Note that there have been changes to Safe Links policy for Microsoft Defender for Office 365 (MDO).
Previously you could add URLs to the Safe Links policy to control how MDO would process the URLs. As part of this change the URL blocking is moving to the Tenant Allow Block List (TABL).
Below is a screenshot showing that a previously entered URL needs to be migrated to TABL.
&nb… Read the rest “Migrate Safe Links Block Settings to TABL”
In the field, I’m seeing multiple customers that are struggling to implement the DownloadDomain feature. It does require a little prep work and it is not as simple as just running a single command in Exchange to flip the setting on.
In order to mitigate and issue with OWA, it is necessary to create an additional CAS namespace that will be used for downloading attachments from OWA. This will requir… Read the rest “Implementing Exchange DownloadDomain Security”
When designing an upgrade strategy from an older version of Exchange to a newer one, a question that needs to be addressed is do we need to introduce a version of Exchange that may not currently be present? This may be when upgrading from Exchange 2013 to Exchange 2019. If that organisation currently does not have any Exchange 2016 servers, you need to evaluate if there may be a future requireme… Read the rest “Exchange 2019 Point of No Return”
When delivering Office 365 Security Optimisation Assessments (SOA) to customers, one of the control items is the version of Azure AD Connect deployed along with some related configuration elements. In many cases, Azure AD Connect is not updated to a build that resolves both security and feature issues. Why is Azure AD Connect not current? Good question.
There are two main scenarios that I see rig… Read the rest “Upgrade to Azure AD Connect 2.0”
Windows Server 2012 R2 was a great platform and was very widly adopted. Unlike it’s less popular step-sister, Server 2012. At least the R2 product had a start button, rather than the start pixel….
However, it really does show its age when viewed under a modern security lens. Unsurprisingly, things have changed from a security perspective over the last decade. Not all of the Server 2012 R2 defaul… Read the rest “Joys of Server 2012 R2 TLS Defaults in June 2022”
Admins have become very aware of the need to adjust the Schannel protocol settings for TLS to enable TLS 1.2 and to disable older versions. However, the cipher suites do not always receive the same amount of attention and may be left at their default values.
If you are reading this post there is a good chance that your security auditors have flagged a weak cipher is enabled on your server, and the… Read the rest “Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2”
This is a snapshot of portal.azure.com using SSLLabs.com to scan the TLS configuration. The image below is a point in time snapshot of the configuration.
The summary screen is repeated here so it can be used as the feature image for the post.
This post is a scan of Outlook.office365.com taken with the SSLLabs.com scan tool which analyses the TLS configuration of the server.
Since October 31, 2018, Office 365 no longer supports the use of 3DES cipher suites for communication to Office 365. More specifically, Office 365 no longer supports the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Since Februar… Read the rest “SSL Labs Scan Outlook.Office365.com–June 2022”
This was a question from a recent customer engagement: Why is the Microsoft Defender portal asking me to turn on the Unified Audit Log when I already have that enabled?
In the Defender portal https://security.microsoft.com this banner message was present: "To use this feature, turn on auditing so we can start recording user and admin activity in your organisation"
You can see that in the example scr… Read the rest “Defender Portal Enable Audit – Is That The Unified Audit Log?”
One of my customers wanted to verify their Domain Based Message Reporting Conformance (DMARC) record, and followed the post How To Use Nslookup To Check DNS TXT Record but ran into issues. They were not seeing any results. Hmm strange; the DMARC record had been created and was visible in online diagnostic tools. Why was it not showing up for them in a manual check?
The below is an example of what… Read the rest “How To Use Nslookup To Check DMARC Record”