Azure AD Self Service Password Reset (SSPR) has the ability to restrict which group of users are able to perform SSPR tasks. It is a slightly limited administrator control as only a single group can be selected. Azure AD administrator roles are able to perform SSPR even if they are not in scope of the selected group.
They typical user experience is that the person goes to https://aka.ms/SSPR and … Read the rest “Out of SSPR Scope User Experience”
A common issue when deploying Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) with on-premises Exchange is making Exchange aware of the EOP spam filtering. This is because EOP uses slightly different logic to stamp the spam results etc. into the message. Exchange Server needs to be aware of this so that it can take action upon those settings.
The November 8, 2022 and later Windows updates address a security bypass and elevation of privilege vulnerability with Authentication Negotiation by using weak RC4-HMAC negotiation.
This update will set AES as the default encryption type for session keys on accounts that are not marked with a default encryption type already.
To help secure your environment, install the Windows update that is dated … Read the rest “Kerberos Issues November 2022”
Active Directory Federation Services (AD FS) uses endpoints to provide access to features. There are a series of different endpoints which each serve a different purpose from password reset, publishing federation metadata or multiple web services protocols. It is important to ensure that only the required features are actually enabled, and also if those features are to be made available internal… Read the rest “Check If AD FS WSTrust Endpoint Enabled”
Having to host, upgrade and manage WordPress is not really my main job. The various posts over the years will provide a small clue that other things take up most of my time and are my day job. Life was certainly easier when TechNet was still around as a dedicated team ran the MSDN and TechNet blog platforms and provided all of the infrastructure support. All I had to do was write the posts.
Alas… Read the rest “WordPress Linux Web App Poor Performance”
Extended Protection (EP) was added to Windows back in 2009 as a new security feature. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).
The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protect… Read the rest “Updated Guidance On Exchange Server Extended Protection”
Defining Azure governance so that your subscriptions, management groups is correctly built out and deployed is critical. Even with the best planning sometimes it is still necessary to move resources to a new subscription. While Learn documents how this can be done, it does not work for all scenarios.
Bullet point #5 illustrates an issue where subscriptions may belong to different tenants… Read the rest “Migrate Azure VMs To Separate Subscription”
There are a multitude of online tools that help diagnose issues with various mail services, but understanding what these tools actually check is valuable. One example is around manually checking published DomainKeys Identified Mail (DKIM) records. DKIM is described in RFC 4871. As an interesting piece of history DKIM went through a previous iteration "Domain-Based Email Authentication Using Pub… Read the rest “How to Use NsLookup To Check DKIM Record”
Extended Protection uses service binding and channel binding to help prevent an authentication relay attack. In an authentication relay attack, a client that can perform NTLM authentication (for example, Windows Explorer, Microsoft Outlook, a .NET SqlClient application, etc.), connects to an attacker (for example, a malicious CIFS file server). The attacker uses the client's credentials to masquer… Read the rest “Exchange Server Extended Protection”
The May 2022 security update for Exchange Server 2013, 2016 and 2019 resolved CVE-2022-21978. A common issue is that admins are only doing part of the work to address this CVE. Yes they are installing the update, but are not reading the rest of the documentation which states that an additional command must be run.
The FAQ states:
Do I need to take further steps to be protected from this vulnerabil… Read the rest “Remediate Exchange Security CVE-2022-21978”