This is a snapshot of portal.azure.com using SSLLabs.com to scan the TLS configuration. The image below is a point in time snapshot of the configuration.
The summary screen is repeated here so it can be used as the feature image for the post.
This post is a scan of Outlook.office365.com taken with the SSLLabs.com scan tool which analyses the TLS configuration of the server.
Since October 31, 2018, Office 365 no longer supports the use of 3DES cipher suites for communication to Office 365. More specifically, Office 365 no longer supports the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Since Februar… Read the rest “SSL Labs Scan Outlook.Office365.com–June 2022”
This was a question from a recent customer engagement: Why is the Microsoft Defender portal asking me to turn on the Unified Audit Log when I already have that enabled?
In the Defender portal https://security.microsoft.com this banner message was present: "To use this feature, turn on auditing so we can start recording user and admin activity in your organisation"
You can see that in the example scr… Read the rest “Defender Portal Enable Audit – Is That The Unified Audit Log?”
One of my customers wanted to verify their Domain Based Message Reporting Conformance (DMARC) record, and followed the post How To Use Nslookup To Check DNS TXT Record but ran into issues. They were not seeing any results. Hmm strange; the DMARC record had been created and was visible in online diagnostic tools. Why was it not showing up for them in a manual check?
The below is an example of what… Read the rest “How To Use Nslookup To Check DMARC Record”
Exchange 2019 CU12 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site! Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU12 Released”
Exchange 2016 CU23 has been released to the Microsoft download centre! Exchange 2016 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2016 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 h… Read the rest “Exchange 2016 CU23 Released”
Working with a customer’s security team, it was noted that some messages were set to SCL –1 and this was not initially expected. We were paying particular attention to the SCL value as work was being done to clean up old EOP configuration that was bypassing protection.
When deploying an Exchange Hybrid configuration, one of the most critical components to publish externally is the Autodiscover service. Autodiscover enables seamless client connectivity and hybrid functionality between on-premises Exchange and Exchange Online, including mailbox moves, free/busy lookups, and Outlook profile configuration. However, publishing Autodiscover to the Internet can become … Read the rest “Exchange Autodiscover Publishing Blocked By L7 Load Balancer”
Below are a series of links to the main Microsoft Defender for Office 365 blog. Shortcuts added here as this is one of my shared bookmarks.
Note that some links have KQL queries and IOCs related to that specific attack.
12-July-2022
Planning to deploy Office 365 and integrate with your on-premises Exchange infrastructure? Great! While running the Exchange Hybrid Configuration Wizard (HCW) will be one of the highlights it should be a boring and uneventful portion of the project. That will be true if all of the required planning, remediation and preparation was done. If not you’ll be finding out about those issues pretty so… Read the rest “Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange”