250 Hello - Security

0

SSL Labs Scan Outlook.Office365.com–June 2022

Posted on 12th June 2022 by Rhoderick Milne [MSFT]

This post is a scan of Outlook.office365.com taken with the SSLLabs.com scan tool which analyses the TLS configuration of the server.

Deprecating support for 3DES

Since October 31, 2018, Office 365 no longer supports the use of 3DES cipher suites for communication to Office 365. More specifically, Office 365 no longer supports the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Since Februar… Read the rest “SSL Labs Scan Outlook.Office365.com–June 2022”

0

Defender Portal Enable Audit – Is That The Unified Audit Log?

Posted on 27th May 2022 by Rhoderick Milne [MSFT]

Defender Portal Enable Audit - Unified Audit Log

This was a question from a recent customer engagement: Why is the Microsoft Defender portal asking me to turn on the Unified Audit Log when I already have that enabled?

In the Defender portal https://security.microsoft.com this banner message was present: "To use this feature, turn on auditing so we can start recording user and admin activity in your organisation"

You can see that in the example scr… Read the rest “Defender Portal Enable Audit – Is That The Unified Audit Log?”

1

How To Use Nslookup To Check DMARC Record

Posted on 16th May 2022 by Rhoderick Milne [MSFT]

One of my customers wanted to verify their Domain Based Message Reporting Conformance (DMARC) record, and followed the post How To Use Nslookup To Check DNS TXT Record but ran into issues. They were not seeing any results. Hmm strange; the DMARC record had been created and was visible in online diagnostic tools. Why was it not showing up for them in a manual check?

The below is an example of what… Read the rest “How To Use Nslookup To Check DMARC Record”

0

Microsoft Defender for Office 365 Blog Compiled links

Posted on 18th February 2022 by Rhoderick Milne [MSFT]

Below are a series of links to the main Microsoft Defender for Office 365 blog. Shortcuts added here as this is one of my shared bookmarks.

Note that some links have KQL queries and IOCs related to that specific attack.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

12-July-2022

Evolved phishing: Device registration trick adds to phis

… Read the rest

7

MDI Install Error 0x80070643 Windows Server 2019

Posted on 7th February 2022 by Rhoderick Milne [MSFT]

Install the Microsoft Defender for Identity (MDI) sensor onto a newly built DC? Easy you say, and that should only take 5 minutes. Well, if that was the case there would be no need for this post, and as my Dad would say, there is no such thing as a 5 minute job.

The below is a brand new Windows Server 2019 DC. It was built, fully patched and then promoted. Next up is to install the standard Mi… Read the rest “MDI Install Error 0x80070643 Windows Server 2019”

1

How To Request Certificate Without Using IIS or Exchange–Updated 2022

Posted on 1st February 2022 by Rhoderick Milne [MSFT]

Back in the year 2014 the post How To Request Certificate Without Using IIS or Exchange was released to help create TLS certificates. One of the main use cases was Active Directory Federation Services (AD FS) as in 2014 it was pretty much a requirement for enterprise migration to Office 365. Password Hash Sync (PHS) and Pass Through Authentication (PTA) were still a twinkle in a developer’s eye….

I… Read the rest “How To Request Certificate Without Using IIS or Exchange–Updated 2022”

0

Remote Desktop Connection Manager Download (RDCMan) 2.90

Posted on 27th January 2022 by Rhoderick Milne [MSFT]

Welcome to 2022 and a new release of Remote Desktop Connection Manager (RDCMan) version 2.90!

The Sysinternals blog lists the following changes to RDCMan which are well worth reviewing from a security standpoint.

Receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes.

Below you can see the Security Settings tab with these… Read the rest “Remote Desktop Connection Manager Download (RDCMan) 2.90”

0

Review Azure AD Connect Synchronisation Scope

Posted on 23rd January 2022 by Rhoderick Milne [MSFT]

As part of your regular security and operations review, it is important to check and verify the configuration of Azure AD Connect. Ensuring the OS and Azure AD Connect are up to date is one aspect. In this post we want to look at the scope of objects which connect is synchronising. This is valuable for a few reasons. For example:

Many folks have installed Azure AD Connect did configured any filt

… Read the rest

1

IIS SMTP Virtual Server Component No Longer Supported

Posted on 8th December 2021 by Rhoderick Milne [MSFT]

Please consider this a quick PSA (Public Service Announcement) as it is still common that I run into environments with the IIS SMTP service still running and processing mail.

While the component has had a long and interesting life, it is now unsupported as it is tied to the support lifecycle of Windows Server 2003.

For more details and information please see:

How to: Install and Configure SMTP Virtua… Read the rest “IIS SMTP Virtual Server Component No Longer Supported”

10

Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys

Posted on 29th November 2021 by Rhoderick Milne [MSFT]

The error message "Sorry, that didn’t work. Please go back to office.com and try again” is probably one of the most vague that I've seen. It's up there with "please contact your administrator", which is fine unless you are the administrator...

The below is a repro of a case where all users were unable to sign into Office 365. They would receive the aforementioned "Sorry, that didn't work" message… Read the rest “Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys”