Microsoft Office 365 is available in Mac App Store now

Last year Microsoft has promised that it’ll bring Microsoft office 365 on the Mac App Store and today is the day.

The statement by MS reads:

“We are excited to welcome Microsoft Office 365 to the all new Mac App Store in macOS Mojave. Apple and Microsoft have worked together to bring great Office productivity to Mac users from the very beginning. Now, with Office 365 on the Mac App Store, it’s easier than ever to get the latest and best version of Office 365 for Mac, iPad, and iPhone.”
—Phil Schiller, Apple’s senior vice president of Worldwide Marketing

  • Image result for office 365 apps mac

Office 365 apps are already available for Mac however, placing these app in Mac App Store gives the Mac users the capability to manage apps updates, control their installation and much more.

The Office 365 apps were supposed to be released last year but due to delay for unknown reasons they have postponed it to 2019.

Image of a MacBook open displaying Dark Mode in PowerPoint.

Download Office 365 from the Mac App Store.*

DOT/H Google Launches Secure DNS but not supported by Chrome yet

You might have heard that very recently Google has launched their DNS over TLS which is based on their Google Public DNS service the most commonly used DNS recursive resolver worldwide.

In a statement Google published the following article


Google Public DNS is the world’s largest public Domain Name Service (DNS) recursive resolver, allowing anyone to convert Internet domain names like into Internet addresses needed by an email application or web browser. Just as your search queries can expose sensitive information, the domains you lookup via DNS can also be sensitive. Starting today, users can secure queries between their devices and Google Public DNS with DNS-over-TLS, preserving their privacy and integrity.


(DOH) Support for Google Chrome

Although the service is now available however, you still can’t use it on your Windows 10 OS since Microsoft didn’t add the support yet. Linux OS like Ubuntu supports DOT.


Alternative Browsers with DOH support

Firefox’s Nightly browser which is dedicated to power users or developers already have the support for DNS over HTTPS (DOH) and upon testing it I could clearly see no indication of any plain text in my wireshark traffic for the websites that I have visited.

I used as an example to see if whether Wireshark would show the requested website in the DNS filtered traffic. Using Firefox Nightly, didn’t show any DNS result in Wireshark.



Checking result with Chrome

visiting on Chrome gave a different result. Here everything is clear text. Although I am using Simple DNScrypt app but still exposes the DNS traffic.



Even if I changed the DNS settings on my NIC to (cloudflare’s DOT) it would still show the result on Wireshark.




On November 3rd 2018, Chromium released the following article stating:


Add DoH UI setting. This CL adds a UI setting allowing users to enable DNS over HTTPS (DoH). Users may select a DoH server from a dropdown menu of preapproved options or enter a DoH server of their choosing. Bug: 878582 Test: out/Default/chrome –enable-features=”SecureDnsSetting” Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I1138c3b8e77aea10a0d4e8a542b889a285a1a492


How to secure your Windows 10 ? 

Lots of tools out there that support Dns over TLS, one of them is dns simple DNSCrypt which uses the protocol dnscrypt. The application can be used temporarily or as a service. 

Windows 10 

I have installed the tool on my Windows 10 as a service and ran a test to see if resolving Google or any other domain would come as clear text but result was negative. 

The app uses various range of DNS recursive resolver services like Google, Cloudflare, Freesta… etc 

To Encrypt your DNS traffic, use Simple DNSCrypt

No More Privacy, Says Microsoft and MasterCard

MONITORING SOCIETY. Mobile Bank ID and Swish were just the beginning. Now, Mastercard and Microsoft are to produce digital identities for everyone. Your identity should be known no matter what you do. The system will also simplify for increased invasion of racial strangers to the West.

Microsoft Logo

Last Month, Mastercard and Microsoft announced in a joint communication that they intend to produce new digital identity documents for all people, who will work in all contexts.

All choices and social actions performed in agreements with authorities and companies must be linked through this new digital identity document that will always prove your identity and your actions.

The new identity document should “simplify” our interactions, no matter what we do. It should also be used to verify Facebook users and the like.

