1

How To Use Nslookup To Check TLS Reporting Record (TLS-RPT)

Posted on by Rhoderick Milne [MSFT]
NSLookup To Check TLS-RPT Record
As we move to add newer email security standards such as MTA-STS (Mail Transfer Agent Strict Transport Security) and DANE (DNS-Based Authentication of Named Entities), the reporting aspect of these standards needs to also be implemented.  Even though both MTA-STS & DANE enforce encryption, TLS Reporting (TLS-RPT) is what gives you visibility into whether that encryption is actually working or b
Read the rest “How To Use Nslookup To Check TLS Reporting Record (TLS-RPT)”
0

Azure Communication Service Email – MX Record Required

Posted on by Rhoderick Milne [MSFT]
Azure Communication Service Email - MX Required

Azure Communication Services (ACS) can be used to send high volume outbound email to Internet recipients, represents an important shift in Microsoft’s messaging architecture. As organizations modernised their cloud communications to Exchange Online (EXO) many of them just kept doing what they were doing with Exchange on-premises, i.e. using that as a bulk mailer to send out high volume email inter… Read the rest “Azure Communication Service Email – MX Record Required”

0

Unable To Access OWA Externally Via WAP 2025 – Still Working On It

Posted on by Rhoderick Milne [MSFT]
Unable to Access OWA via WAP 2025 - Still Working On It

After upgrading Web Application Proxy (WAP) to Windows Server 2025 you may run into an issue with certain applications that are published via WAP to the Internet.  This issue will also happen if you build a net new environment for both WAP 2019 and newer.  This post discusses WAP 2025, but the same is more than likely going to happen with WAP 2022

In the below example the AD FS upgrade went well wi… Read the rest “Unable To Access OWA Externally Via WAP 2025 – Still Working On It”

0

SPF Record Fun

Posted on by Rhoderick Milne [MSFT]
SPF Record Structure

Sender Policy Framework (SPF) is a fundamental component of modern e-mail authentication, designed to reduce the risk of spoofing and phishing attacks. By publishing a DNS record that specifies which mail servers are authorised to send messages on behalf of a domain, SPF allows receiving systems to validate whether an incoming message genuinely originates from the claimed sender. SPF alone does no… Read the rest “SPF Record Fun”

0

Entra SSPR Failing–Unexpected Error During A Set Password Operation

Posted on by Rhoderick Milne [MSFT]
Entra SSPR - Unable to Reset Password

On-premises users were unable to use Entra SSPR to reset their passwords.  This needs to use the Password Writeback feature, and in this case Entra Connect was used.  Nowadays there is also Entra Cloud Sync, but that was not an option for this customer.  Users were able to access the SSPR page at https://aka.ms/SSPR and successfully go through all of the steps of the wizard.  This included the CAPT… Read the rest “Entra SSPR Failing–Unexpected Error During A Set Password Operation”

0

Exchange Server SE Installation & Upgrade Screenshots

Posted on by Rhoderick Milne [MSFT]
Exchange Sever SE Installation Screenshots

In this post we’re capturing a point-in-time reference of the Exchange Server Subscription Edition installation process. As Microsoft continues to evolve Exchange with its subscription-based model, setup screens, prerequisites, and configuration options may change over time. The goal here isn’t to walk through the steps in detail, but simply to document what the installation experience looks like … Read the rest “Exchange Server SE Installation & Upgrade Screenshots”

0

QuickTip – Use WIM File As DISM Repair Source

Posted on by Rhoderick Milne [MSFT]
DISM Mount for WinSXS Repair

The Windows servicing stack relies heavily on the WinSxS (Windows Side-by-Side) component store, which houses all the system files, manifests, and metadata required to service, patch, and maintain the operating system. Corruption within this store can manifest as persistent update failures, integrity check errors, or an inability to apply new servicing operations. Traditional file-level repair met… Read the rest “QuickTip – Use WIM File As DISM Repair Source”

0

QuickTip – Capture Network Without Installing Wireshark

Posted on by Rhoderick Milne [MSFT]
Converted ETL To Wireshark

Wireshark is the industry tool for packet inspection, but you don’t always want, or are able, to install this onto production systems without a change request.  Whether you’re troubleshooting or investigating an issues, there are alternative ways to capture meaningful network traffic without installing Wireshark.  Ultimately we want to produce PCAPs easily without having to mess with switchport mi… Read the rest “QuickTip – Capture Network Without Installing Wireshark”

0

Defender for Cloud Apps Access Policy Not Applied to Desktop Applications

Posted on by Rhoderick Milne [MSFT]
Defender for Cloud Apps Managing Desktop Applications

In today’s hybrid work environment, securing access to cloud applications is more critical than ever.  Microsoft Defender for Cloud Apps offers a powerful way to enforce granular access controls using different policies.  Organisations want to ensure that only authorised and compliant devices can access sensitive cloud resources.  Requiring device compliance can be achieved with Intune as an MDM a… Read the rest “Defender for Cloud Apps Access Policy Not Applied to Desktop Applications”

0

Windows Server 2025 DC Requires AD DS FFL 2016 Minimum

Posted on by Rhoderick Milne [MSFT]
Windows Server 2025 DC Blocked By Unsupported FFL

This is an issue that can appear when trying to introduce a Windows Server 2025 domain controller into an existing Active Directory forest.  You were planning a change, followed the change request process only for it to be torpedoed as the deployment failed.  The installation was blocked because the forest functional level is still set to Windows Server 2012R2. At first glance, this can be confusi… Read the rest “Windows Server 2025 DC Requires AD DS FFL 2016 Minimum”