PowerShell – Hyper-V Cmdlets

Check out: PowerShell Vault, PowerShell Category, Azure Cmdlets, SCCM Cmdlets, PowerShell Cmdlets, AD Cmdlets

Add-VMDvdDrive	Adds a DVD drive to a virtual machine.
Add-VMFibreChannelHba	Adds a virtual Fibre Channel host bus adapter to a virtual machine.
Add-VMGroupMember	Adds group members to a virtual machine group.
Add-VMHardDiskDrive	Adds a hard disk drive to a virtual machine.
Add-VMMigrationNetwork	Adds a network for virtual machine migration on one or more virtual machine hosts.
Add-VMNetworkAdapter	Adds a virtual network adapter to a virtual machine.
Add-VMNetworkAdapterAcl	Creates an ACL to apply to the traffic through a virtual machine network adapter.
Add-VMNetworkAdapterExtendedAcl	Creates an extended ACL for a virtual network adapter.
Add-VMRemoteFx3dVideoAdapter	Adds a RemoteFX video adapter in a virtual machine.
Add-VMScsiController	Adds a SCSI controller in a virtual machine.
Add-VMStoragePath	Adds a path to a storage resource pool.
Add-VMSwitch	Adds a virtual switch to an Ethernet resource pool.
Add-VMSwitchExtensionPortFeature	Adds a feature to a virtual network adapter.
Add-VMSwitchExtensionSwitchFeature	Adds a feature to a virtual switch.
Add-VMSwitchTeamMember	Adds members to a virtual switch team.
Add-VmNetworkAdapterRoutingDomainMapping	Adds a routing domain and virtual subnets to a virtual network adapter.
Checkpoint-VM	Creates a checkpoint of a virtual machine.
Compare-VM	Compares a virtual machine and a virtual machine host for compatibility, returning a compatibility report.
Complete-VMFailover	Completes a virtual machine’s failover process on the Replica server.
Connect-VMNetworkAdapter	Connects a virtual network adapter to a virtual switch.
Connect-VMSan	Associates a host bus adapter with a virtual storage area network (SAN).
Convert-VHD	Converts the format, version type, and block size of a virtual hard disk file.
Copy-VMFile	Copies a file to a virtual machine.
Debug-VM	Debugs a virtual machine.
Disable-VMConsoleSupport	Disables keyboard, video, and mouse for virtual machines.
Disable-VMEventing	Disables virtual machine eventing.
Disable-VMIntegrationService	Disables an integration service on a virtual machine.
Disable-VMMigration	Disables migration on one or more virtual machine hosts.
Disable-VMRemoteFXPhysicalVideoAdapter	Disables one or more RemoteFX physical video adapters from use with RemoteFX-enabled virtual machines.
Disable-VMResourceMetering	Disables collection of resource utilization data for a virtual machine or resource pool.
Disable-VMSwitchExtension	Disables one or more extensions on one or more virtual switches.
Disable-VMTPM	Disables TPM functionality on a virtual machine.
Disconnect-VMNetworkAdapter	Disconnects a virtual network adapter from a virtual switch or Ethernet resource pool.
Disconnect-VMSan	Removes a host bus adapter from a virtual storage area network (SAN).
Dismount-VHD	Dismounts a virtual hard disk.
Enable-VMConsoleSupport	Enables keyboard, video, and mouse for virtual machines.
Enable-VMEventing	Enables virtual machine eventing.
Enable-VMIntegrationService	Enables an integration service on a virtual machine.
Enable-VMMigration	Enables migration on one or more virtual machine hosts.
Enable-VMRemoteFXPhysicalVideoAdapter	Enables one or more RemoteFX physical video adapters for use with RemoteFX-enabled virtual machines.
Enable-VMReplication	Enables replication of a virtual machine.
Enable-VMResourceMetering	Collects resource utilization data for a virtual machine or resource pool.
Enable-VMSwitchExtension	Enables one or more extensions on one or more switches.
Enable-VMTPM	Enables TPM functionality on a virtual machine.
Export-VM	Exports a virtual machine to disk.
Export-VMSnapshot	Exports a virtual machine checkpoint to disk.
Get-VHD	Gets the virtual hard disk object associated with a virtual hard disk.
Get-VHDSet	Gets information about a VHD set.
Get-VHDSnapshot	Gets information about a checkpoint in a VHD set.
Get-VM	Gets the virtual machines from one or more Hyper-V hosts.
Get-VMBios	Gets the BIOS of a virtual machine or snapshot.
Get-VMComPort	Gets the COM ports of a virtual machine or snapshot.
Get-VMConnectAccess	Gets entries showing users and the virtual machines to which they can connect on one or more Hyper-V hosts.
Get-VMDvdDrive	Gets the DVD drives attached to a virtual machine or snapshot.
Get-VMFibreChannelHba	Gets the Fibre Channel host bus adapters associated with one or more virtual machines.
Get-VMFirmware	Gets the firmware configuration of a virtual machine.
Get-VMFloppyDiskDrive	Gets the floppy disk drives of a virtual machine or snapshot.
Get-VMGroup	Gets virtual machine groups.
Get-VMHardDiskDrive	Gets the virtual hard disk drives attached to one or more virtual machines.
Get-VMHost	Gets a Hyper-V host.
Get-VMHostCluster	Gets virtual machine host clusters.
Get-VMHostNumaNode	Gets the NUMA topology of a virtual machine host.
Get-VMHostNumaNodeStatus	Gets the status of the virtual machines on the non-uniform memory access (NUMA) nodes of a virtual machine host or hosts.
Get-VMHostSupportedVersion	Returns a list of virtual machine configuration versions that are supported on a host.
Get-VMIdeController	Gets the IDE controllers of a virtual machine or snapshot.
Get-VMIntegrationService	Gets the integration services of a virtual machine or snapshot.
Get-VMKeyProtector	Retrieves a key protector for a virtual machine.
Get-VMMemory	Gets the memory of a virtual machine or snapshot.
Get-VMMigrationNetwork	Gets the networks added for migration to one or more virtual machine hosts.
Get-VMNetworkAdapter	Gets the virtual network adapters of a virtual machine, snapshot, management operating system, or of a virtual machine and management operating system.
Get-VMNetworkAdapterAcl	Gets the ACLs configured for a virtual machine network adapter.
Get-VMNetworkAdapterExtendedAcl	Gets extended ACLs configured for a virtual network adapter.
Get-VMNetworkAdapterFailoverConfiguration	Gets the IP address of a virtual network adapter configured to be used when a virtual machine fails over.
Get-VMNetworkAdapterRoutingDomainMapping	Gets members of a routing domain.
Get-VMNetworkAdapterTeamMapping
Get-VMNetworkAdapterVlan	Gets the virtual LAN settings configured on a virtual network adapter.
Get-VMProcessor	Gets the processor of a virtual machine or snapshot.
Get-VMRemoteFXPhysicalVideoAdapter	Gets the RemoteFX physical graphics adapters on one or more Hyper-V hosts.
Get-VMRemoteFx3dVideoAdapter	Gets the RemoteFX video adapter of a virtual machine or snapshot.
Get-VMReplication	Gets the replication settings for a virtual machine.
Get-VMReplicationAuthorizationEntry	Gets the authorization entries of a Replica server.
Get-VMReplicationServer	Gets the replication and authentication settings of a Replica server.
Get-VMResourcePool	Gets the resource pools on one or more virtual machine hosts.
Get-VMSan	Gets the available virtual machine storage area networks on a Hyper-V host or hosts.
Get-VMScsiController	Gets the SCSI controllers of a virtual machine or snapshot.
Get-VMSecurity	Gets security information about a virtual machine.
Get-VMSnapshot	Gets the checkpoints associated with a virtual machine or checkpoint.
Get-VMStoragePath	Gets the storage paths in a storage resource pool.
Get-VMSwitch	Gets virtual switches from one or more virtual Hyper-V hosts.
Get-VMSwitchExtension	Gets the extensions on one or more virtual switches.
Get-VMSwitchExtensionPortData	Retrieves the status of a virtual switch extension feature applied to a virtual network adapter.
Get-VMSwitchExtensionPortFeature	Gets the features configured on a virtual network adapter.
Get-VMSwitchExtensionSwitchData	Gets the status of a virtual switch extension feature applied on a virtual switch.
Get-VMSwitchExtensionSwitchFeature	Gets the features configured on a virtual switch.
Get-VMSwitchTeam	Gets virtual switch teams from Hyper-V hosts.
Get-VMSystemSwitchExtension	Gets the switch extensions installed on a virtual machine host.
Get-VMSystemSwitchExtensionPortFeature	Gets the port-level features supported by virtual switch extensions on one or more Hyper-V hosts.
