How to fix: Cannot move or copy folders. Cannot copy folder. A top-level cannot…

The Error

When copy and paste folders/contacts in Outlook/Office 365 from/to public folders, the following error pops up.

Cannot move or copy folders. Cannot copy folder. A top-level cannot be copied to one of its subfolders. Or, you may not have approriate permissions for the folder. To check your permissions for the folder, right-click the folder, and then click Properties on the shortcut menu.

The Fix

1 Open Exchange admin center (https://outlook.office365.com/ecp)

2 Navigate to “public folder -> public folders”

Exchange admin center - public folders
Exchange admin center – public folders

3 Navigate to the public folder which is having the problem.

4 Assign that user as “Owner” of that specific public folder

Exchange admin center - public folders
Exchange admin center – public folders
Exchange admin center - public folders - Public folder permissions
Exchange admin center – public folders – Public folder permissions
Exchange admin center - public folders - Public folder permissions
Exchange admin center – public folders – Public folder permissions

5 Try the operation again, once finished, change back the permission for that user to “Author” or other permission.


Microsoft Office 365/O365 Administration links (Admin links, admin centers)

Office 365

https://www.office.com

Azure Portal

https://portal.azure.com

Azure Active Directory

https://aad.portal.azure.com

Device Management

https://devicemanagement.microsoft.com

Office 365 Cloud App Security

https://<company-name>.portal.cloudappsecurity.com

Microsoft 365 security center

https://security.microsoft.com

Microsoft 365 compliance center

https://compliance.microsoft.com

New Exchange Admin Center

https://admin.exchange.microsoft.com/

Classic Exchange Admin Center

https://outlook.office.com/ecp/

Microsoft Teams admin center

https://admin.teams.microsoft.com/

Office client management portal / Office cloud policy service

https://config.office.com/

Microsoft Store for Business

https://businessstore.microsoft.com/en-au/manage/dashboard

How to: Add/Remove Windows Autopilot devices (And assign group – Windows Autopilot deployment profiles)

Table of contents

  1. Method 1 – Via Microsoft Endpoint Manager admin center
  2. Method 2 – via Microsoft Store for Business
  3. Creating the CSV file
  4. *Bonus – Groups (Windows Autopilot deployment profiles)

Method 1 – Via Microsoft Endpoint Manager admin center

1.1 Navigate to Microsoft Endpoint Manager admin center or Endpoint Management

1.1.1 Login to Microsoft 365 admin center

1.1.2 Click on “Endpoint Management” to open “Microsoft Endpoint Manager admin center” or use this link: https://devicemanagement.microsoft.com/

Microsoft 365 admin center menu - Endpoint Management
Microsoft 365 admin center menu – Endpoint Management

1.1.3 Navigate to “Devices -> Enroll devices -> Windows Enrollment -> Devices”

Microsoft Endpoint Manager admin center - Devices Overview
Microsoft Endpoint Manager admin center – Devices Overview
Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment

1.2 Click on “Import” button

Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment - Windows Autopilot devices
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment – Windows Autopilot devices

1.3 It will ask for an CSV file containing

Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment - Windows Autopilot devices - Add Windows Autopilot devices
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment – Windows Autopilot devices – Add Windows Autopilot devices

1.4 Proceed to Section 3 to generate the CSV file then come back to step 1.3 to upload the CSV file

1.5 Now we can assign group for the device by using Group Tag. (Group needs to be created first in order to assign)

Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment - Windows Autopilot devices - Device properties
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment – Windows Autopilot devices – Device properties

Method 2 – via Microsoft Store for Business

2.1 Login to Microsoft Store for Business: https://businessstore.microsoft.com/ with administrator account

2.2 Proceed to Section 3 to generate the CSV file then come back to continue with step 2.3 to upload the CSV file

2.3 Navigate to “Devices”, click on “+ Add devices” button

Microsoft Store for Business -> Deices
Microsoft Store for Business -> Deices

2.4 Now we can assign group for the device by using “AutoPilot deployment” button (Group needs to be created first in order to assign)

3 Creating the CSV file

Microsoft Doc -> “Adding devices to Windows Autopilot” “Enroll Windows devices in Intune by using the Windows Autopilot” indicates that using following PowerShell script (Save to get-hwidinfo.ps1, then execute it with PowerShell in admin mode) will save required information in “C:\HWID\AutoPilotHWID.csv”

md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv

What happen is, it may fail at first and at the last step. Here is the fix.

