Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




764 posts

Ultimate Geek

Trusted

# 208617 20-Feb-2017 00:51
Send private message

I have a client with an Exchange Online (365) email account that was originally setup by their previous tech who is no longer on speaking terms with my client. The account is now up for renewal and the tech is trying nasty blackmail techniques before they'll release the login and password and details they used to set this up. I have limited experience of this so wondered if there was a method of gaining access? I don't fancy my chances dealing with MS themselves. Any help gratefully accepted . 





Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 300 performed here so far. See: www.hillcrest.net.nz


Create new topic
Mr Snotty
8764 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1722850 20-Feb-2017 01:11
Send private message

I've had this before and it is indeed quite nasty. You could try talking to Microsoft and asking them if they're able to verify your domain via a TXT record (like they did with the initial verification). This way, you're able to verify you're indeed the domain holder and hopefully get you admin access in the process.

 

That's what I've done years ago however not sure of the process these days.





1245 posts

Uber Geek


  # 1722854 20-Feb-2017 06:56
One person supports this post
Send private message

Get the partner of record changed to the new tech then the new tech will be able to make the necessary changes

 
 
 
 




764 posts

Ultimate Geek

Trusted

  # 1723175 20-Feb-2017 18:01
Send private message

This has been worse than getting teeth pulled so far. I've spoken to 2x CSR's in the Microsoft Office 365 Data Protection Team and after extended explanations they've both sent me off to the Password Recovery process that assumes I'm the original IT Pro with their email address and mobile number. I knew this wouldn't be easy, but they just don't seem to grasp the situation. If only Nathan Mercer was around? Maybe he'd be able to help. 





Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 300 performed here so far. See: www.hillcrest.net.nz


861 posts

Ultimate Geek


  # 1723181 20-Feb-2017 18:19
Send private message

Are there any users that are a password admin?

 

If so they could reset the admin account password.

 

Failing that, I think the only thing you could do is migrate them as a new tenant using something like sky kick or migration whiz.

 

As you don't have the admin you wont be able to use impersonation, you will have to have everyone's password.

 

Good luck.

 

John

 

 





I know enough to be dangerous


783 posts

Ultimate Geek


  # 1723185 20-Feb-2017 18:31
Send private message

In before OP realizes it's just a bad client who shortchanged the former IT guy or something.


352 posts

Ultimate Geek


  # 1723188 20-Feb-2017 18:34
Send private message

how the  authentication setup - if adfs, then reset his password on the local domain and login, same if it password sync, but wait 30 min, if it pure AAD, then it talk to your MS account manager if you got one to start jumping up and down, if not, it will be log call with MS and keep pushing up the support level till get to someone that can a: verify the account and b: reset the password.

 

 

 

edit: when you get the account back, setup more then one global admin, one of which is lock away in a safe for a "oh, what you mean we have no admin left" days.


5136 posts

Uber Geek

Trusted
Microsoft

  # 1724729 22-Feb-2017 20:45
2 people support this post
Send private message

Spong:

This has been worse than getting teeth pulled so far. I've spoken to 2x CSR's in the Microsoft Office 365 Data Protection Team and after extended explanations they've both sent me off to the Password Recovery process that assumes I'm the original IT Pro with their email address and mobile number. I knew this wouldn't be easy, but they just don't seem to grasp the situation. If only Nathan Mercer was around? Maybe he'd be able to help. 



I miss you too

I don't really know anything about this any more, but I FW this thread onto someone else still at MSNZ who will know what to do.

Your admin almost sounds like blackmail. Very short sighted thing to do in the small World we live in now

 
 
 
 




764 posts

Ultimate Geek

Trusted

  # 1724787 22-Feb-2017 22:26
Send private message

Well the end result was that we just couldn't get any further with this. The Microsoft Office 365 Data Protection team simply wouldn't budge because the blackmailer - the previous IT person (A South African guy, not that it's relevant) who had been negligent in several areas, had setup and owned the account, and had ensured all details relating to the Global Administrator were his. Obviously we couldn't provide his credentials. MS have strict guidelines and follow them to the letter it seems. 

 

It seems this could happen to others, so it surprises me that Microsoft don't appear to have a system in place to deal with it. The USA based CSR admitted they'd seen this before. The end result has been that my client (the domain holder and owner of the business) has given in and paid the ransom, despite being against his principles, as it was cheaper than the alternative of transferring the domain to a new account and losing the existing history. 

 

...Ransomware without the benefit of a backup...





Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 300 performed here so far. See: www.hillcrest.net.nz


1926 posts

Uber Geek

Trusted
Subscriber

  # 1724801 22-Feb-2017 22:56
One person supports this post
Send private message

If you've got the information, your client can now sue the guy.

Blackmail is blackmail and a crime - even if setttled in civil court, the guys name will come up in future searchs,

And as another poster said.... nz is a very small place, and blotting your own copybook is indeed very dumb.





________

 

Antonios K

 

Click to see full size


1831 posts

Uber Geek


  # 1724921 23-Feb-2017 09:37
Send private message

antoniosk: If you've got the information, your client can now sue the guy.

Blackmail is blackmail and a crime - even if settled in civil court, the guys name will come up in future searchs,

 

In general, as none of us have all the facts....  :-)

 

Often, in cases like this, its a simply a case of IT not co-operating untill they get paid whats owed them
Its not blackmail or extortion if that IT guy is just refusing to help or deal with them while money is owing, or a contact was broken.
Ive worked at companies where that has happened .Some IT guys will even use remote access and secretly starting causing issues untill paid.
Or, could be the IT guy is just a nasty piece of work, who knows ?

 

Suing is really just throwing $10K++ at lawyers. Not a realistic or quick option for many small business.

 

 


38 posts

Geek

Trusted

  # 1724989 23-Feb-2017 10:25
One person supports this post
Send private message

Hi guys, you can contact Office 365 Billing Support, and they can run you through an Admin ACCOUNT reset, by requesting proof of identity, company letter head and proof of domain ownership. The customer must initiate this and contact them on 0800 194 197. Note however that MS will not get involved in issues where there is debts owing and a tenant is setup and completely managed by a 3rd party. Note also that a delegated admin and Partner of record can reset p/w anytime, so you would have to remove these as well.

 

 

 

Its a worthwhile reminder that like an on premise server, customers should always control the admin login and password details for THEIR servers/services.

 

Any issues reach out to me on nzcloud@microsoft.com

 

 

 

 





Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22


Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29


Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21


New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.