250 Hello - Security

0

How To Use Nslookup To Check TLS Reporting Record (TLS-RPT)

Posted on 16th October 2025 by Rhoderick Milne [MSFT]

As we move to add newer email security standards such as MTA-STS (Mail Transfer Agent Strict Transport Security) and DANE (DNS-Based Authentication of Named Entities), the reporting aspect of these standards needs to also be implemented. Even though both MTA-STS & DANE enforce encryption, TLS Reporting (TLS-RPT) is what gives you visibility into whether that encryption is actually working or b

… Read the rest

0

Unable To Access OWA Externally Via WAP 2025 – Still Working On It

Posted on 6th October 2025 by Rhoderick Milne [MSFT]

Unable to Access OWA via WAP 2025 - Still Working On It

After upgrading Web Application Proxy (WAP) to Windows Server 2025 you may run into an issue with certain applications that are published via WAP to the Internet. This issue will also happen if you build a net new environment for both WAP 2019 and newer. This post discusses WAP 2025, but the same is more than likely going to happen with WAP 2022

In the below example the AD FS upgrade went well wi… Read the rest “Unable To Access OWA Externally Via WAP 2025 – Still Working On It”

0

SPF Record Fun

Posted on 3rd October 2025 by Rhoderick Milne [MSFT]

Sender Policy Framework (SPF) is a fundamental component of modern e-mail authentication, designed to reduce the risk of spoofing and phishing attacks. By publishing a DNS record that specifies which mail servers are authorised to send messages on behalf of a domain, SPF allows receiving systems to validate whether an incoming message genuinely originates from the claimed sender. SPF alone does no… Read the rest “SPF Record Fun”

0

Entra SSPR Failing–Unexpected Error During A Set Password Operation

Posted on 2nd October 2025 by Rhoderick Milne [MSFT]

On-premises users were unable to use Entra SSPR to reset their passwords. This needs to use the Password Writeback feature, and in this case Entra Connect was used. Nowadays there is also Entra Cloud Sync, but that was not an option for this customer. Users were able to access the SSPR page at https://aka.ms/SSPR and successfully go through all of the steps of the wizard. This included the CAPT… Read the rest “Entra SSPR Failing–Unexpected Error During A Set Password Operation”

0

Defender for Cloud Apps Access Policy Not Applied to Desktop Applications

Posted on 3rd July 2025 by Rhoderick Milne [MSFT]

Defender for Cloud Apps Managing Desktop Applications

In today’s hybrid work environment, securing access to cloud applications is more critical than ever. Microsoft Defender for Cloud Apps offers a powerful way to enforce granular access controls using different policies. Organisations want to ensure that only authorised and compliant devices can access sensitive cloud resources. Requiring device compliance can be achieved with Intune as an MDM a… Read the rest “Defender for Cloud Apps Access Policy Not Applied to Desktop Applications”

0

Migrating to New Entra ID Authentication Methods

Posted on 6th June 2025 by Rhoderick Milne [MSFT]

On September 30th, 2025, the legacy multifactor authentication (MFA) and self-service password reset policies will be removed and you'll manage all authentication methods here in the authentication methods policy. Use this control to manage your migration from the legacy policies to the new unified policy. Learn more

Traditional Azure Multi-Factor Authentication has served organizations well for ye… Read the rest “Migrating to New Entra ID Authentication Methods”

0

Save The Date 14th October 2025

Posted on 14th October 2024 by Rhoderick Milne [MSFT]

Exchange Server 2019 End of Support Dates

The 14th of October 2025 marks another pivotal moment in Microsoft’s product lifecycle, as a large spectrum of very popular and widely deployed software reaches end-of-support. This includes Windows 10 and Windows 11 22H2. On the productivity front, the extended support for Office 2016 and 2019, along with Visio 2016/2019, Project 2016/2019, and server-side tools like Exchange Server 2016/2019, S… Read the rest “Save The Date 14th October 2025”

0

How To Use Nslookup To Check DMARC External Domain Validation (EDV) Record

Posted on 15th July 2024 by Rhoderick Milne [MSFT]

Previously we looked at how to use nslookup to retrieve the main Domain Based Message Reporting And Conformance (DMARC) DNS record. One of the often overlooked and behind the scenes aspect of DMARC is that a 3rd party DMARC provider has to actually grant permission for DMARC reports to be sent to them for a given domain. Without that permission, email service providers will not be able to send DM… Read the rest “How To Use Nslookup To Check DMARC External Domain Validation (EDV) Record”

0

How to View Copilot for Security Prompt Processing Location And Cross Region Details

Posted on 10th July 2024 by Rhoderick Milne [MSFT]

Copilot for Security Data Storage Location

Data processing and handling considerations must be reviewed as part of deploying any cloud product. With Copilot for Security there are two aspects that need to be fully understood. One is where the tenant’s data is stored. Secondly is where the AI prompts are processed. It may be the case that these are different locations.

We can use the Copilot for Security (CfS) portal https://securitycopi… Read the rest “How to View Copilot for Security Prompt Processing Location And Cross Region Details”

0

Copilot for Security – Global Admin Required to Enable Microsoft 365 Service Data Access

Posted on 9th July 2024 by Rhoderick Milne [MSFT]

Enabling Copilot for Security M365 Service Integration

Copilot for Security has multiple integration points which can be accessed via either:

Standalone experience
Copilot for Security, accessed through https://securitycopilot.microsoft.com, is considered the standalone experience.

Embedded experience
Accessing Copilot for Security embedded experiences in other Microsoft security products is considered an embedded experience.

For the current list of embedded… Read the rest “Copilot for Security – Global Admin Required to Enable Microsoft 365 Service Data Access”