Items related to messaging services with a focus on Exchange Online (EXO) and Exchange server (on-premises)
Below are a series of links to the main Microsoft Defender for Office 365 blog. Shortcuts added here as this is one of my shared bookmarks.
Note that some links have KQL queries and IOCs related to that specific attack.
12-July-2022
Planning to deploy Office 365 and integrate with your on-premises Exchange infrastructure? Great! While running the Exchange Hybrid Configuration Wizard (HCW) will be one of the highlights it should be a boring and uneventful portion of the project. That will be true if all of the required planning, remediation and preparation was done. If not you’ll be finding out about those issues pretty so… Read the rest “Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange”
Rather than kicking it old school and using the classic tools such as AD Users & Computers (dsa.msc) to move FSMO roles, PowerShell makes it nice and easy to get this done rapidly.
In this example we are moving the roles gracefully, but there is also the -Force option.
To start with, let's confirm where the FSMO roles currently reside:
Note that server DC-1.wingtiptoys.ca… Read the rest “Move FSMO Roles Using PowerShell”
When deploying or migrating Microsoft Exchange Server, one critical yet often overlooked component is the Alternate Service Account (ASA). The ASA is used by Exchange to support Kerberos authentication for services such as Outlook Anywhere and MAPI over HTTP, providing a secure and efficient alternative to NTLM. Without a properly configured ASA, Exchange falls back to NTLM. NTLM is an older prot… Read the rest “ASA OOPS – What Happens When It Is Overlooked”
When discussing network configuration for Office 365, there will be a series of issues and challenges that need to be addressed. Ideally this is all done in a proactive manner, with the final items addressed in the POC phase.
One of the cornerstone issues is around how access to and from Office 365 will be managed. This has to address end user access from workstations and publishing your on-premi… Read the rest “The Way Things Were–EOP IP Ranges October 2018”
Welcome to 2022 and a new release of Remote Desktop Connection Manager (RDCMan) version 2.90!
The Sysinternals blog lists the following changes to RDCMan which are well worth reviewing from a security standpoint.
Receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes.
Below you can see the Security Settings tab with these… Read the rest “Remote Desktop Connection Manager Download (RDCMan) 2.90”
Previously we looked at the Office 2010 client and how it used Autodiscover to detect Exchange Online (EXO) mailbox settings. Outlook 2010 is no longer supported, so it is worth updating these notes for a current build of Outlook.
As with the previous post, this is intended as a point in time reference as I personally find it handy as an ongoing reference. In the updated example below a fully patc… Read the rest “Office 365 Autodiscover Lookup Process–Revisited”
Imagine that you have two certificates installed, but for whatever reason the same friendly name was used for both of them. You can certainly identity each of them by comparing the valid from/valid to dates or the thumbprint. That adds just a little extra overhead that you may not want to deal with.
As an alternative, you can modify the friendly name to a more suitable value. This allows you to… Read the rest “Change Certificate Friendly Name To Unique Value”
Please consider this a quick PSA (Public Service Announcement) as it is still common that I run into environments with the IIS SMTP service still running and processing mail.
While the component has had a long and interesting life, it is now unsupported as it is tied to the support lifecycle of Windows Server 2003.
For more details and information please see:
How to: Install and Configure SMTP Virtua… Read the rest “IIS SMTP Virtual Server Component No Longer Supported”
After taking an existing Exchange PowerShell script, and running on a newer version of Exchange, the output was not as expected. This is a pretty simple script that just iterates through all of the Exchange virtual directories and writes the output to the screen. Yes it uses Write-Host and some consider that to be evil. Others say "Friends do not let Friends use Write-Host". Oh well. This is… Read the rest “Ghost In The (Power)Shell”