Get-VMSystemSwitchExtensionSwitchFeature	Gets the switch-level features on one or more Hyper-V hosts.
Get-VMVideo	Gets video settings for virtual machines.
Get-VmNetworkAdapterIsolation	Gets isolation settings for a virtual network adapter.
Grant-VMConnectAccess	Grants a user or users access to connect to a virtual machine or machines.
Import-VM	Imports a virtual machine from a file.
Import-VMInitialReplication	Imports initial replication files for a Replica virtual machine to complete the initial replication when using external media as the source.
Measure-VM	Reports resource utilization data for one or more virtual machines.
Measure-VMReplication	Gets replication statistics and information associated with a virtual machine.
Measure-VMResourcePool	Reports resource utilization data for one or more resource pools.
Merge-VHD	Merges virtual hard disks.
Mount-VHD	Mounts one or more virtual hard disks.
Move-VM	Moves a virtual machine to a new Hyper-V host.
Move-VMStorage	Moves the storage of a virtual machine.
New-VFD	Creates a virtual floppy disk.
New-VHD	Creates one or more new virtual hard disks.
New-VM	Creates a new virtual machine.
New-VMGroup	Creates a virtual machine group.
New-VMReplicationAuthorizationEntry	Creates a new authorization entry that allows one or more primary servers to replicate data to a specified Replica server.
New-VMResourcePool	Creates a resource pool.
New-VMSan	Creates a new virtual storage area network (SAN) on a Hyper-V host.
New-VMSwitch	Creates a new virtual switch on one or more virtual machine hosts.
Optimize-VHD	Optimizes the allocation of space used by virtual hard disk files, except for fixed virtual hard disks.
Optimize-VHDSet	Optimizes VHD set files.
Remove-VHDSnapshot	Removes a checkpoint from a VHD set file.
Remove-VM	Deletes a virtual machine.
Remove-VMDvdDrive	Deletes a DVD drive from a virtual machine.
Remove-VMFibreChannelHba	Removes a Fibre Channel host bus adapter from a virtual machine.
Remove-VMGroup	Removes a virtual machine group.
Remove-VMGroupMember	Removes members from a virtual machine group.
Remove-VMHardDiskDrive	Deletes a hard disk drive from a virtual machine.
Remove-VMMigrationNetwork	Removes a network from use with migration.
Remove-VMNetworkAdapter	Removes one or more virtual network adapters from a virtual machine.
Remove-VMNetworkAdapterAcl	Removes an ACL applied to the traffic through a virtual network adapter.
Remove-VMNetworkAdapterExtendedAcl	Removes an extended ACL for a virtual network adapter.
Remove-VMNetworkAdapterRoutingDomainMapping	Removes a routing domain from a virtual network adapter.
Remove-VMNetworkAdapterTeamMapping
Remove-VMRemoteFx3dVideoAdapter	Removes a RemoteFX 3D video adapter from a virtual machine.
Remove-VMReplication	Removes the replication relationship of a virtual machine.
Remove-VMReplicationAuthorizationEntry	Removes an authorization entry from a Replica server.
Remove-VMResourcePool	Deletes a resource pool from one or more virtual machine hosts.
Remove-VMSan	Removes a virtual storage area network (SAN) from a Hyper-V host.
Remove-VMSavedState	Deletes the saved state of a saved virtual machine.
Remove-VMScsiController	Removes a SCSI controller from a virtual machine.
Remove-VMSnapshot	Deletes a virtual machine checkpoint.
Remove-VMStoragePath	Removes a path from a storage resource pool.
Remove-VMSwitch	Deletes a virtual switch.
Remove-VMSwitchExtensionPortFeature	Removes a feature from a virtual network adapter.
Remove-VMSwitchExtensionSwitchFeature	Removes a feature from a virtual switch.
Remove-VMSwitchTeamMember	Removes a member from a virtual machine switch team.
Rename-VM	Renames a virtual machine.
Rename-VMGroup	Renames virtual machine groups.
Rename-VMNetworkAdapter	Renames a virtual network adapter on a virtual machine or on the management operating system.
Rename-VMResourcePool	Renames a resource pool on one or more Hyper-V hosts.
Rename-VMSan	Renames a virtual storage area network (SAN).
Rename-VMSnapshot	Renames a virtual machine checkpoint.
Rename-VMSwitch	Renames a virtual switch.
Repair-VM	Repairs one or more virtual machines.
Reset-VMReplicationStatistics	Resets the replication statistics of a virtual machine.
Reset-VMResourceMetering	Resets the resource utilization data collected by Hyper-V resource metering.
Resize-VHD	Resizes a virtual hard disk.
Restart-VM	Restarts a virtual machine.
Restore-VMSnapshot	Restores a virtual machine checkpoint.
Resume-VM	Resumes a suspended (paused) virtual machine.
Resume-VMReplication	Resumes a virtual machine replication that is in a state of Paused, Error, Resynchronization Required, or Suspended.
Revoke-VMConnectAccess	Revokes access for one or more users to connect to a one or more virtual machines.
Save-VM	Saves a virtual machine.
Set-VHD	Sets properties associated with a virtual hard disk.
Set-VM	Configures a virtual machine.
Set-VMBios	Configures the BIOS of a Generation 1 virtual machine.
Set-VMComPort	Configures the COM port of a virtual machine.
Set-VMDvdDrive	Configures a virtual DVD drive.
Set-VMFibreChannelHba	Configures a Fibre Channel host bus adapter on a virtual machine.
Set-VMFirmware	Sets the firmware configuration of a virtual machine.
Set-VMFloppyDiskDrive	Configures a virtual floppy disk drive.
Set-VMHardDiskDrive	Configures a virtual hard disk.
Set-VMHost	Configures a Hyper-V host.
Set-VMHostCluster	Configures a virtual machine host cluster.
Set-VMKeyProtector	Configures a key protector for a virtual machine.
Set-VMMemory	Configures the memory of a virtual machine.
Set-VMMigrationNetwork	Sets the subnet, subnet mask, and/or priority of a migration network.
Set-VMNetworkAdapter	Configures features of the virtual network adapter in a virtual machine or the management operating system.
Set-VMNetworkAdapterFailoverConfiguration	Configures the IP address of a virtual network adapter to be used when a virtual machine fails over.
Set-VMNetworkAdapterTeamMapping
Set-VMNetworkAdapterVlan	Configures the virtual LAN settings for the traffic through a virtual network adapter.
Set-VMProcessor	Configures one or more processors of a virtual machine.
Set-VMRemoteFx3dVideoAdapter	Configures the RemoteFX 3D video adapter of a virtual machine.
Set-VMReplication	Modifies the replication settings of a virtual machine.
Set-VMReplicationAuthorizationEntry	Modifies an authorization entry on a Replica server.
Set-VMReplicationServer	Configures a host as a Replica server.
Set-VMResourcePool	Sets the parent resource pool for a selected resource pool.
Set-VMSan	Configures a virtual storage area network (SAN) on one or more Hyper-V hosts.
Set-VMSecurity	Configures security settings for a virtual machine.
Set-VMSecurityPolicy	Configures the security policy for a virtual machine.
Set-VMSwitch	Configures a virtual switch.
Set-VMSwitchExtensionPortFeature	Configures a feature on a virtual network adapter.
Set-VMSwitchExtensionSwitchFeature	Configures a feature on a virtual switch.
Set-VMSwitchTeam	Configures a virtual switch team.
Set-VMVideo	Configures video settings for virtual machines.
Set-VmNetworkAdapterIsolation	Modifies isolation settings for a virtual network adapter.
Set-VmNetworkAdapterRoutingDomainMapping	Sets virtual subnets on a routing domain.
Start-VM	Starts a virtual machine.
Start-VMFailover	Starts failover on a virtual machine.
Start-VMInitialReplication	Starts replication of a virtual machine.
Start-VMTrace	Starts tracing to a file.
Stop-VM	Shuts down, turns off, or saves a virtual machine.
Stop-VMFailover	Stops failover of a virtual machine.
Stop-VMInitialReplication	Stops an ongoing initial replication.
Stop-VMReplication	Cancels an ongoing virtual machine resynchronization.
Stop-VMTrace	Stops tracing to file.
Suspend-VM	Suspends, or pauses, a virtual machine.
Suspend-VMReplication	Suspends replication of a virtual machine.
Test-VHD	Tests a virtual hard disk for any problems that would make it unusable.
Test-VMNetworkAdapter	Tests connectivity between virtual machines.
Test-VMReplicationConnection	Tests the connection between a primary server and a Replica server.
Update-VMVersion	Updates the version of virtual machines.