If it’s saying File X:\get-hwidinfo.ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at https://go,microsoft.com/fwlink/?LinkID=135170

Follow this post to resolve it: Windows PowerShell: “… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at….”

If getting another error try following Workaround.

The Workaround

3.1 Save the following PowerShell script to “get-hwidinfo.ps1” then execute in PowerShell in admin mode

md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv

3.2 If it fails to output csv file in C:\HWID, save following script to “C:\HWID\Get-WindowsAutoPilotInfo.ps1” (This is version 1.6 not 1.4) (To copy the code, double click the code to select all)

<#PSScriptInfo
 
.VERSION 1.4
 
.GUID ebf446a3-3362-4774-83c0-b7299410b63f
 
.AUTHOR Michael Niehaus
 
.COMPANYNAME Microsoft
 
.COPYRIGHT
 
.TAGS Windows AutoPilot
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
Version 1.0: Original published version.
Version 1.1: Added -Append switch.
Version 1.2: Added -Credential switch.
Version 1.3: Added -Partner switch.
Version 1.4: Switched from Get-WMIObject to Get-CimInstance.
 
#>
<#
.SYNOPSIS
Retrieves the Windows AutoPilot deployment details from one or more computers
.DESCRIPTION
This script uses WMI to retrieve properties needed by the Microsoft Store for Business to support Windows AutoPilot deployment.
.PARAMETER Name
The names of the computers. These can be provided via the pipeline (property name Name or one of the available aliases, DNSHostName, ComputerName, and Computer).
.PARAMETER OutputFile
The name of the CSV file to be created with the details for the computers. If not specified, the details will be returned to the PowerShell
pipeline.
.PARAMETER Append
Switch to specify that new computer details should be appended to the specified output file, instead of overwriting the existing file.
.PARAMETER Credential
Credentials that should be used when connecting to a remote computer (not supported when gathering details from the local computer).
.PARAMETER Partner
Switch to specify that the created CSV file should use the schema for Partner Center (using serial number, make, and model).
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv -Append
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER1,MYCOMPUTER2 -OutputFile .\MyComputers.csv
.EXAMPLE
Get-ADComputer -Filter * | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv
.EXAMPLE
Get-CMCollectionMember -CollectionName "All Systems" | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER1,MYCOMPUTER2 -OutputFile .\MyComputers.csv -Partner
 
