Regaining Control Over Unmanaged GenAI Apps: New Microsoft Purview Enhancements in Edge

on
Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in  Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.  What’s Changing? Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process: Collection Policies now apply directly within Edge without needing a separate blocking configuration. DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules. DLP policies can operate in two mode...

Backup your Lync Enterprise 2010 Server to one zip file

on
It's been a couple of weeks since I posted the backup script for Lync 2010 Standard Edition (here), and I promised to be back with a similar script for the Enterprise edition. I must admit it took longer than I expected as I ran into some issues with the way the SQL server backup works. But here it is, tested on several systems and in working order.

Since it is very similar to the original SE, I'll only focus on the differences in this script, and a few things to look out for.

The biggest challenge was to understand why my SQL server backup failed. Once I figured out my "system error 5 (access denied)" error message, it was only a matter of "creativity" to make it work.

If you examine the two scripts you'll see the SQL server backup routine is almost identical. The difference is in the $dest statement. When you run a SQL server backup, remotely, as this script is set up to do, you actually run the backup as the remote SQL server service's user context. As a result, when the backup "device" is accessed from the SQL server, this is done through a share on the Lync server. And the SQL Server Service account must have write access to this share.

My way of solving this, was through creating a share with the script, access it, and delete it by the end.
#################################################################
# Creating a fileShare with everyone rigths
# If you already have provisioned a share, where you SQL_service user have full controll over,
# You may skip this.
#################################################################

$filepathshare = "c:\lyncbackup"
NET SHARE lyncbackup=$filepathshare "/GRANT:Everyone,FULL"

#################################################################            
# Deleting the fileshare
#################################################################

NET SHARE lyncbackup /y /delete
If you want to set up a permanent share, and restrict access to it, please feel free to do so.

Then the destination of the backup routine should be set to include this file share path

Here are a few things to consider before you run this on your own servers.
  • This script is for a Enterprise Edition Server.
  • The script has only been tested in single site topology. I suspect adjustments must be made for deployments with more than one site (If anyone would do so, or let me have access to such a deployment, please let me know)
  • This script has been tested with a co location of all databeses. If you require it to backup your Monitoring/archiving databases from seperate SQL servers, you must add these sources to the script.
  • The script should be able to run without any modification or input, unless you want to use other paths than I have entered. But, the script is set to map drive Y: to the Lync File Share. If this drive is already in use, you should change this to a drive not already in use.
  • The script must be run on a server where Lync PS is available, and this must be imported if you are to run this as a scheduled task (See the script for details).
  • If you want to backup your RGS information, you will have to install reskit tools as well (and import the script commands as I do in my script)
  • My script creates a directory C:\lyncbackup\, this may be edited if you like.
  • Certificates will only be backed up if you allowed for this when requesting and creating certificates.
  • The creation of the zipfile can take a while. The script finishes before the zipfile is finished (If anyone know how to wait for this task before quitting the script, please let me know).
  • I highly recommend you test the script in your Lab, before running in your production environment
That's all there is to it. All that's left for me to do, is to give you the link to the script: Backupscript - Enterprise EDT v1_2.ps1

As always, I appreciate feedback or suggestions on improvements.