Source :
https://eddiejackson.net/wp/?page_id=26483

Basic Authentication Deprecation in Exchange Online – September 2022 Update

One month from today, we’re going to start to turn off basic auth for specific protocols in Exchange Online for customers who use them.

Since our first announcement nearly three years ago, we’ve seen millions of users move away from basic auth, and we’ve disabled it in millions of tenants to proactively protect them.

We’re not done yet though, and unfortunately usage isn’t yet at zero. Despite that, we will start to turn off basic auth for several protocols for tenants not previously disabled.

Starting October 1^st, we will start to randomly select tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. We will post a message to the Message Center 7 days prior, and we will post Service Health Dashboard notifications to each tenant on the day of the change.

We will not be disabling or changing any settings for SMTP AUTH.

If you have removed your dependency on basic auth, this will not affect your tenant or users. If you have not (or are not sure), check the Message Center for the latest data contained in the monthly usage reports we have been sending monthly since October 2021. The data for August 2022 will be sent within the first few days of September.

What If You Are Not Ready for This Change?

We recognize that unfortunately there are still many tenants unprepared for this change. Despite multiple blog posts, Message Center posts, interruptions of service, and coverage via tweets, videos, conference presentations and more, some customers are still unaware this change is coming. There are also many customers aware of the deadline who simply haven’t done the necessary work to avoid an outage.

Our goal with this effort has only ever been to protect your data and accounts from the increasing number of attacks we see that are leveraging basic auth.