#>
[CmdletBinding()]
param(
    [Parameter(Mandatory=$False,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True,Position=0)][alias("DNSHostName","ComputerName","Computer")] [String[]] $Name = @("localhost"),
    [Parameter(Mandatory=$False)] [String] $OutputFile = "", 
    [Parameter(Mandatory=$False)] [Switch] $Append = $false,
    [Parameter(Mandatory=$False)] [System.Management.Automation.PSCredential] $Credential = $null,
    [Parameter(Mandatory=$False)] [Switch] $Partner = $false,
    [Parameter(Mandatory=$False)] [Switch] $Force = $false
)
Begin
{
    # Initialize empty list
    $computers = @()
}
Process
{
    foreach ($comp in $Name)
    {
        $bad = $false
        # Get a CIM session
        if ($comp -eq "localhost") {
            $session = New-CimSession
        }
        else
        {
            $session = New-CimSession -ComputerName $comp -Credential $Credential
        }
        # Get the common properties.
        Write-Verbose "Checking $comp"
        $serial = (Get-CimInstance -CimSession $session -Class Win32_BIOS).SerialNumber
        # Get the hash (if available)
        $devDetail = (Get-CimInstance -CimSession $session -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'")
        if ($devDetail -and (-not $Force))
        {
            $hash = $devDetail.DeviceHardwareData
        }
        else
        {
            $bad = $true
            $hash = ""
        }
        # If the hash isn't available, get the make and model
        if ($bad -or $Force)
        {
            $cs = Get-CimInstance -CimSession $session -Class Win32_ComputerSystem
            $make = $cs.Manufacturer.Trim()
            $model = $cs.Model.Trim()
            if ($Partner)
            {
                $bad = $false
            }
        }
        else
        {
            $make = ""
            $model = ""
        }
        # Getting the PKID is generally problematic for anyone other than OEMs, so let's skip it here
        $product = ""
        # Depending on the format requested, create the necessary object
        if ($Partner)
        {
            # Create a pipeline object
            $c = New-Object psobject -Property @{
                "Device Serial Number" = $serial
                "Windows Product ID" = $product
                "Hardware Hash" = $hash
                "Manufacturer name" = $make
                "Device model" = $model
            }
            # From spec:
            #    "Manufacturer Name" = $make
            #    "Device Name" = $model
        }
        else
        {
            # Create a pipeline object
            $c = New-Object psobject -Property @{
                "Device Serial Number" = $serial
                "Windows Product ID" = $product
                "Hardware Hash" = $hash
            }
        }
        # Write the object to the pipeline or array
        if ($bad)
        {
            # Report an error when the hash isn't available
            Write-Error -Message "Unable to retrieve device hardware data (hash) from computer $comp" -Category DeviceError
        }
        elseif ($OutputFile -eq "")
        {
            $c
        }
        else
        {
            $computers += $c
        }
        Remove-CimSession $session
    }
}
End
{
    if ($OutputFile -ne "")
    {
        if ($Append)
        {
            if (Test-Path $OutputFile)
            {
                $computers += Import-CSV -Path $OutputFile
            }
        }
        if ($Partner)
        {
            $computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash", "Manufacturer name", "Device model" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile
            # From spec:
            # $computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash", "Manufacturer Name", "Device Name" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile
        }
        else
        {
            $computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile
        }
    }
}

3.3 Launch PowerShell in admin mode, use following command to generate the csv file for the device

cd C:\HWID
.\Get-WindowsAutoPilotInfo.ps1-OutputFile AutoPilotHWID.csv

3.4 Now we should be able to see an “AutoPilotHWID.csv” file at “C:\HWID\AutoPilotHWID.csv”

4 *Bonus – Groups (Windows Autopilot deployment profiles)

Autopilot deployment profiles are used to configure the Autopilot devices. You can create up to 350 profiles per tenant.

To Create Profile, follow Step 1.1 to Step 1.1.3 (Instead of click on “Devices” click on “Deployment Profiles”)

For more information on different kind of settings for Profiles refer to Enroll Windows devices in Intune by using the Windows Autopilot

Resources:


How to fix: Microsoft SharePoint can’t share folders or files to external users (also Anyone with the link option is disabled)

Table of contents

  1. The Issue 1 – Your organization’s profile don’t allow you to share…
  2. Fix 1
  3. The Error 2 – “Anyone with the link” options is disabled/greyed out
  4. Fix 2

The Issue 1

When we trying to share a folder or file we get following error

"Your organization's profile don't allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it."
Send Link - Error: Your organization's profile don't allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it.
Send Link – Error: Your organization’s profile don’t allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it.

Also the “People in <site name> with the link” option is also disabled/blocked

The Fix 1

1 Make sure in the “SharePoint admin center” the settings is set to “Anyone” just in case (It should also work if set to “New and existing guests”) (http://companyname-admin.sharepoint.com or via admin center -> SharePoint)

admin center -> SharePoint
admin center -> SharePoint
SharePoint admin center -> Policies - Sharing
SharePoint admin center -> Policies – Sharing
SharePoint admin center -> Policies - Sharing
SharePoint admin center -> Policies – Sharing

2 Make sure “External Sharing” settings are correct as well (Click on “Limit external sharing to specific security groups” link from last screenshot) (https://companyname-admin.sharepoint.com/_layouts/15/online/ExternalSharing.aspx)

