If you’re using a Proxy server in your firewall or in your network and have AD Connect or/and Pass Through Auth agents installed on any of your servers, you will need to configure those agents to make sure they can see the proxy because setting up the proxy in your Internet Explorer or in your WinHTTP settings is not enough.
Azure AD Connect
For ADConnect to work behind Proxy better to use this miiservers.exe.config file which is located in
You will have to add the Proxy config in the last section of the File like in this screenshot
For PTA: you have to update this file
After setting up the Proxy on both servers/agents, You might have to restart the server as sometimes restarting services is not enough.
Please let me know if you have any issues or addition to the article.
I got a request from a client who constantly gets CVs and have to download them for the hiring managers to review them and wanted to get some way an automated mechanism of downloading all those emails.
Googling lead me to the exchangelib project which is a great python source for such a purpose. I built my local lab of the following servers to test it
AD 2016 moh10ly.local
Exchange 2016 = exch01.moh10ly.local
AAD = Another 2016 server to test from
I built my local Certification authority and made sure that all servers has the CA installed to avoid any issues on python.
If you are going to use this on your production environment you can basically install Python anywhere even on your own computer and it should work if EWS is exposed and Autodiscover is configured propely and have a valid and trusted 3rd party Certificate.
However, If you would like to schedule this to work on a daily basis and let it download attachments from mailbox then you’ll need a server or at least a computer to rely on that it would be on when the scheduled task works.
Prerequisites :
Windows Server 2016:
Download and install latest version of Python 3.10
If you’re doing this on a local Lab without a trusted 3rd certificate you’ll need to make sure to export your certificatation Authority Certificate in CER format, copy the cert and add it to the end of Python root PEM.
Testing Scenario
I created two mailboxes on my local Exchange server lab
I have sent myself an email to info@moh10ly.com with 3 attachments in it as you can see.
Setup a server to use to download all attachments from the mailbox.
Enter your Exchange server configuration. Since autodiscover didn’t work for me as I don’t have a public certifiate so I went ahead and placed the server configuration.
Configure the local path of where you want to save attachments to on the server where this code is going to be launched from. in my code example I have created a folder called “Temp” on the C root drive and that’s what I will use.
You can pickup a different local path by changing the /temp path in the line “local_path = os.path.join(‘/temp‘, attachment.name)”
import os.path
from exchangelib import Account, FileAttachment, ItemAttachment, Message
some_folder = account.inbox
for item in some_folder.all():
for attachment in item.attachments:
if isinstance(attachment, FileAttachment):
local_path = os.path.join('/temp', attachment.name)
with open(local_path, 'wb') as f:
f.write(attachment.content)
This by now should be working fine and you should see that it is saving all your mailbox attachments to the folder that you have configured in the path section of the code.
Complete code to run
Working config
from exchangelib import DELEGATE, IMPERSONATION, Account, Credentials, EWSDateTime, EWSTimeZone, Configuration, NTLM, GSSAPI, CalendarItem, Message, Mailbox, Attendee, Q, ExtendedProperty, FileAttachment, ItemAttachment, HTMLBody, Build, Version, FolderCollection
credentials = Credentials(username='moh10ly\info', password='Bc12345$')
ews_url = 'https://mail.moh10ly.com/EWS/exchange.asmx'
ews_auth_type = 'NTLM'
primary_smtp_address = 'info@moh10ly.com'
config = Configuration(service_endpoint=ews_url, credentials=credentials, auth_type=ews_auth_type)
account = Account(
primary_smtp_address=primary_smtp_address,
config=config, autodiscover=False,
access_type=DELEGATE)
import os.path
from exchangelib import Account, FileAttachment, ItemAttachment, Message
some_folder = account.inbox
for item in some_folder.all():
for attachment in item.attachments:
if isinstance(attachment, FileAttachment):
local_path = os.path.join('/temp', attachment.name)
with open(local_path, 'wb') as f:
f.write(attachment.content)
-----------------
#To download all attachments in the inbox:
for item in account.inbox.all():
for attachment in item.attachments:
if isinstance(attachment, FileAttachment):
local_path = os.path.join('/sky', attachment.name)
with open(local_path, 'wb') as f, attachment.fp as fp:
buffer = fp.read(1024)
while buffer:
f.write(buffer)
buffer = fp.read(1024)
print('Saved attachment to', local_path)
Installing Microsoft Azure Threat Protection (ATP) on Linux Devices
While playing with ATP on some windows devices, I was in the mood of trying the new Deepin 20 desktop flavor which is a famous Chinese Linux OS based system.
Microsoft doesn’t indicate anywhere that installation of ATP on a Linux client is possible but Linux server is mentioned in the official ATP installation documents.
How to Install?
After I installed the Deepin OS, I was really impressed by the new beautiful Linux design so I plan to use it and have it secure with ATP.
Prerequisites:
Configure the Linux software repository for Ubuntu and Debian
Application Installation
Download the onboarding Package
Client Config
1-Configure the Linux software repository for Ubuntu and Debian
You will need to install the required libraries, install Gpg, apt-transport-https and update repository metadata using the following commands one by one.
After successfully installing all the libraries, I will go ahead and install the application
2- Application Installation
From the Linux client Terminal using sudo power user run the following script
sudo apt-get install mdatp
Once finished, You can go back to the ATP portal and download the Linux Onboarding package on the linux server/client you want to onboard
3- Download the onboarding Package
Since I am doing a single deployment not bulk, then I will go to the Microsoft Defender Security Center’s setting page and download the Linux package from the device management section.
The steps for the onboarding is already mentioned on that page so after you download the script you’ll know exactly what to do next.
The file is 9kb python in size
Copy the file to your Linux Desktop
4- Client Config
From the terminal type in chmod a+x MicrosoftDefenderATPOnBoardingLinuxServer.py and hit enter
Note: python must be installed on this linux dervice.
Then type python /MicrosoftDefenderATPOnBoardingLinuxServer.py
This will run pretty quick and will assign your Linux server/client with your Organization ID.
To see the Organization ID type:
mdatp –health orgId
Few minutes later you’ll be able to see the installation completion and the status through this command
Check if WDATP is functioning as expected
mdatp –health healthy
Check if WDATP agent is enabled
mdatp –health realTimeProtectionEnabled
Let’s check on our ATP portal and see if the machine is showing there.
Note: It might take 5-15 mins to update the definitions of WDATP when onboarding.