However, we understand that email is a mission-critical service for many of our customers and turning off basic auth for many of them could potentially be very impactful.

One-Time Re-Enablement

Today we are announcing an update to our plan to offer customers who are unaware or are not ready for this change.

When we turn off basic auth after October 1^st, all customers will be able to use the self-service diagnostic to re-enable basic auth for any protocols they need, once per protocol. Details on this process are below.

Once this diagnostic is run, basic auth will be re-enabled for those protocol(s). Selected protocol(s) will stay enabled for basic auth use until end of December 2022. During the first week of calendar year 2023, those protocols will be disabled for basic auth use permanently, and there will be no possibility of using basic auth after that.

Avoiding Disruption

If you already know you need more time and wish to avoid the disruption of having basic auth disabled you can run the diagnostics during the month of September, and when October comes, we will not disable basic for protocol(s) you specify. We will disable basic for any non-opted-out protocols, but you will be able to re-enable them (until the end of the year) by following the steps below if you later decide you need those too.

In other words – if you do not want basic for a specific protocol or protocols disabled in October, you can use the same self-service diagnostic in the month of September. Details on this process below.

Diagnostic Options

Thousands of customers have already used the self-service diagnostic we discussed in earlier blog posts (here and here) to re-enable basic auth for a protocol that had been turned off, or to tell us not to include them in our proactive protection expansion program. We’re using this same diagnostic again, but the workflow is changing a little.

Today, we have archived all prior re-enable and opt-out requests. If you have previously opted out or re-enabled basic for some protocol, you’ll need to follow the steps below during the month of September to indicate you want us to leave something enabled for basic auth after Oct 1.

To invoke the self-service diagnostic, you can go directly to the basic auth self-help diagnostic by simply clicking on this button (it’ll bring up the diagnostic in the Microsoft 365 admin center if you’re a tenant Global Admin):

thumbnail image 1 of blog post titled

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Or you can open the Microsoft 365 admin center and click the green Help & support button in the lower right-hand corner of the screen.

thumbnail image 2 of blog post titled

Basic Authentication Deprecation in Exchange Online – September 2022 Update

thumbnail image 3 of blog post titled

Basic Authentication Deprecation in Exchange Online – September 2022 Update

When you click the button, you enter our self-help system. Here you can enter the phrase “Diag: Enable Basic Auth in EXO”

Customers with tenants in the Government Community Cloud (GCC) are unable to use the self-service diagnostic covered here. Those tenants may opt out by following the process contained in the Message Center post sent to their tenant today. If GCC customers need to re-enable a protocol following the Oct 1^st deadline they will need to open a support ticket.

Opting Out

During the month of September 2022, the diagnostic will offer only the option to opt-out. By submitting your opt-out request during September, you are telling us that you do not want us to disable basic for a protocol or protocols during October. Please understand we will be disabling basic auth for all tenants permanently in January 2023, regardless of their opt-out status.

The diagnostic will show a version of the dialog below, and you can re-run it for multiple protocols. It might look a bit different if some protocols have already been disabled. Note too that protocols are not removed from the list as you opt-out but rest assured (unless you receive an error) we will receive the request.

thumbnail image 4 of blog post titled

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Re-Enabling Basic for protocols

Starting October 1, the diagnostic will only allow you to re-enable basic auth for a protocol that it was disabled for.

If you did not opt-out during September, and we disabled basic for a protocol you later realize you need, you can use this to re-enable it.

thumbnail image 5 of blog post titled

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Within an hour (usually much sooner) after you run the diagnostics and ask us to re-enable basic for a protocol, basic auth will start to work again.

At this point, we have to remind you that by re-enabling basic for a protocol, you are leaving your users and data vulnerable to security risks, and that we have customers suffering from basic auth-based attacks every single day (but you know that already).

Starting January 1, 2023, the self-serve diagnostic will no longer be available, and basic auth will soon thereafter be disabled for all protocols.

Summary of timelines and actions

Please see the following flow chart to help illustrate the changes and actions that you might need to take:

thumbnail image 6 of blog post titled

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Blocking Basic Authentication Yourself

If you re-enable basic for a protocol because you need some extra time and then afterward no longer need basic auth you can block it yourself instead of waiting for us to do it in January 2023. The quickest and most effective way to do this is to use Authentication Policies which block basic auth connections at the first point of contact to Exchange Online.

Just go into the Microsoft 365 admin center, navigate to Settings, Org Settings, Modern Authentication and uncheck the boxes to block basic for all protocols you no longer need (these checkboxes will do nothing once we block basic for a protocol permanently, and we’ll remove them some time after January 2023).

thumbnail image 7 of blog post titled

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Reporting Web Service Endpoint

For those of you using the Reporting Web Service REST endpoint to get access to Message Tracking Logs and more, we’re also announcing today that this service will continue to have basic auth enabled until Dec 31^st for all customers, no opt-out or re-enablement is required. And, we’re pleased to be able to provide the long-awaited guidance for this too right here.

EOP/SCC PowerShell

Basic authentication will remain enabled until Dec 31^st, 2022. Customers need to migrate to certificate based authentication. Follow the Instructions here: App-only authentication

One Other Basic Authentication Related Update

We’re adding a new capability to Microsoft 365 to help our customers avoid the risks posed by basic authentication. This new feature changes the default behavior of Office applications to block sign-in prompts using basic authentication. With this change, if users try to open Office files on servers that only use basic authentication, they won’t see any basic authentication sign-in prompts. Instead, they’ll see a message that the file has been blocked because it uses a sign-in method that may be insecure.

You can read more about this great new feature here: Basic authentication sign-in prompts are blocked by default in Microsoft 365 Apps.

Office Team is looking for customers to opt-in to their Private Preview Program for this feature. Please send them an email if you are interested in signing up: basicauthdeprmailer@microsoft.com.

Summary

This effort has taken three years from initial communication until now, and even that has not been enough time to ensure that all customers know about this change and take all necessary steps. IT and change can be hard, and the pandemic changed priorities for many of us, but everyone wants the same thing: better security for their users and data.

Our customers are important to us, and we do not want to see them breached, or disrupted. It’s a fine balance but we hope this final option will allow the remaining customers using Basic auth to finally get rid of it.

The end of 2022 will see us collectively reach that goal, to Improve Security – Together.