External Sharing
External Sharing

3 Make sure “Limited-access user permission lockdown mode” is “Deactivated” in “Site Collection Features” here is the steps

3.1 Open the site which is having the issue (https://companyname.sharepoint.com/sites/sitename)

3.2 Click on “Site contents” link

c
SharePoint

3.3 Click on “Site settings” from top right corner (https://company.sharepoint.com/sites/Sitename/_layouts/15/settings.aspx)

SharePoint - Site settings
SharePoint – Site settings

3.4 Click on “Site collections features” (https://companyname.sharepoint.com/sites/siteName/_layouts/15/ManageFeatures.aspx?Scope=Site)

SharePoint -> Site collection features
SharePoint -> Site collection features

3.5 Deactivate “Limited-access user permission lockdown mode”

SharePoint -> Site Collection Features
SharePoint -> Site Collection Features

4 Now we can share folder or file to external users without the error message

The Error 2 – “Anyone with the link” options is disabled/greyed out

"Anyone with the link"
 
"Your organization is preventing you from selecting this option."
SharePoint -> Anyone -> error
SharePoint -> Anyone -> error

The Fix 2

1 Open SharePoint admin center (https://companyname-admin.sharepoint.com/) Navigate to “Sites -> Active sites”

SharePoint admin center -> Sites -> Active sites
SharePoint admin center -> Sites -> Active sites

2 Click on the site which can’t use “Anyone with the link” option, then click on “Sharing”

SharePoint admin center - Active sites
SharePoint admin center – Active sites

3 Make sure “Anyone” is selected and click on “Save” button

SharePoint admin center - Active site - site - Sharing
SharePoint admin center – Active site – site – Sharing

4 Now “Anyone with the link” option is available

SharePoint admin center - Share file/folder - Anyone with the link
SharePoint admin center – Share file/folder – Anyone with the link

How to fix: Office 365 Autopilot – Error 640 StorageError

The Error

Internal error
ERROR CODE:
640 - StorageError
CSV LINE NUMBERS AFFECTED:
x
Office 365 Autopilot - Error 640 StorageError
Office 365 Autopilot – Error 640 StorageError

Usually it means the Office 365 has the device detail in the system.

Which means you have added the device to Office 365/Azure Active Directory (AAD) beforehand.

Even after you have removed the device from AAD from device settings.

The same error will appear if you try to import CSV again.

The Fix

Method 1: We can try add the device back to the AAD, then delete the device from Office 365/AAD not on the device.

Method 2: We can try to delete remove the device from Office 365/AAD from the device (not Office 365/AAD) then wait till next day or 24 hours, then try to import the CSV again.

How to: Hide/Show Office 365 group from GAL and other address lists using PowerShell

1 Login to Office 365 via PowerShell by following this guide: How to: Connect PowerShell to Office 365 Exchange with Multi-factor authentication (MFA) enabled

2 Use following PowerShell command to hide Office 365 group.

Set-UnifiedGroup -identity "Group Name" -HiddenFromExchangeClientsEnabled:$true

To show Office 365 group in GAL and other address lists use the following command

Set-UnifiedGroup -identity "Group Name" -HiddenFromExchangeClientsEnabled:$false

(The default value is $false, which means show in GAL and other address lists)

Extended Reading

Set-UnifiedGroup

How to fix: Excel can’t scroll

Sometimes Excel freezes the pane on the worksheets. The result is that we can’t scroll the worksheet.