“To vote, drive, search for jobs, rent a home, get married and board an aircraft: All such acts mean you have to prove your identity. Together with Microsoft, we work to create a universally valid digital identity document, ”writes Mastercard in his communication.


Mastercard explains the companies’ new projects as follows:

Verifying their identity on the Internet is still dependent on physical or digital evidence handled by a central player, whether it be a passport number, accounting address, driver’s license, user identities or other things.

This dependency puts a heavy burden on individuals who must be able to remember hundreds of passwords for different identities, and they must perform increasingly complex actions to prove their identity and manage their data.

Mastercard and Microsoft aim to provide people with a safe and fast way to verify their identity to anyone, whenever they want.

The answer to these challenges is a service that lets users enter, control and share their identity data in their own ways – on devices they use every day. This is Mastercard’s intention, in close collaboration with players such as Microsoft.

– Today’s digital identity landscape is a jungle, inconsistent; and what works in one country often does not work in another. We have the opportunity to establish a system that puts people first and gives them control over their identity data and where they are used, ”says Ajay Bhalla , head of cyber and information solutions at Mastercard.

“By working with Microsoft, we are one step closer to the realization of a globally interoperable digital identity service,” continues Bhalla.

The new digital identities will create opportunities for new and improved user experiences for people who interact with businesses, service entities and virtual networks, such as:

  • Financial Services : Enhance and speed up identification processes to open new bank accounts, create loans, or make payments.
  • Kommers : Enable a more individualized and effective shopping experience both on the Internet and in business, regardless of the form of payment, portable device or service provider.
  • Contact with authorities : Simplification of communication with authorities and services, such as declaring income, ordering pass documents, voting or ensuring that your contributions are paid.
  • Digital Services : Streamlined and simpler ways to use email, social media, music and movie streaming services and car pools.

A new way of managing one of the cornerstones of life
– The digital identity is a cornerstone of how people live, work and entertain themselves every day, says Joy Chik , Microsoft’s vice president of identities.

– We believe that individuals should have control over their digital identity and data, and we are enthusiastic about working with Mastercard to give life to new decentralized innovations, says Chik.

This digital solution will also solve many common challenges:

  • Identity conclusion : Over one billion people, the majority of them women, children and refugees, do not have official identity. A digital identity can improve their access to health, money and social services.
  • Identity Verification : A single, reusable digital identity can help people interact with a vendor, bank, authority, and impersonal other digital service broker with greater integrity, lower cost, and less friction.
  • Fraud Prevention : A single digital identity can reduce the number of payment fraud and various forms of identity theft.

Displeased individuals can be immediately blocked all over the world
With integrated systems, it is easy to lock identities for all or selected forms of transactions. An identity that is used for a purpose that displeases some of the more influential operators, can with some keystrokes be prevented from, for example, taking bank loans, opening a bank account, starting a car or flying aircraft. This may apply, for example, to “suspected Muslim terrorists”.

A nationalist who is opposed to the globalized world can with the coming system be prevented from voting in elections so that “undemocratic parties” cannot flare up, and so on.

This is nothing that is written in the communiqué, but it is technically easy to manage the identity in this way. The purpose of the new digital identities is that all people’s identity should be transparent and undoubtedly identifiable. All their doings and songs should always be obvious and easy to trace and “manage”.

Logical development
Mastercard has previously had global payment solution projects that will facilitate migration across the world. Financial man George Soros , together with Mastercard and the UN, have various migration projects where “refugees” get access to bank accounts and payment solutions in order to more easily infiltrate the West.

At the same time, the UN’s new global migration agreement – which among other things Norway and the Swedish transitional government that governs overtime intends to write on December 10 – aims, among other things, to reduce transaction costs for “refugees” who want to move financial resources from their new contributing industrialized host countries, to the countries from which they have fled.

With Mastercards, Microsoft’s and the UN’s new global ventures, the “friction” will thus decrease between what the racially invasive invaders and the asylum seekers want from the West, and the fulfillment of these desires.

Microsoft Exchange 2013–2016-2019 Security Vulnerability (URGENT)

CVE-2019-0586 | Microsoft Exchange Memory Corruption Vulnerability


Yesterday Microsoft has published an KB article about a security threat to Exchange 2013-2016 and 2019.