The Exchange Team

Source :
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437

UniFi – Console and Gateway Recovery Mode

The Recovery Mode User Interface (UI) is a special interface for UniFi OS Consoles (UDMP, UNVR, etc.) and gateways used to recover from various failure modes (indicated on the LCM screen of that device). From the Recovery Mode, you can perform the following actions:

Reset to Factory Defaults: Completely reset the device. Note this will also wipe out any stored backup files.
Reboot: Restart the device and re-load the existing configuration.
Power-off: Initiate a software shutdown on the device, after which you can safely remove the power cable.
Check Filesystems: Check the integrity of the file system.
Firmware Update: Upload a previously downloaded firmware image (.bin) file in order to upgrade the firmware.

You should only resort to using recovery mode if you are prompted by the LCM screen found on your device.

Performing a Device Recovery

Download the most recent firmware for your device. You can find information on our latest releases here.
Completely power-off the UniFi device and unplug it from its power source.
Press and hold the reset button and then power on the device by connecting it to the power source once again.
Keep the reset button pressed for about 5 seconds. After some time the display (in supported models) will indicate that the gateway is in Recovery Mode.
Connect an Ethernet cable from your computer to the first LAN port (port 1) on the UniFi gateway.

Note: Port 1 is always the first one. Either the top port, or the top left corner one, depending on the layout of your device’s ports.
Configure a static IP address on your computer in the 192.168.1.0/24 range (for example 192.168.1.11). Windows ClientmacOS clientNote: If a wireless adapter is enabled and connected to another network it could conflict with the connection to the UniFi device. Disable the wireless adapter if necessary.
Open a compatible web browser navigate to http://192.168.1.30 to access the Recovery Mode UI.

Note: The Recovery Mode UI is accessible via HTTP only and not HTTPS. It is possible that your browser will automatically try to redirect your session to HTTPS. Make sure to navigate to the http://192.168.1.30 address and use a different browser if necessary.
Select Firmware Update > Choose and browse your computer for the previously download firmware (.bin) image file.
Wait for the upgrade process to complete and reboot the device afterwards.

Source :
https://help.ui.com/hc/en-us/articles/360043360253-UniFi-Console-and-Gateway-Recovery-Mode

UniFi – Login with SSH (Advanced)

We do not recommend using SSH unless instructed by one of our Support Engineers as part of advanced troubleshooting. Inexperienced users risk making changes that may degrade network performance, or even worse, completely break your deployment. Proceed with caution.

Requirements

1. You are connected to the same local network as the device/console you plan to connect with via SSH. This may consist of using a laptop connected to the same WiFi network, or hardwired directly to the device.

2. SSH is enabled. UniFi Network devices and UniFi OS Consoles have independent SSH settings.

UniFi OS Consoles – Following setup, SSH is automatically disabled. It must be enabled in your UniFi OS System Settings.
UniFi Network Devices – Following setup, SSH is automatically enabled. The credentials consist of a random string of characters.

3. The device you are using has a command line interface (CLI) capable of establishing a Secure Shell (SSH) connection. Linux and macOS devices can use their native terminal. Windows OS requires PowerShell or PuTTY.

Establishing an SSH Connection

The format of the command used to establish an SSH connection is as follows:

ssh <username>@<ip-address>

The <username> for UniFi OS Consoles (UDM Pro / UNVR / Cloud Key) and UniFi Gateways (UXG Pro) is always ‘root’. For example, a Dream Machine Pro (gateway) with an IP address of 192.168.1.1 can be accessed as follows:

ssh root@192.168.1.1

Note: The UXG will use <username> = ‘root’, but the <password> will be the shared password set in your UniFi Network Application.

Default Credentials

Prior to setup/adoption, devices have a set of default credentials.

UniFi OS Consoles – root / ubnt
UniFi Gateways – root / ubnt
UniFi Devices – ubnt / ubnt

Source :
https://help.ui.com/hc/en-us/articles/204909374-UniFi-Login-with-SSH-Advanced-

UniFi – Advanced Updating Techniques

We recommend that most users enable automatic updates. Doing so allows you to specify when your UniFi deployment automatically checks for and installs updates.

UniFi OS Console and application update preferences can be configured in your UniFi OS Settings. Please note, though, that self-hosted UniFi Network applications do not offer automatic updating.

UniFi Network device update preferences are set in your Network application’s System Settings. Devices managed by other UniFi applications are automatically updated within their respective applications.

Manually Update UniFi Devices via Web Application

Updating via the Device Property Panel

Use Case: You want to try Early Access firmware releases for specific devices, or you want to return to an official release after trying an EA release.

1. Copy the firmware release link from community.ui.com/releases.

2. Paste the link in the address bar found in the Settings tab of the device’s properties panel.

Updating via Your Network Cache

Use Case: You prefer to download and store updates in your Network application so they can be used by other devices, as opposed to downloading multiple, device-specific files from the internet. This is an ideal solution for reducing bandwidth within high-volume networks that host a large number of similar UniFi devices. It is also suitable for the advanced users who disable internet access on their UniFi device’s management network.

Device updates can be cached in your Network application’s System Settings. Once an update is cached, you can open to your UniFi Devices page and click Update Available.

Note: The Cache link will appear when you hover your cursor over an update.

Updating via SSH

Note: SSH updating is not a typical or recommended method. It is only prescribed to work around specific scenarios, such as when:

Prior traditional update attempts have failed. A successful SSH update will help verify if initial failures resulted from incorrect network configuration. For more details, see Troubleshooting Device Updates.
Your UniFi Network device is not being discovered or cannot be adopted because it has been preloaded with outdated firmware.
Your UniFI OS Console cannot be set up because it has been preloaded with an outdated version of UniFi OS.

