250 Hello - Security

0

Joys of Server 2012 R2 TLS Defaults in June 2022

Posted on 30th June 2022 by Rhoderick Milne [MSFT]

Windows Server 2012 R2 was a great platform and was very widly adopted. Unlike it’s less popular step-sister, Server 2012. At least the R2 product had a start button, rather than the start pixel….

However, it really does show its age when viewed under a modern security lens. Unsurprisingly, things have changed from a security perspective over the last decade. Not all of the Server 2012 R2 defaul… Read the rest “Joys of Server 2012 R2 TLS Defaults in June 2022”

1

Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2

Posted on 12th June 2022 by Rhoderick Milne [MSFT]

Admins have become very aware of the need to adjust the Schannel protocol settings for TLS to enable TLS 1.2 and to disable older versions. However, the cipher suites do not always receive the same amount of attention and may be left at their default values.

If you are reading this post there is a good chance that your security auditors have flagged a weak cipher is enabled on your server, and the… Read the rest “Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2”

0

SSL Labs Scan Portal.Azure.com–June 2022

Posted on 12th June 2022 by Rhoderick Milne [MSFT]

This is a snapshot of portal.azure.com using SSLLabs.com to scan the TLS configuration. The image below is a point in time snapshot of the configuration.

The summary screen is repeated here so it can be used as the feature image for the post.

0

SSL Labs Scan Outlook.Office365.com–June 2022

Posted on 12th June 2022 by Rhoderick Milne [MSFT]

This post is a scan of Outlook.office365.com taken with the SSLLabs.com scan tool which analyses the TLS configuration of the server.

Deprecating support for 3DES

Since October 31, 2018, Office 365 no longer supports the use of 3DES cipher suites for communication to Office 365. More specifically, Office 365 no longer supports the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Since Februar… Read the rest “SSL Labs Scan Outlook.Office365.com–June 2022”

0

Defender Portal Enable Audit – Is That The Unified Audit Log?

Posted on 27th May 2022 by Rhoderick Milne [MSFT]

Defender Portal Enable Audit - Unified Audit Log

This was a question from a recent customer engagement: Why is the Microsoft Defender portal asking me to turn on the Unified Audit Log when I already have that enabled?

In the Defender portal https://security.microsoft.com this banner message was present: "To use this feature, turn on auditing so we can start recording user and admin activity in your organisation"

You can see that in the example scr… Read the rest “Defender Portal Enable Audit – Is That The Unified Audit Log?”

1

How To Use Nslookup To Check DMARC Record

Posted on 16th May 2022 by Rhoderick Milne [MSFT]

One of my customers wanted to verify their Domain Based Message Reporting Conformance (DMARC) record, and followed the post How To Use Nslookup To Check DNS TXT Record but ran into issues. They were not seeing any results. Hmm strange; the DMARC record had been created and was visible in online diagnostic tools. Why was it not showing up for them in a manual check?

The below is an example of what… Read the rest “How To Use Nslookup To Check DMARC Record”

0

Microsoft Defender for Office 365 Blog Compiled links

Posted on 18th February 2022 by Rhoderick Milne [MSFT]

Below are a series of links to the main Microsoft Defender for Office 365 blog. Shortcuts added here as this is one of my shared bookmarks.

Note that some links have KQL queries and IOCs related to that specific attack.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

12-July-2022

Evolved phishing: Device registration trick adds to phis

… Read the rest

0

ASA OOPS – What Happens When It Is Overlooked

Posted on 10th February 2022 by Rhoderick Milne [MSFT]

When deploying or migrating Microsoft Exchange Server, one critical yet often overlooked component is the Alternate Service Account (ASA). The ASA is used by Exchange to support Kerberos authentication for services such as Outlook Anywhere and MAPI over HTTP, providing a secure and efficient alternative to NTLM. Without a properly configured ASA, Exchange falls back to NTLM. NTLM is an older prot… Read the rest “ASA OOPS – What Happens When It Is Overlooked”

7

MDI Install Error 0x80070643 Windows Server 2019

Posted on 7th February 2022 by Rhoderick Milne [MSFT]

Install the Microsoft Defender for Identity (MDI) sensor onto a newly built DC? Easy you say, and that should only take 5 minutes. Well, if that was the case there would be no need for this post, and as my Dad would say, there is no such thing as a 5 minute job.

The below is a brand new Windows Server 2019 DC. It was built, fully patched and then promoted. Next up is to install the standard Mi… Read the rest “MDI Install Error 0x80070643 Windows Server 2019”

1

How To Request Certificate Without Using IIS or Exchange–Updated 2022

Posted on 1st February 2022 by Rhoderick Milne [MSFT]

Back in the year 2014 the post How To Request Certificate Without Using IIS or Exchange was released to help create TLS certificates. One of the main use cases was Active Directory Federation Services (AD FS) as in 2014 it was pretty much a requirement for enterprise migration to Office 365. Password Hash Sync (PHS) and Pass Through Authentication (PTA) were still a twinkle in a developer’s eye….

I… Read the rest “How To Request Certificate Without Using IIS or Exchange–Updated 2022”