The article mentions CU10-CU11 for Exchange 2016, CU21 for Exchange 2013 and RTM version of Exchange 2019 as well.

I spoke to Microsoft of whether this issue affects earlier CU versions for Exchange and they confirmed it



Vulnerability details:

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.


Download link:


Lync 2013 to Skype for Business in-place upgrade with Monitoring database

This article guides you through the steps of doing an in-place upgrade from Lync 2013 to Skype for business. I am copying the article as is from my lab with all the errors that I have been through to give you a real experience feed back of what is this like.

You might get issues that you have never expected, but resolving them is not that hard and if you have any issues please don’t hesitate to leave a comment and I will get back to help you.


Extensible Chat Communication Over SIP protocol (XCCOS)

From <>


Lync CU 5

Kb2533623 Windows Server 2008 R2

Kb2858668 Windows Server 2012

KB2982006 Windows Server 2012 R2!38654&authkey=!AE9IJKbMPtkge8U&ithint=file%2cexe

SQL 2012 SP2 for Express version


First Issue:

Upon running the setup I have got the following error:

Prerequisite not satisfied: Internet Information Services (IIS) must be installed before attempting to install this product.

Prerequisite not satisfied: The following Internet Information Services (IIS) role services must be installed before attempting to install this product: Static Content, Default Document, HTTP Errors, ASP.NET, .NET Extensibility, Internet Server API (ISAPI) Extensions, ISAPI Filters, HTTP Logging, Logging Tools, Tracing, Client Certificate Mapping Authentication, Windows Authentication, Request Filtering, Static Content Compression, Dynamic Content Compression, IIS Management Console, IIS Management Scripts and Tools

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install an update for Windows Server 2012 R2. For details about the update, see Microsoft Knowledge Base article 2982006, “IIS crashes occasionally when a request is sent to a default document in Windows 8.1 or Windows Server 2012 R2” at

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft ASP.NET 4.5 by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install the ASP.NET 4.5 role service of the Web Server (IIS) role.

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft Windows Communication Foundation Activation by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install WCF Services and HTTP Activation, which are included with the Microsoft .NET Framework 4.5 feature.




I will re-run prerequisites to make sure that all are satisfied before running setup again.

STEP 1 : Installing Prerequisites

Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Dir-Browsing, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Server-Media-Foundation, BITS, Desktop-Experience, Telnet-Client

Updated aug-2018



STEP 2: Installing CU5

Download and install CU5



After the restart we will apply the update of the databases which in my case is going to be the FQDN of the FE server since it’s standard version and not Backend server.

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn lyncfe01.adeo.local -Verbose



Time to upgrade the Archiving/Monitoring databases.

To upgrade we’ll use the same command except change the FQDN of the SQL server to the SQL server where Monitoring and Archiving databases are at.

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn sql01.adeo.local -Verbose




Applying CMS upgrade


Install-CsDatabase -CentralmanagementDatabase -SqlServerFqdn Lyncfe01.adeo.local -SqlInstanceName rtc -verbose



Then run enable-cstopology

Last thing in the CU5 update is

%ProgramFiles%\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe



Step 3 : Installing Windows OS hotfix.

KB2982006 Windows Server 2012 R2

Since the FE is on Windows Server 2012 R2 then we’ll need to download this link!38654&authkey=!AE9IJKbMPtkge8U&ithint=file%2cexe

RESTART is Required


STEP 4 : Install SQL Service Pack 2 (Express) for your Lync Front end Standard Edition

First Download SQL Express SP2 setup


You can patch the server by opening a Lync Management Shell window and entering the following commands:


.\SQLEXPR_x64_ENU.exe /ACTION=Patch /allinstances /IAcceptSQLServerLicenseTerms









Step 5: SQL Server (Standard or Enterprise) for (Monitoring, Archiving)


My SQL Server version is SP1 so I don’t need to upgrade it to SP2


Step 6- In-place Upgrade for Skype For Business

In order to do the in-place upgrade, we’ll need to use a machine that doesn’t have Lync 2013 to install the new Topology builder and do the upgrade process