UAP/USW (Internet)

Copy the update link from community.ui.com/releases.
SSH into your device.
Run the following command:upgrade paste_download_link_here Exupgrade https://dl.ui.com/unifi/firmware/UAL6/5.60.1.12923/BZ.mt7621_5.60.1+12923.210416.1641.bin

UAP/USW (No Internet)

Download the desired firmware update from community.ui.com/releases.
Use the following SCP command to copy the file into the /tmp folder of your device. This requires a compatible SCP application (e.g., Terminal on macOS and Linux, PuTTY/PowerShell on Windows).scp /folder_path/firmwarefile.bin <user>@<IP of device>:/tmp/fwupdate.binExscp /Users/alexpro/Desktop/BZ.mt7621_5.60.1+12923.210416.1641.bin Alex@192.168.1.219:/tmp/fwupdate.bin
Enter your SSH password when prompted.
Run the following command:syswrapper.sh upgrade2 &

UDM/UDM Pro/UXG Pro (Internet)

Copy the update link from community.ui.com/releases.
SSH into your device.
Run the following command:ubnt-upgrade paste_download_link_here Exubnt-upgrade https://fw-download.ubnt.com/data/udm/7675-udmpro-1.12.22-36b5213eaa2446aca8486f0b51e64cd3.bin

UDM/UDM Pro/UXG Pro (No Internet)

Download the desired firmware update from community.ui.com/releases.
Use the following SCP command to copy the file into the /mnt/data folder of your device. This requires a compatible SCP application (e.g., Terminal on macOS and Linux, PuTTY/PowerShell on Windows).scp /folder_path/firmwarefile.bin <user>@<IP of device>:/mnt/data/fwupdate.binExscp /Users/alexpro/Desktop/7675-udmpro-1.12.22-36b5213eaa2446aca8486f0b51e64cd3.bin Alex@192.168.1.219:/mnt/data/fwupdate.bin
Enter your SSH password when prompted.
Run the following command:ubnt-upgrade /mnt/data/fwupdate.bin

UCK G2, UCK G2 Plus, UDM SE, UDR, UDW, UNVR, UNVR Pro (Internet)

Copy the update link from community.ui.com/releases.
SSH into your device.
Run the following command:ubnt-systool fwupdate paste_download_link_here Exubnt-systool fwupdate https://fw-download.ubnt.com/data/unifi-dream/dd49-UDR-2.4.10-cd3afa000ebf4a4fb15374481539961c.bin

UCK G2, UCK G2 Plus, UDM SE, UDR, UDW, UNVR, UNVR Pro (No Internet)

Download the desired firmware update from community.ui.com/releases.
Use the following SCP command to copy the file into the /tmp folder of your device. This requires a compatible SCP application (e.g., Terminal on macOS and Linux, PuTTY/PowerShell on Windows).scp /folder_path/firmwarefile.bin <user>@<IP of device>:/tmp/fwupdate.binExscp /Users/alexpro/Desktop/dd49-UDR-2.4.10-cd3afa000ebf4a4fb15374481539961c.bin
Enter your SSH password when prompted.
Run the following command:ubnt-systool fwupdate /tmp/fwupdate.bin

USG (Internet)

Copy the update link from community.ui.com/releases.
SSH into your device.
Run the following command:upgrade paste_download_link_here Exupgrade https://dl.ui.com/unifi/firmware/UGW3/4.4.56.5449062/UGW3.v4.4.56.5449062.tar

USG (No Internet)

Download the desired firmware update from community.ui.com/releases.
Rename the file: upgrade.tar
Use the following SCP command to copy the file into the /home/<user> folder of your USG. This requires a compatible SCP application (e.g., Terminal on macOS and Linux, PuTTY/PowerShell on Windows).scp /folder_path/upgrade.tar <user>@<IP of device>:/home/<user>/upgrade.tarExscp /Users/alexpro/Desktop/upgrade.tar Alex@192.168.1.1:/home/Alex/upgrade.tar
Enter your SSH password when prompted.
SSH into your device.
Run the following command:sudo syswrapper.sh upgrade upgrade.tar

Manually Update the Network Application

Download the desired application update from community.ui.com/releases.
SSH into your device.
Run the following command (UDM/UDM Pro Only):unifi-os shell
Remove previously installed files:rm /tmp/unifi_sysvinit_all.deb &> /dev/null
Store the new application version on your device using the download link:curl -o “/tmp/unifi_sysvinit_all.deb” <network application link.deb>Excurl -o “/tmp/unifi_sysvinit_all.deb” https://dl.ui.com/unifi/6.2.26-a79cb15f05/unifi_sysvinit_all.deb
Once downloaded, install the new version:apt-get install -y /tmp/unifi_sysvinit_all.deb
Following installation, remove the downloaded file:rm /tmp/unifi_sysvinit_all.deb

Updating Devices in a Broken State

In rare occurrences, a device may stop functioning. UniFi APs may be updated using our TFTP Recovery. This should only be used if your AP completely stops functioning as a last resort prior to submitting an RMA. UniFi OS Consoles and gateways my be updated using Recovery Mode. This should only be used if prompted on your device’s LCM screen.

Source :
https://help.ui.com/hc/en-us/articles/204910064-UniFi-Advanced-Updating-Techniques

UniFi – Getting Support Files and Logs

It may be necessary to provide support files to our team when troubleshooting issues. These contain detailed logs and information about what is happening with your UniFi system. Although sensitive information is generally removed, we do not recommend sharing these publicly.

There are two support files to be aware of:

UniFi OS Support File: This contains logs related to your UniFi OS Console, the installed applications, your adopted UniFi devices, and the client devices connected.
Navigating to unifi.ui.com (or signing in locally via IP address) > select your UniFi OS Console > Console Settings > Download Support File. Note that it will have a *.tgz extension.
UniFi Network Support File: This only contains information about your UniFi Network application, your adopted UniFi Network devices, and the connected clients. This should only be used if you are self-hosting the UniFi Network application on a Windows, macOS or Linux machine.
Navigate to your UniFi Network Application > Settings > System > Download Network Support File. Note that it will have a *.supp extension.

Advanced

If the UOS Console or UniFi applications are inaccessible and you are not able to download the support file, you can download the logs by following these instructions. Please note, our support engineer will provide detailed information on which of the following will be required for troubleshooting.

1. SSH into the machine: ssh root@192.168.1.1

Note: If you need to change your SSH password, do so in the UniFi OS Settings, by navigating to unifi.ui.com (or signing in locally via IP address) > select your UniFi OS Console > Settings > System.