Excel can't scroll
Excel can’t scroll

The Fix

1 Click on “View” Tab

2 Click on “Freeze Panes”

3 Click on “Unfreeze Panes”

Excel Unfreeze panes
Excel Unfreeze panes

4 Now try to scroll again, it works!

How to: Connect PowerShell to Office 365 Exchange with Multi-factor authentication (MFA) enabled

Keywords: Microsoft, Microsoft Windows, Microsoft Office 365, Microsoft Windows PowerShell, Microsoft Office 365 Exchange, Multi-factor authentication, MFA, ecp, connect to Microsoft Office 365 Exchange via PowerShell with MFA enabled

1 Use Microsoft Edge or Internet Explorer (You have to use Microsoft Edge or Internet Explorer for this one) to login to: https://outlook.office365.com/ecp/

2 Click on “hybrid”, find “The Exchange Online PowerShell Module supports multi-factor authentication. Download the module to manage Exchange Online more securely. Learn more” click on “configure”

Microsoft Office 365 Exchange admin center
Microsoft Office 365 Exchange admin center

3 Click on “Open” button from the browser

Microsoft Edge - Microsoft Office 365 Exchange admin center - hybrid - configure
Microsoft Edge – Microsoft Office 365 Exchange admin center – hybrid – configure

4 If you get a pop up asking “How do you want to open this?” Select “Microsoft Edge” then click on “OK” button

Microsoft Edge - "How o you want to open this?"
Microsoft Edge – “How o you want to open this?”

5 A Windows PowerShell window will pop up upon finishing downloading.

Microsoft Windows PowerShell
Microsoft Windows PowerShell

6 Enter following command and press “Enter” key (Change “[email protected]” to proper administrator email address)

Connect-EXOPSSession -UserPrincipalName [email protected]

e.g.

Connect-EXOPSSession -UserPrincipalName [email protected]

7 Sign with “Sign in to your account” pop up window, enter your password then authorise via MFA

Microsoft Windows PowerShell - MFA login
Microsoft Windows PowerShell – MFA login

8 The warning is fine, we can still use the PowerShell to manage Microsoft Office 365 Exchange

 Microsoft Windows PowerShell - Exchange logged in
Microsoft Windows PowerShell – Exchange logged in

Now, you have successfully connected to Microsoft Office 365 Exchange via Windows PowerShell.

Bonus:

You can use following command to list identity information from your groups

Get-UnifiedGroup -Identity "Group Name" | Format-List

e.g.

Get-UnifiedGroup -Identity "Financial" | Format-List

How to hide users from address lists (GAL/Global Address List etc.) By configuring Office 365/Exchange server

(This article is for Office 365/Exchange server Administrators)

Keywords: hide users from GAL, hide users from global address list, office 365, exchange server, hide users from address list, Office 365 administrator, O365

1 Login to https://outlook.office365.com/ecp with Office 365 Administrator account

2 Click on “recipients” -> double click on the name of the user you want to hide from address list

Microsoft Exchange admin center - recipients
Microsoft Exchange admin center – recipients

3 Check the “Hide from address lists” box, click on “Save” button

Microsoft Exchange admin center - User editor
Microsoft Exchange admin center – User editor

4 Wait for 2 minutes, check the Outlook Global Address List again, the hidden user should not appear in the list anymore.

Office 365 Mailbox/Shared mailbox Litigation hold

Shared Mailbox

1.1 Sign in from https://admin.microsoft.com then click on “Exchange” or use this link to open the “Exchange admin center” directly https://outlook.office365.com/ecp

Microsoft Office 365 admin center -> Exchange
Microsoft Office 365 admin center -> Exchange

1.2 Click on recipients -> shared -> double click on one of the shared mailbox

Exchange admin center -> recipients -> shared
Exchange admin center -> recipients -> shared

1.3 Click on mailbox features -> Enable (Under “Litigation hold: Disabled”)

Exchange admin center -> mailbox features
Exchange admin center -> mailbox features

1.4 You can click on “Save” button in next window, or specify hold duration in days, message you want to show to the user (If leave them empty, users will not know Litigation is enabled)

Exchange admin center -> litigation hold
Exchange admin center -> litigation hold

Users

2.1 Sign by following step 1.1

2.2 Following step 1.2 (Note: Instead of click on “shared”, this time we click on “mailboxes”)

2.3 Follow step 1.3 to 1.4

Extended reading:

In-Place Hold (Retention policy) and Litigation Hold: https://docs.microsoft.com/en-us/exchange/security-and-compliance/in-place-and-litigation-holds