On a different Machine that’s joined to the same domain, I will run the prerequisites script and restart the machine. then I’ll load the Skype for business ISO and install







We’ll now press on Installing Administrative tools




Now in order to continue we’ll have to open the topology builder in order to upgrade our Lync 2013 topology

I’ll open the topology builder and save the topology file somewhere


Once the topology is open, I’ll navigate to the Standard FE Servers and right click on my main server to upgrade



I’ll click on Upgrade to Skype for Business Server 2015…


As soon as you press Yes, the Frontend server that you selected will be moved under the Skype For Business Server 2015 tab as you can see below.


Since I have two FE servers (FE and SBS) I will be upgrading them both but not in the same time not not fall into any errors, so I will publish the topology and see what happens.



We’ll check what do we need to do now in order to upgrade the servers, here is what we’ll do.

Import existing normalization rules from the previous Skype for Business Server deployment. If you want to keep your existing normalization rules you will need to import them using the Import-CsCompanyPhoneNormalizationRules cmdlet. If you have separate normalization rules for each pool then you will need to run the command for each set.

To perform an in-place upgrade of your Skype for Business Server, you’ll need to do the following, in order:

(1) Stop the Skype for Business services on all of the servers that you are upgrading;

(2) Run Skype for Business Server setup (Setup.exe) on all of the servers you are upgrading;

(3) Start the Skype for Business services on all of the servers you upgraded. To start the services in a Front End pool, connect to one of the servers in the pool and run the Start-CsPool cmdlet. All the servers in the pool should be running Skype for Business Server before you use the Start-CsPool cmdlet. To start the services in all other pools (e.g. Edge pool, Mediation pool), run the Start-CsWindowsService cmdlet on every server in the pool;

Server FQDN: lyncfe01.adeo.local, Pool FQDN: lyncfe01.adeo.local

On Lync FE 01 I’ll stop all the services using Stop-cswindowsservice


Now on the same server I’ll load the Skype4B ISO and start the setup





Started at 1:40pm








The required time for the upgrade process is estimated around 75-90 Minutes for each FE Server.



Starting ‘Verifying upgrade readiness…’

‘Verifying upgrade readiness…’ completed successfully

Starting ‘Installing missing prerequisites…’

‘Installing missing prerequisites…’ completed successfully

Starting ‘Uninstalling roles…’

‘Uninstalling roles…’ completed successfully

Starting ‘Detaching database…’

‘Detaching database…’ completed successfully

Starting ‘Uninstalling local management services…’

‘Uninstalling local management services…’ completed successfully

Starting ‘Installing and configuring core components…’

‘Installing and configuring core components…’ completed successfully

Starting ‘Installing administrative tools…’

‘Installing administrative tools…’ completed successfully

Starting ‘Installing local management services…’

‘Installing local management services…’ completed successfully

Starting ‘Attaching database…’

‘Attaching database…’ completed successfully

Starting ‘Upgrading database…’

‘Upgrading database…’ completed successfully

Starting ‘Enabling replica…’

‘Enabling replica…’ completed successfully

Starting ‘Installing roles…’

‘Installing roles…’ completed successfully

Starting ‘Verifying installation…’

‘Verifying installation…’ completed successfully


Upgrade the SBS (Survivable Branch Server) in the pool to Skype4B



Publish the topology


I’ll stop the service before I start the upgrade process.


I’ll load the ISO on the second server and start the upgrade.






Apparently I forgot to update Lync to the latest CU





Install Exchange 2019 Core using PowerShell

You probably already know that Exchange 2019 RTM has been released and even CU1 is about to come too.

But what’s interesting about 2019 is that it has a lot of new features, some that lot of people wanted to have in legacy versions especially for security, performance, resiliency and scalability.


As per Microsoft Security has been improved to suit the needs of corporations removing all vulnerable ciphers and follow best practices.

Security: Exchange Server 2019 requires Windows Server 2019. In fact, we recommend installing Exchange Server 2019 onto Windows Server 2019 Server Core. Exchange Server 2019 installed on Windows Server 2019 Core provides the most secure platform for Exchange. You also have the option of installing Exchange 2019 onto Windows Server 2019 with Desktop Experience, but we have worked hard to make sure running Exchange on Server Core is the best choice for our code.

We’re aware all media for Windows Server 2019 and Windows Server, version 1809 has been temporarily removed and Microsoft will provide an update when refreshed media is available. Exchange Server 2019 will be fully compatible with version 1809, and the refreshed version.

We also built Exchange Server 2019 to only use TLS 1.2 out of the box, and to remove legacy ciphers and hashing algorithms. To understand how this affects coexistence with earlier versions, please reference our previous series of postson TLS.

Regarding Performance, Microsoft has released the following statement:

Performance: We’ve done significant work to allow Exchange Server to take advantage of larger core and memory packed systems available in market today. With our improvements, Exchange Server can use up to 48 processor cores and 256GB of RAM.

We’ve re-engineered search using Bing technology to make it even faster and provide better results, and in doing so have made database failovers much faster, and administration easier.

We’re adding dual storage read/write capabilities to Exchange Server 2019 using Solid State Drive (SSD) technology to provide a super-fast cache of key data for improving end user experience. We also talked about this in our Email Search in a Flash! Accelerating Exchange 2019 with SSDs session at Ignite.

We also changed the way database caching works to allocate more memory to active database copies, again improving the end user experience. You can learn more about Dynamic Database Cache from Welcome to Exchange Server 2019!video and slides.

The improvements we have made to Exchange Server 2019 will enable you to scale to a larger number of users per server than ever before, use much larger disks, and see the latency of many client operations being cut in half.


Installing Exchange 2019 on Core is something that’s been recently supported, along with other features like in-place upgrade from Exchange 2016 to Exchange 2019.

In this guide we’ll go through the process of installing Exchange 2019 using PowerShell starting from naming the server, joining it to the domain and installing prerequisites of Exchange 2019.

Configuring Static IP address:

In order to give a static IP address to the machine from Windows Core we’ll be using the following script:

Assuming you have subnet with mask /24 and gateway we will use the below script to provide the machine with an IP.

$wmi = Get-WmiObject win32_networkadapterconfiguration -filter “ipenabled = ‘true'”

$wmi.EnableStatic(“”, “”)

$wmi.SetGateways(“”, 1)




Join Domain

Exchange must be part of the domain which you’re using in your lab / Production environment. next we’ll be joining this machine to our domain using the following script:

First we’ll change the hostname, restart and then join the domain


Change Computer name:

Rename-Computer -NewName “Exch2019” -DomainCredential WIN-EPM2CRB5MN9\administrator –Restart


Join the domain

add-computer –domainname -Credential cloud-tech\administrator -restart –force


After restarting


Configuring Drives:

Since I am doing a lab test only, I will use the default C drive to install Exchange, but if you’d want to configure a second Drive please let me know and I will add that part as well.



List volume




Installing Prerequisites – Exchange 2019 on Windows 2019 Core


​EX2019 will require 2012R2 AD FFL​

Check out your windows Version first for compatibility









GUI Version of Windows 2019

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS



Windows 2019 Core

Install-WindowsFeature RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Metabase, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, RSAT-ADDS, Server-Media-Foundation



After installing prerequisites, Installing UCMA

For UCMA on Windows Core you need to get a certain UCMA customized in order to work with Windows 2019 core.

After Extracting and copying the file to the C root drive

The setup file is called Ironmansetup.exe




















After the Installation of UCMA, there will be another requirement,

Visual C++ Redistributable Packages for Visual Studio 2013



.\setup.exe /InstallWindowsComponents /CustomerFeedbackEnabled:False /LogFolderPath:C:\Logs\db4 /DbFilePath:C:\Mailbox\Database01\Database01.edb /MdbName:Database01 /DisableAMFiltering /IAcceptExchangeServerLicenseTerms /roles:mb,mt











Setting URLS


I will be upgrading this with the latest Windows 2019 releases since this installation was done with Microsoft Windows 2019 Preview edition

For any consultation requirements please contact me or

Thank you