2. Create ZIP files for the logs. The commands’ format will be: tar -zcvf <file name> <folders path>.

UniFi OS logs: tar -zcvf unifi-core-logs.tar.gz /data/unifi-core/logs/
UniFi local portal (ULP) logs: tar -zcvf ulp-go-logs.tar.gz /data/ulp-go/log/
UniFi Network logs:
- For UniFi Dream Machine consoles:tar -zcvf unifi-logs.tar.gz /data/unifi/logs/
- For UniFi Cloud Key Gen2 consoles:tar -zcvf unifi-logs.tar.gz /usr/lib/unifi/logs
UniFi Protect logs:
- Without external disks: tar -zcvf unifi-protect-logs.tar.gz /data/unifi-protect/logs/
- With external disks: tar -zcvf unifi-protect-logs.tar.gz /srv/unifi-protect/logs/
UniFi Talk logs:
- tar -zcvf unifi-talk-logs.tar.gz /var/log/unifi-talk/
- tar -zcvf unifi-talk-base-logs.tar.gz /var/log/unifi-base/
- tar -zcvf unifi-talk-freeswitch-logs.tar.gz /var/log/freeswitch/
UniFi Connect logs: tar -zcvf unifi-connect-logs.tar.gz /data/unifi-connect/log/
System logs:
- ubnt-systool support /tmp/system
- tar zcvf system.tar.gz /tmp/system

3. Open a new terminal window and run the SCP command to copy the logs from the UniFi OS Console and onto your computer (or system).

Note: The period (.) in the path variable means it will be copied onto the currently opened directory in the terminal. And the asterisk (*) stands for “all”. So the following command will copy everything with the extension tar.gz (i.e. all the logs you prepared in Step 2).

scp root@192.168.1.1:/root/\*.gz .

4. Close both terminal windows to close the sessions.

If other logs are needed, our support agent will guide you and provide the necessary commands.

Source :
https://help.ui.com/hc/en-us/articles/360049956374-UniFi-Getting-Support-Files-and-Logs

UniFi Network – Updating Third-Party, non-Console UniFi Network Applications (Linux – Advanced)

This article provides the steps to update the UniFi Network application to the current stable release on a Debian or Ubuntu system via APT (Advanced Package Tool). If you run into issues following the process described in this article, please take a look at the scripts provided in this Community post that includes UniFi Network software installation on Ubuntu 18.04 and 16.04 and Debian 8/9.

Requirements

In order to update the UniFi Network application via APT, it is necessary to create source files or edit lines in an existing sources.list file with Linux text editors: vi or nano. The repo structure should be permanent, but if there are any changes they will be pointed out in the UniFi Network software version release posts, found in the Release section of the Community.

Before upgrading the UniFi Network application, make sure that you have backed up the UniFi Network Database. You will need to make sure that the user has sudo permissions. For more information about adding a user to sudo list, see this Debian article.

UniFi Network APT Steps

1. Install required packages before you begin with the following command:

sudo apt-get update && sudo apt-get install ca-certificates apt-transport-https

Click to copy

2. Use the following command to add a new source list:

echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list

Click to copy

3. Add the GPG Keys. To add the GPG Keys use one of the two methods described below (Method A is recommended). When using the commands below, it is assumed you have sudo and wget installed, more information about sudo can be found here, and wget here.

User Tip: For Ubuntu 18.04, run the following commands before installing UniFi in step 4.

wget -qO - https://www.mongodb.org/static/pgp/server-3.4.asc | sudo apt-key add -
echo "deb https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
sudo apt-get update

Click to copy

See an example of what scripts the Community is using to install the UniFi Network application on Ubuntu 16.04 and 18.04 in this Community post.

(Method A) Install the following trusted key into /etc/apt/trusted.gpg.d

sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg

Click to copy

(Method B) Using apt-key.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50

Click to copy

4. Install and upgrade the UniFi Network application.

Note: On some Distributions, it’s possible an incompatible Java release can be installed during this step. We recommend running the following command before proceeding with this step, to restrict Ubuntu from automatically installing Java 11. If you wish to undo this later, replace “hold” with “unhold”.

sudo apt-mark hold openjdk-11-*

Install and upgrade the UniFi Network application with the following command:

sudo apt-get update && sudo apt-get install unifi -y

Click to copy

5. This step may not be required, depending on the Linux distro you have. If your distro does not come with MongoDB, and it’s not available in their repo, then please see the MongoDB installation guide. You can find the latest installation guide for Ubuntu here, and Debian here. We recommend at least MongoDB 2.6.10. Some users have changed the backend to use MongoDB 3 successfully too.

6. The UniFi Network application should now be accessible at the computer’s configured local or public IP address, by typing that IP address in a browser’s navigation bar (Chrome is recommended). If it is not launching, use the following command: sudo service unifi start.

Other helpful commands are:

To stop the UniFi service: sudo service unifi stop
To restart the UniFi service: sudo service unifi restart
To see the status of UniFi service: sudo service unifi status

We strongly recommend staying with the stable release, but for those users who wish to do otherwise, click here to expand and see possible suite names, as well as code names in the table within.

Log Files Location

Log files will be essential for any troubleshooting you might perform. Find them here:

/usr/lib/unifi/logs/server.log
/usr/lib/unifi/logs/mongod.log

If your application is running on a Unix/Linux based system, then you will require superuser (sudo) privileges to access these log files.

User Notes & Tips

These notes have been added thanks to user collaboration. Click to expand.

Source :
https://help.ui.com/hc/en-us/articles/220066768-UniFi-Network-Updating-Third-Party-non-Console-UniFi-Network-Applications-Linux-Advanced-

UniFi Network – Updating Third-Party, non-Console UniFi Network Applications

We recommend hosting your Network Application on a UniFi OS Console for the most seamless updating experience. In addition to providing the ability to toggle automatic Network Application updates, you can also initiate manual updates through the GUI.

Updating the Network Application

Updating your Network Application is very similar to the initial setup. You can download the latest version here.

You will be required to close any running instances of the Network Application prior to the installation. Do not worry, your network will still continue to function as normal (devices will remain connected with internet access, and traffic will continue to be routed).

After executing the file, the setup wizard will guide you through the process of updating your application. We always recommend downloading a backup file, found in your System Settings.

Note: macOS users may be required to move the downloaded file into the Applications folder, or right-click > open the file in order to begin the installation.

(Advanced) Updating via CLI on Linux-hosted Applications

It is also possible to use APT for managing updates on Debian and Ubuntu based installations. You may refer to this article for more details. This should only be attempted by users with appropriate knowledge of Linux.

