250 Hello - Random Musings on Security and Exchange

0

Defender for Cloud Apps Access Policy Not Applied to Desktop Applications

Posted on 3rd July 2025 by Rhoderick Milne [MSFT]

Defender for Cloud Apps Managing Desktop Applications

In today’s hybrid work environment, securing access to cloud applications is more critical than ever. Microsoft Defender for Cloud Apps offers a powerful way to enforce granular access controls using different policies. Organisations want to ensure that only authorised and compliant devices can access sensitive cloud resources. Requiring device compliance can be achieved with Intune as an MDM a… Read the rest “Defender for Cloud Apps Access Policy Not Applied to Desktop Applications”

0

Quick Tip–Verify Which Hyper-V VMs Have ISO Mounted

Posted on 6th April 2025 by Rhoderick Milne [MSFT]

Use PowerShell to Easily Show All Mounted ISO

It’s very common that we mount ISO files when needed, then forget to remove them after the fact.

This is generally a non issue until you want to move the mounted ISO file as Hyper-V may have a lock on the file. Yes we could open up the properties of each VM in the console, but nope. Not doing that.

Rather than search VMs one by one to see which is the offending VM, just run the below command in Po… Read the rest “Quick Tip–Verify Which Hyper-V VMs Have ISO Mounted”

0

Exchange 2019 CU15 Released (2025 H1)

Posted on 10th February 2025 by Rhoderick Milne [MSFT]

Exchange 2019 CU15 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site! Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU15 Released (2025 H1)”

0

How To Use Nslookup To Check DMARC External Domain Validation (EDV) Record

Posted on 15th July 2024 by Rhoderick Milne [MSFT]

Previously we looked at how to use nslookup to retrieve the main Domain Based Message Reporting And Conformance (DMARC) DNS record. One of the often overlooked and behind the scenes aspect of DMARC is that a 3rd party DMARC provider has to actually grant permission for DMARC reports to be sent to them for a given domain. Without that permission, email service providers will not be able to send DM… Read the rest “How To Use Nslookup To Check DMARC External Domain Validation (EDV) Record”

0

How to View Copilot for Security Prompt Processing Location And Cross Region Details

Posted on 10th July 2024 by Rhoderick Milne [MSFT]

Copilot for Security Data Storage Location

Data processing and handling considerations must be reviewed as part of deploying any cloud product. With Copilot for Security there are two aspects that need to be fully understood. One is where the tenant’s data is stored. Secondly is where the AI prompts are processed. It may be the case that these are different locations.

We can use the Copilot for Security (CfS) portal https://securitycopi… Read the rest “How to View Copilot for Security Prompt Processing Location And Cross Region Details”

0

Copilot for Security – Global Admin Required to Enable Microsoft 365 Service Data Access

Posted on 9th July 2024 by Rhoderick Milne [MSFT]

Enabling Copilot for Security M365 Service Integration

Copilot for Security has multiple integration points which can be accessed via either:

Standalone experience
Copilot for Security, accessed through https://securitycopilot.microsoft.com, is considered the standalone experience.

Embedded experience
Accessing Copilot for Security embedded experiences in other Microsoft security products is considered an embedded experience.

For the current list of embedded… Read the rest “Copilot for Security – Global Admin Required to Enable Microsoft 365 Service Data Access”

0

Tenant Hydration – Still A Thing

Posted on 5th July 2024 by Rhoderick Milne [MSFT]

Almost 10 years ago I ran into a customer deployment where they were unable to run some of the Exchange PowerShell commands. Funnily enough, this bubbled up the other week.

As a recap, tenants are created in a dehydrated state to minimise resouce consumption. That means they can not be customised things like Role Based Access Control (RBAC) assignments are read-only and can not be customised. Th… Read the rest “Tenant Hydration – Still A Thing”

0

MTA-STS–Comments On Deploying Azure Static Web App

Posted on 2nd July 2024 by Rhoderick Milne [MSFT]

Hosting MTA-STS File on Azure Static Web App

Many customers have completed or are completing the rollout of SPF, DKIM and DMARC to improve email security. Once DMARC has been moved to 100% quarantine that means that all of the issues have been identified and resolved. So what’s next?

Typically this is where MTA-STS comes in. Mail Transfer Agent - Strict Transport Security (MTA-STS) is intended to provide additional security to email transpo… Read the rest “MTA-STS–Comments On Deploying Azure Static Web App”

0

Copilot for Security Workshop Links

Posted on 21st June 2024 by Rhoderick Milne [MSFT]

Copilot for Security Architecture Diagram

When delivering Copilot for Security engagements to customers, we frequently want to reference external articles, content and news. There is also the occasional squirrel moment due to how my brain operates.

This post is a collection of the various artifacts that we typically discuss. They are all collected into one spot so that it is easier to send out as a curated resource after the engagement h… Read the rest “Copilot for Security Workshop Links”

0

Unable to Setup Copilot for Security – Can’t get account information

Posted on 6th June 2024 by Rhoderick Milne [MSFT]

Starting a setup of Copilot for Security in a demo tenant led to an interesting issue where the expected bootstrap process was not launched. As an eligible administrator, when you navigate to https://securitycopilot.microsoft.com you will either access the previously deployed Copilot for Security (CfS) instance or be prompted to create it. This assumes that you are logged on as either a Global Ad… Read the rest “Unable to Setup Copilot for Security – Can’t get account information”