0

SSL Labs Scan Outlook.Office365.com–June 2022

Posted on by Rhoderick Milne [MSFT]
SSLLabs Scan Outlook.Office365.com June 2022

This post is a scan of Outlook.office365.com taken with the SSLLabs.com scan tool which analyses the TLS configuration of the server.

 

 

Deprecating support for 3DES

Since October 31, 2018, Office 365 no longer supports the use of 3DES cipher suites for communication to Office 365. More specifically, Office 365 no longer supports the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Since Februar… Read the rest “SSL Labs Scan Outlook.Office365.com–June 2022”

0

Defender Portal Enable Audit – Is That The Unified Audit Log?

Posted on by Rhoderick Milne [MSFT]
Defender Portal Enable Audit - Unified Audit Log

This was a question from a recent customer engagement:  Why is the Microsoft Defender portal asking me to turn on the Unified Audit Log when I already have that enabled?

In the Defender portal https://security.microsoft.com this banner message was present: "To use this feature, turn on auditing so we can start recording user and admin activity in your organisation"

You can see that in the example scr… Read the rest “Defender Portal Enable Audit – Is That The Unified Audit Log?”

1

How To Use Nslookup To Check DMARC Record

Posted on by Rhoderick Milne [MSFT]
Check DMARC Using NSLookup

One of my customers wanted to verify their Domain Based Message Reporting Conformance (DMARC) record, and followed the post How To Use Nslookup To Check DNS TXT Record but ran into issues. They were not seeing any results.  Hmm strange; the DMARC record had been created and was visible in online diagnostic tools.  Why was it not showing up for them in a manual check?

The below is an example of what… Read the rest “How To Use Nslookup To Check DMARC Record”

4

Exchange 2019 CU12 Released

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 CU12 Released

Exchange 2019 CU12 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site!  Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU12 Released”

0

Exchange 2016 CU23 Released

Posted on by Rhoderick Milne [MSFT]
Exchange 2016 CU23 Released

Exchange 2016 CU23 has been released to the Microsoft download centre!  Exchange 2016 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2016 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 h… Read the rest “Exchange 2016 CU23 Released”

0

Microsoft Defender for Office 365 Blog Compiled links

Posted on by Rhoderick Milne [MSFT]
Microsoft Defender for Office 365 Blog Compiled links

Below are a series of links to the main Microsoft Defender for Office 365 blog.  Shortcuts added here as this is one of my shared bookmarks.

Note that some links have KQL queries and IOCs related to that specific attack.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

12-July-2022

 

 

Evolved phishing: Device registration trick adds to phis

Read the rest “Microsoft Defender for Office 365 Blog Compiled links”
0

Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange

Posted on by Rhoderick Milne [MSFT]
Teams IP Addresses Connecting to Exchange On-Premises

Planning to deploy Office 365 and integrate with your on-premises Exchange infrastructure?  Great!  While running the Exchange Hybrid Configuration Wizard (HCW) will be one of the highlights it should be a boring and uneventful portion of the project.  That will be true if all of the required planning, remediation and preparation was done.  If not you’ll be finding out about those issues pretty so… Read the rest “Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange”

0

Move FSMO Roles Using PowerShell

Posted on by Rhoderick Milne [MSFT]
PowerShell FSMO Role

Rather than kicking it old school and using the classic tools such as AD Users & Computers (dsa.msc) to move FSMO roles, PowerShell makes it nice and easy to get this done rapidly.

In this example we are moving the roles gracefully, but there is also the -Force option.

 

State Of The Nation

To start with, let's confirm where the FSMO roles currently reside:

Using PowerShell To Check FSMO Role Holders

Note that server DC-1.wingtiptoys.ca… Read the rest “Move FSMO Roles Using PowerShell”

7

MDI Install Error 0x80070643 Windows Server 2019

Posted on by Rhoderick Milne [MSFT]
MDI Install Error 0x80070643 Windows Server 2019

Install the Microsoft Defender for Identity (MDI) sensor onto a newly built DC?  Easy you say, and that should only take 5 minutes.   Well, if that was the case there would be no need for this post, and as my Dad would say, there is no such thing as a 5 minute job.

The below is a brand new Windows Server 2019 DC.  It was built, fully patched and then promoted.  Next up is to install the standard Mi… Read the rest “MDI Install Error 0x80070643 Windows Server 2019”

0

The Way Things Were–EOP IP Ranges October 2018

Posted on by Rhoderick Milne [MSFT]
EOP IP Ranges From 2018

When discussing network configuration for Office 365, there will be a series of issues and challenges that need to be addressed.  Ideally this is all done in a proactive manner, with the final items addressed in the POC phase.

One of the cornerstone issues is around how access to and from Office 365 will be managed.  This has to address end user access from workstations and publishing your on-premi… Read the rest “The Way Things Were–EOP IP Ranges October 2018”