Source :
https://help.ui.com/hc/en-us/articles/6330410381335-UniFi-Network-Updating-Third-Party-non-Console-UniFi-Network-Applications

UniFi Network – Self-Hosting your UniFi Network Without a Console (Advanced)

We strongly recommend that users opt for a UniFi OS Console instead of self-hosting the Network Application on third-party operating systems.

Self-hosting the UniFi Network application on a home computer or 3rd party virtual machine (VM) requires extensive knowledge of computer engineering, networking, and security. Invalid host specifications or configurations may lead to system crashes, poor performance, and compromised network security.

A UniFi OS Console, on the other hand, takes all the guessing out of the picture as it is already optimized for running all of our UniFi Applications. It is also a significantly more secure solution for remote access, as this is hosted on your physical premises, as opposed to a third-party virtual machine in the cloud.

Note: Although a UI SSO account is required for remote access, it is possible to setup and use UniFi OS Consoles as local-only devices without the need for an SSO account.

For advanced users hoping for a scalable cloud-hosting approach, we also offer our own UniFi OS Cloud Console.

Configuration of third-party hosts is outside of Ubiquiti’s official support scope. If you still wish to self-host the UniFi Network Application, please be aware of the risks and proceed with caution.

Download and install the UniFi Network Application

The UniFi Network Application may be downloaded for Microsoft Windows, macOS, and Linux from this page. The Network application is provided as a simple installer for Microsoft Windows and macOS hosts.

For Linux, a .deb file is provided. This can be installed using the dpkg command on Debian or Ubuntu.

After installing the UniFi Network Application, you may launch it and follow the instructions to complete setup. You can access the configuration page by typing https://<IP_of_Network_Application_host>:8443 into the navigation bar of a browser while the application is running.

Frequently Asked Questions

What are the UniFi Network application system requirements?
At a bare-minimum, we recommend the following system requirements (make sure to read the Release Notes for more details about a particular version):

Operating system:
- Linux: Ubuntu Desktop / Server 16.04; Debian 9 “Stretch”
- Windows: Windows 10; Windows Server 2016
- macOS: Mavericks 10.9, 10.10 Yosemite, 10.11 El Capitan, 10.12 Sierra, 10.13 High Sierra, 10.14 Mojave, 10.15 Catalina.
CPU: x86-64 Processor (Intel / AMD x64 Processors)
RAM: 2GB
Network: 100Mbps Wired Ethernet
HDD: Minimum 10GB free (20GB or more preferred)
Java: Java Runtime Environment (JRE) 8
Web Browser: Google Chrome
MongoDB: version 3.2 or later. Mongo is offered bundled: default is 2.4.14 (for macOS and Windows only).

Note: You will need to continually increase your system specs as you begin to adopt and manage more devices.

Does the UniFi Network application have to run at all times?
Although this is not required, we strongly recommend running the UniFi Network Application at all times. This enables you to configure your system at all times. It is also a requirement for proper statistics and reporting.

I’m getting a Java-related error during setup, what do I do?
The UniFi Network application requires Java, so you’ll need to install Java 8 for your specific platform before re-running the installer.

The install is not finishing successfully, what could it be?
Make sure that all system requirements above are met and that all ports used by UniFi are opened.

I’m getting a “Your connection is not private” security warning when accessing the UniFi Network Application in my browser, should I be concerned?
No, there is nothing to worry about. Simply proceed to the next page by clicking Advanced > Proceed.

Source :
https://help.ui.com/hc/en-us/articles/360012282453-UniFi-Network-Self-Hosting-your-UniFi-Network-Without-a-Console-Advanced-

UniFi Network – Understanding and Implementing Minimum RSSI

This article explains what Minimum RSSI is and how to configure it in the UniFi Network application. We only recommend using this if you are familiar with basic RF theory as misconfiguration may result in performance degradation of your network.

How Minimum RSSI works

Received Signal Strength Indication (RSSI) is a value indicating the perceived signal level of a wireless client from the AP’s perspective. The Minimum RSSI value is set individually on each AP and indicates the minimum signal level required for a client to remain connected.

The main purpose of this is to assist with a client’s roaming between two nearby APs. It prevents a device getting “stuck” connected to the initial AP at a weaker signal strength as opposed to roaming to a new AP that may be more optimal. Once the signal drops below the Minimum RSSI value set, the initial AP will kick the client so that it can reconnect to the new AP.

Once an AP kicks a client (by sending a de-authentication packet), it is up to the client to find a better AP to connect to. It may connect back to the same AP, especially if it is the only one within range. Since the signal strength still does not meet the Minimum RSSI, it will again be booted. Improper tuning can thus result in network instability. For this reason, it is important to realize that there is no one size fits all and you should carefully test your configuration to avoid introducing connectivity problems.

How to determine and configure Minimum RSSI

Minimum RSSI is can be enabled within the UniFi Network Application by selecting an AP in UniFi Devices and then navigating to Settings in the side-panel of the selected device. Once enabled, this can be manually set for your 2G and 5G radios independently.

You can view the Signal Strength for your current wireless clients by clicking on a device in the Client Devices tab. The signal is measured in units of dbm (decibels per milliwatt). You will notice that this is a negative number because the power is less than 1 mW:

dbm = 10 log P₁/1mW
0 dBm = 1 mW
-10 dBm = 0.1 mW
-20 dBm = 0.01 mW, and so forth

A value close to 0 indicates high signal quality, whereas a larger negative value indicates poor signal quality. Remember, you need to granularly select the appropriate value for each AP and avoid using a single value everywhere.

Other Considerations

There are many factors that can affect the a client’s RSSI at the AP side including distance, building materials, objects, interference, etc. As much as we would love to give a recommendation, it really isn’t this simple. It’s safe to say -80dBm would be a starting point for standard home or office configurations, but there are too many environmental variables so you should have caution at all times.

The best method to determine appropriate Minimum RSSI values is to perform a site survey. This can be done by testing the signal strength of various wireless clients at different distances. Each device will have different antenna configurations and will thus perform differently in the same geographic location. You want to connect to an SSID, make it specific to that AP (an override on that SSID), and then roam to what you would consider the outer edge of the desired coverage area. Mark the client’s RSSI, and then take a couple more points. The more data you gather, the better idea you’ll get for the minimum RSSI value to use.

Source :
https://help.ui.com/hc/en-us/articles/221321728-UniFi-Network-Understanding-and-Implementing-Minimum-RSSI