Messaging

Items related to messaging services with a focus on Exchange Online (EXO) and Exchange server (on-premises)

0

Why Can’t I Search For Content In TechNet and MSDN Blogs?

Posted on by Rhoderick Milne [MSFT]
TechNet Blogs Yeeted

There was a time when every obscure error code, undocumented quirk, and tricky deployment scenario in the Microsoft ecosystem had an answer, and more often than not you would find it on the MSDN or TechNet blogs. Written by Microsoft engineers, product teams, and MVPs who lived and breathed the technology, these posts were not marketing gloss. They were raw, detailed, and practical.  The kind of c… Read the rest “Why Can’t I Search For Content In TechNet and MSDN Blogs?”

0

How to Use NsLookup To Check DKIM Record

Posted on by Rhoderick Milne [MSFT]
Check DMARC DNS Record Using NSLookUP

There are a multitude of online tools that help diagnose issues with various mail services, but understanding what these tools actually check is valuable.  One example is around manually checking published DomainKeys Identified Mail (DKIM) records.  DKIM is described in RFC 4871.  As an interesting piece of history DKIM went through a previous iteration "Domain-Based Email Authentication Using Pub… Read the rest “How to Use NsLookup To Check DKIM Record”

2

Exchange Server Extended Protection

Posted on by Rhoderick Milne [MSFT]
Exchange Server Extended Protection

Extended Protection uses service binding and channel binding to help prevent an authentication relay attack. In an authentication relay attack, a client that can perform NTLM authentication (for example, Windows Explorer, Microsoft Outlook, a .NET SqlClient application, etc.), connects to an attacker (for example, a malicious CIFS file server). The attacker uses the client's credentials to masquer… Read the rest “Exchange Server Extended Protection”

0

Remediate Exchange Security CVE-2022-21978

Posted on by Rhoderick Milne [MSFT]
Remediate Exchange CVE-2022-21978

The May 2022 security update for Exchange Server 2013, 2016 and 2019 resolved CVE-2022-21978.  A common issue is that admins are only doing part of the work to address this CVE.  Yes they are installing the update, but are not reading the rest of the documentation which states that an additional command must be run.

The FAQ states:

Do I need to take further steps to be protected from this vulnerabilRead the rest “Remediate Exchange Security CVE-2022-21978”

0

Migrate Safe Links Block Settings to TABL

Posted on by Rhoderick Milne [MSFT]
Migration of MDO Global Block List to TABL

Note that there have been changes to Safe Links policy for Microsoft Defender for Office 365 (MDO).

Previously you could add URLs to the Safe Links policy to control how MDO would process the URLs.  As part of this change the URL blocking is moving to the Tenant Allow Block List (TABL).

Below is a screenshot showing that a previously entered URL needs to be migrated to TABL.

 

Migration of MDO Global Block List to TABL

Learn more

 

&nb… Read the rest “Migrate Safe Links Block Settings to TABL”

5

Implementing Exchange DownloadDomain Security

Posted on by Rhoderick Milne [MSFT]
Implement Exchange DownloadDomain

In the field, I’m seeing multiple customers that are struggling to implement the DownloadDomain feature. It does require a little prep work and it is not as simple as just running a single command in Exchange to flip the setting on.

In order to mitigate and issue with OWA, it is necessary to create an additional CAS namespace that will be used for downloading attachments from OWA.  This will requir… Read the rest “Implementing Exchange DownloadDomain Security”

2

Exchange 2019 Point of No Return

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 PrepareAD - The Point of No Return

When designing an upgrade strategy from an older version of Exchange to a newer one, a question that needs to be addressed is do we need to introduce a version of Exchange that may not currently be present?  This may be when upgrading from Exchange 2013 to Exchange 2019.  If that organisation currently does not have any Exchange 2016 servers, you need to evaluate if there may be a future requireme… Read the rest “Exchange 2019 Point of No Return”

0

Upgrade to Azure AD Connect 2.0

Posted on by Rhoderick Milne [MSFT]
Azure AD Connect Upgrade to 2.X

When delivering Office 365 Security Optimisation Assessments (SOA) to customers, one of the control items is the version of Azure AD Connect deployed along with some related configuration elements.  In many cases, Azure AD Connect is not updated to a build that resolves both security and feature issues.  Why is Azure AD Connect not current?  Good question.

There are two main scenarios that I see rig… Read the rest “Upgrade to Azure AD Connect 2.0”

1

How To Use Nslookup To Check DMARC Record

Posted on by Rhoderick Milne [MSFT]
Check DMARC Using NSLookup

One of my customers wanted to verify their Domain Based Message Reporting Conformance (DMARC) record, and followed the post How To Use Nslookup To Check DNS TXT Record but ran into issues. They were not seeing any results.  Hmm strange; the DMARC record had been created and was visible in online diagnostic tools.  Why was it not showing up for them in a manual check?

The below is an example of what… Read the rest “How To Use Nslookup To Check DMARC Record”

4

Exchange 2019 CU12 Released

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 CU12 Released

Exchange 2019 CU12 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site!  Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU12 Released”