Tag Archives: PowerShell

Bursary winner shares learning from InfoSec 2018 with colleagues and future IT professionals

Haydn Tarr
IT Service Development Manager
The University of Chichester

 

InfoSecurity Europe 2018 Conference

Back in June 2018, I was very fortunate to be offered the UCISA bursary to attend InfoSecurity Europe conference in London. InfoSec as a conference offers attendees insights into the latest trends surrounding information security, and largely focusses on cyber security threat prevention and mitigation.
Attending this conference was refreshing for me in two ways. I was exposed to a number of new and emerging themes and it was great to meet new people with exciting ideas, and a real drive to provide a safe, digital environment for colleagues and customers. I hope that with this blog post, I can give you a sense of my overall experience and share some of the information from the event.
Throughout the years I have supported The University of Chichester’s IT infrastructure journey from being based solely on site, to having a blend of both hosted and on-premise deployments. As Chichester grows both in terms of its IT deployment but also in numbers of students, staff members and other types of users, it is inevitable that our cloud footprint will grow too. With this, my role is focussing more and more on security whilst enabling digital transformation projects, which, by their own nature have implications when it comes to protecting the data of our user-base. One of the things I value most from being able to attend InfoSec was being able to share Chichester’s story with other representatives from both commercial and non-profit organisations and learn that they were too, facing the same challenges.

It’s not a case of ‘if’, but ‘when’….

A common discussion point which came up regularly at InfoSec was prevention and mitigation methods against cyber-attacks. However, vendors and consumers generally agree that total prevention isn’t guaranteed and that it’s only a matter of time until an organisation’s next cyber incident. One session that I attended, had determined the average time taken to expose a breach is 191 days. For some organisations this presents potential cultural challenges as the workforce isn’t always empowered to blow the whistle when a breach is identified. Should a breach be discovered from outside the organisation however, the repercussions could be irreparable. One of my personal takeaways from InfoSec from the sessions was using repositories such as ‘haveibeenpwned.com’ and cross referencing these with our global email address lists to determine if any of email addresses had been leaked. Someone was even so kind as to point me in the direction of the PowerShell script which carries out the comparison, which we’re still using regularly now.

Old tricks are still the most effective

In the sessions and general conversations, email continues to thrive as the primary threat to an organisation’s information security. Email attacks have been at play for over twenty years now and yet commercial, education and non-profit organisations are still struggling to deal with these attacks. It was reassuring to hear that we weren’t alone in this battle.
I took many technical recommendations away with me from the conference, such as providing banners on external emails, identifying cloned addresses and recommendations to use Office 365’s security assessment, which identifies any vulnerabilities in your tenancy and makes the appropriate recommendations.

In light of the above, what was promising to hear is that many organisations are attempting to strike a balance between prevention measures and training. Implementing proactive measures to prevent threats is the immediate go-to action, however, both commercial organisations and HEIs are investing more into providing user training and assessing their security vulnerabilities within the workforce. I came out of InfoSec in high spirits, knowing that in the absence of an unlimited budget for investing in security measures, we are fortunate to have at Chichester an open dialogue with our students and staff with regards to awareness of cyber threats and good digital security practice in a modern University.

Reflections and future prospects

InfoSec really broadened my horizons to information security in a way that I hadn’t been exposed to previously. So much so that it has had an impact on my academic studies where leadership in cyber security forms the main subject area of the final year dissertation for my master’s. Recently I have been invited into teaching sessions to talk with degree apprenticeship students about some of the subject areas covered at InfoSec in the hope that it could have a positive impact in their professional lives.
Lastly, I would like to extend my gratitude once more to UCISA for providing me with the opportunity to visit InfoSec.
Interested in finding out more about a UCISA bursary, then visit UCISA Bursary Scheme.

SharePoint migration from MySites to OneDrive for Business

Tristian O’Brien
SharePoint Technical Specialist
University of Brighton

Blog entry syndicated from my other blog that runs on GHOST.

I maintain a set of PowerShell scripts and processes to migrate many MySites from SharePoint 2010 to OneDrive for business.

As we know, PowerShell can automate many processes that you could perform using the user interfaces of SharePoint on premise or in the cloud.

So the general idea is to:

  • use a mapping file, where we have at least two columns. Column A in the windows on-premise username. Column B is the Office 365 (O365) login. I do have a third column, which is the destination OneDrive, but since this is almost usually the OneDrive logon, where any ‘@’ or ‘.’ are escaped as ‘_’
  • populate this file or database table with the users that you want to migrate
  • using PowerShell iterate through this list and
  • set users on-premise MySite to read only – I upload a separate master page and change the page status for this
  • in O365, assume the user is setup, licensed and provisioned. We use an account that has global admin rights in O365.
  • in O365, make sure that the global admin has access to the users OneDrive by adding it as a secondary admin
  • use ShareGate PowerShell to migrate the data. I know this is a cheat, but there are many reasons to use ShareGate such as insane mode, using Azure Storage and logging. Here are some other thoughts on Azure Storage.
  • when content has migrated successfully, timestamp the user profile on-premise with a date migrated value – later on we deploy some timer jobs to with delete or recycle after a specified time period.

Take a sneak peek at the https://github.com/devacuk/UoBMigration.  This is some code that I prepared for the dev.ac.uk event co-hosted by UCISA and JISC in February 2018. Slides are available here.  Much of the knowledge I accrued in order to do this are as a result of being awarded a UCISA bursary that paid the costs of travel, conference entrance fee and accommodation to MicroSoft IGNITE 2017.  For blogs on Microsoft Ignite, click here

I strongly suggest that if you do work in IT for a UK Higher Education institution, that you apply for the bursary yourself. Where this particularly helped is that I attended sessions about the latest developments in PowerShell, the tooling and Office 365. I found it particularly valuable to meets engineers from Microsoft Azure, ShareGate, MetaLogix and other vendors of migration products.

The only downside is that it is a corporate event, so one particular query about how and when any throttling of content into and out of Office 365 may occur, didn’t really get any answers from Microsoft, as I guess this kind of detail is a trade secret, I get that.

ShareGate offered some good advice on their experience with organisations way bigger than my institution, in that if you use their tools to manually migrate, use different tabs for different migration tasks. If using it in its PowerShell guise, then split the job up. Although managing that particular task would be a challenge in terms of organisation. I guess you could containerise the server using say Docker but ShareGate licenses would be needed for those individual containers I guess.

Another aspect of IGNITE is the sheer scale if it. I had planned to attend various sessions, but this wasn’t always possible due to sessions being placed far apart, overcrowding at some times and the warm weather. If I went again, I would be prepared for that though.

This blog post also appears on http://blogs.brighton.ac.uk/tristianobrien/

Interested in finding out more about a UCISA bursary, then visit UCISA Bursary Scheme.

UCISA welcomes blog contributions and comment responses to blog posts from all members. If you would like to contribute a new perspective or opinion on a current topic of interest, simply contact UCISA’s marketing manager Manjit Ghattaura via manjit.ghattaura@it.ox.ac.uk

 

The views expressed on UCISA blogs are the authors’ and do not necessarily reflect those of UCISA