact who created the reservation (or just open a ticket with the Azure Engineers).

Once you have the right account, (or you’ve been given the permissions) go to the reservations tab in the Azure Portal. It’s best to have at least a couple of people who have permissions on the resource. To get to the reservations tab follow the link below:

Select the reservation you want to cancel and click on the name of the resource.

From the top click on “Refund”

Click on return reserved instances once you see the “Refund subtotal” pop up

Please refer to the following docs for additional informations:

Project Freta

Project Freta is a newly announced offer from Microsoft, which aims at discovering any malware or rootkit running on Linux systems, by conducting memory forensic analysis automatically. The analysis is conducted at no cost and is very easy to extrapolate the data, democratizing the forensic process.

Project Freta was designed and built with survivor bias at its core. It is a security project designed from first principles to drive the cost of sensor evasion as high as possible and in many cases render evasion technically infeasible.

Mike Walker

At the moment there are more than 4,000 supported kernel versions.

The process is very useful because the malware cannot “hide” himself, since the image processing system is non-intrusive to the VM, giving analysts a complete view on what’s running and potentially bad for the server.

The supported memory images formats are the following:

  • vmrs
  • lime
  • core
  • raw

The memory can be captured using various tools, such as:

  • vmss2core (VMware)
  • Hyper-V Manager
  • AVML 

The tool works by analyzing an image uploaded on the cloud. Once the image has been acquired, you can let the program scan it.

This image has an empty alt attribute; its file name is image-1.png

Please refer to this guide to extract the images:

Read the full announcement:


Move resources request is blocked by an Azure Backup job.

Error message:

The move resources request contains resources like “*OsDisk*” that are being backed up as part of a Azure Backup job. Browse the link for information

If you encounter this error check if the VM’s backup is stopped. If it’s stopped you need to remove the istant snapshot that has been created by the system:

  1. Find the location of your virtual machine.
  2. Find a resource group with the following naming pattern: AzureBackupRG_<location of your VM>_1. For example, AzureBackupRG_westus2_1
  3. In the Azure portal, check Show hidden types.
  4. Find the resource with type Microsoft.Compute/restorePointCollections that has the naming pattern AzureBackup_<name of your VM that you're trying to move>_###########.
  5. Delete this resource. This operation deletes only the instant recovery points, not the backed-up data in the vault.
  6. After the delete operation is complete, you can move your virtual machine.

List source:

VM has reported a failure when processing extension ‘joindomain’ – AVD

If you encounter this error while creating a new VM from the host pool wizard, try following these suggestions to solve the issue, or at least drill down on the problem:

  • Check whether you can resolve your domain from your VNET
  • Check what DNS Servers are configured on your VNET, correct accordingly (follow this guide: Change VNet DNS Servers)
  • Check if you have permissions to join the domain using the credentials you provided
  • Check if the specified credentials are correct
  • Check if the domain to join (and the OU), specified in the wizard, is correct (parameters in the JSON: domainToJoinouPathexistingDomainUPNexistingDomainPassword).
  • Try to join a VM to the domain from the same network and subnet

If all the above are met, you should be able to join the VM successfully to the domain. If not, at least you should have more context to further troubleshoot the issue.

Microsoft Assessment and Planning (MAP) Toolkit – Minimum user requirements to run a scan

To scan the servers / PCs using the MAP Toolkit, you will need an AD user with administrative privileges on all the components to scan.

This will be enough if you need a report of what’s installed on a series of servers/clients, their roles, and all “local” related queries, or basic AD queries.

For Exchange related queries, you will need an Exchange Admin or Domain Admin.
Please refer to the following TechNet page for the full requirements:

Enable SMTP AUTH for a mailbox – Office 365

If you try to set up a printer / external device with SMTP you might encounter an authentication error.

This is caused by the fact that Microsoft now disables SMTP AUTH for the tenant and the new mailboxes created on Office 365 by default.

To enable SMTP AUTH for a mailbox follow this steps:

  • Go into Users
  • Click Active Users
  • Select the user
  • Click Mail
  • Click Manage email apps
  • Enable Authenticated SMTP by flagging it
  • Save

This might take a couple of hours before it’s activated.

To check where it’s enabled use the following command:


If it returns False under SmtpClientAuthenticationDisable, then it’s enabled.

To enable it for the whole organization send the following PS command:

Set-TransportConfig -SmtpClientAuthenticationDisabled $true

Error opening directory /mnt in Azure Storage Explorer for Linux

When you try to upload files in Azure Storage Explorer from the /mnt or /media partition, you get a permission denied error.

The error is related to the snap version of Azure Storage Explorer. This is a common error with snap applications.

To fix, from snap, enter Azure Storage Explorer, then click Permissions.

From there enable “Read/write files on removable storage devices”

Activate Azure Update Management for on premise servers using Log Analytics

i. Log Analytics workspace
ii. Azure Automation Account

From the Log Analytics Workspace, click Connect a data source
Save the Workspace ID and Workspace key
Install the agent on the server, providing the Workspace ID and Key found in the workspace

Go into the automation account, then from the left into update management
Enable update management on the VM by clicking on “Click to manage machines”

You can then see the missing updates and create an update deployment

Please allow up to 24hrs for all the servers to show up (it usually takes about an hour)

Quick troubleshooting for generic OneDrive issues

Here are some common troubleshooting steps that can be used if you are experiencing issues with OneDrive:

  1. Exit the OneDrive Desktop App and open it again
  2. Check for Disk space in the local PC. Check if the storage quota on OneDrive has been reached
  3. Check if the file path has exceeded the 255 characters quota or the 15 GB quota
  4. Right click the OneDrive icon, then go under Settings, Office and deselect “Use Office to sync Offices files that i open”. Save, exit, then enable it again.
  5. Reset OneDrive using the following command. No data will be lost: %localappdata%\Microsoft\OneDrive\onedrive.exe /reset
  6. If after the reset you don’t see any folder listed as synchronized on the device start the synchronization again from SharePoint. After you synchronize the first one the others will pop back up in the synchronized folders tab.