blog.icewolf.ch

Let's talk about IT!
posts - 2147, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Exchange

Messaging, Exchange, SMTP
Exchange Server Zero-Day - Emergency Mitigation Service applied URL Rewrite

Hi All, On 29. September Microsoft reported Zero-Day Vulnerabilities in Exchange Server and published the Advisory below. Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ I was wondering if the Exchange Server Emergency Mitigation Service kicked in. But until FR Evening 30 September there was just the default Rule https://blog.icewolf.ch/archive/2021/09/29/exchange-server-emergency-mitigation.aspx ."C:\Program Files\Microsoft\Exchange Server\V15\scripts\Get-Mitigations.ps1" When i checked today, a new Rule has been deployed ."C:\Program Files\Microsoft\Exchange Server\V15\scripts\Get-Mitigations.ps1" You can see the Rule in the XML that is the base for the Mitigation Service https://officeclient.microsoft.com/getexchangemitigations If you want to check the URL Rewrite here is how to do it %systemroot%\system32\inetsrv\iis.msc In my Opinion it took way to long until the Rule...

posted @ Saturday, October 1, 2022 8:53 AM | Filed Under [ Exchange ]

ExchangeOnlineManagement 3.0.0 PowerShell Module is GA

Hi All, Finally the ExchangeOnlineManagement PowerShell Module V3 has been released. You can find the newest Module in the PowerShell Gallery ExchangeOnlineManagement 3.0.0 https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.0.0 It is REST Based and does not require WinRM Basic Authentication on the Client anymore Get Installed Module and what is available in the PowerShell Gallery Get-InstalledModule ExchangeOnlineManagement Find-Module ExchangeOnlineManagement Uninstall the old Module and install the new Module Uninstall-Module ExchangeOnlineManagement -Force Install-Module ExchangeOnlineManagement Get-InstalledModule ExchangeOnlineManagement Connect to Exchange Online Connect-ExchangeOnline Get-Mailbox -Identity a.bohren Get-ConnectionInformation Disconnect-ExchangeOnline Regards Andres Bohren

posted @ Tuesday, September 20, 2022 10:53 PM | Filed Under [ Exchange ]

How to set the DMARC Record for .onmicrosoft.com Address

Hi All, Did you know, that you can set DMARC Records for your onmicrosoft.com Address in M365? How to enable DMARC Reporting for Microsoft Online Email Routing Address (MOERA) and parked Domains https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains?view=o365-worldwide In the M365 Admin Center go to Domains https://admin.microsoft.com/Adminportal/Home#/Domains Select the onmicrosoft.com Domain Select "DNS Records" and "Add record" Now you can add your DMARC Configuration Now you can Check with nslookup nslookup -type=txt _dmarc.<m365tenant>.onmicrosoft.com Regards Andres Bohren

posted @ Thursday, September 15, 2022 8:44 AM | Filed Under [ Exchange Microsoft365 ]

ExchangeOnlineManagement 2.0.6-Preview8 is available

Hi All, Microsoft has released a new Preview of theyr ExchangeOnlineManagemen PowerShell Module ExchangeOnlineManagement 2.0.6-Preview8 https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.6-Preview8 v2.0.6-Preview8 :    1. Support for system-assigned and user-assigned Managed Identity from Azure Functions.        - The -ManagedIdentity switch parameter, and the -Organization parameters need to be provided to indicate that a managed identity should be used. This will by default attempt to use a system-assigned managed identity.        - For specifying a user-assigned managed identity, in addition to the parameters specified above, the AppID of the service principal corresponding to the user-assigned identity needs to be passed to the -ManagedIdentityAccountId.    2. Support for formatted output data added.    - By default, the output now will be...

posted @ Saturday, September 10, 2022 12:16 PM | Filed Under [ Exchange PowerShell ]

Exchange Online Protection Common Attachment Filter Update (Summer 2022)

Hi All, As anounced the Microsoft common attachment filter has been updated with 53 default File Extensions and 219 File Extensions that can be selected. That's a huge improvement to what was available end of last Year. Exchange Online Protection Common Attachment Filter Update https://blog.icewolf.ch/archive/2021/11/12/exchange-online-protection-common-attachment-filter-update.aspx Anti-malware protection in EOP https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-worldwide#anti-malware-policies I want to remind you - it's your responsability to define the Policy. Be aware that blocking *.bin Files can cause unintended affects Blocking *.bin Files in EOP can cause block of Office Documents https://blog.icewolf.ch/archive/2022/08/01/blocking-bin-files-in-eop-can-cause-block-of-office.aspx I've created a new Anti-Malware Policy via M365 Defender Portal https://security.microsoft.com/antimalwarev2 As you can see the Default Policy contains 53 File Extensions Get-MalwareFilterPolicy -Identity Demo04 |...

posted @ Tuesday, August 30, 2022 11:05 PM | Filed Under [ Exchange ]

Microsoft Outlook Lite on Android (Early Access)

Hi All, On beginning of August, Microsoft has announced the Microsoft Outlook Lite Version on Android. Microsoft Outlook Introduces Lite Version of Android App https://techcommunity.microsoft.com/t5/outlook-blog/microsoft-outlook-introduces-lite-version-of-android-app/ba-p/3582948 They say the App is: - Small - Fast - Low battery usage - Works on all Networks incl. 2G / 3G It's unclear what Options are not supported or what's the downside of using this app. Microsoft Outlook Lite - Google Play https://play.google.com/store/apps/details?id=com.microsoft.outlooklite&hl=de&gl=MX Regards Andres Bohren

posted @ Monday, August 29, 2022 9:19 PM | Filed Under [ Exchange ]

Exchange Server Support for Windows Extended Protection

Hi All, With the August 2022 Updates for ExchangeServer 2013/2016/2019 there is a new Feature called Windows Server Extended Protection. This will help against authentication relay or "man in the middle" (MitM) attacks. Exchange Server Support for Windows Extended Protection https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/ does not work with hybrid servers using Modern Hybrid configuration SSL Offloading scenarios are not supported Automated Archiving with Archive Policy is not suported TLS configuration must be consistent across all Exchange servers Access to Public Folders on Exchange 2013 not supported The newest...

posted @ Thursday, August 11, 2022 6:15 AM | Filed Under [ Security Exchange ]

Exchange Server 2013/2016/2019 Security Updates August 2022

Hi All, On the Microsoft Patchday, Microsoft has released Exchange 2013, Exchange 2016 and Exchange 2019 Security Updates. Released: August 2022 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862 Description of the security update for Microsoft Exchange Server 2019 and 2016: August 9, 2022 (KB5015322) https://support.microsoft.com/de-de/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-and-2016-august-9-2022-kb5015322-86c06afb-97df-4d8f-af88-818419db8481 Security Update For Exchange Server 2016 CU23 (KB5015322) https://www.microsoft.com/en-us/download/details.aspx?id=104480 Regards Andres Bohren

posted @ Wednesday, August 10, 2022 12:01 PM | Filed Under [ Exchange ]

Blocking *.bin Files in EOP can cause block of Office Documents

Hi All, I just want to write a short Blog Article about Exhange Online Protection (EOP) Malware Filter regarding the *.bin Attachments. Just be aware, that when Adding Linked or Embedded Objects in Office Documents (like PowerPoint), the Objects are added as *.bin Objects and might be catched by the Malware Filter. Import content from other applications into PowerPoint https://support.microsoft.com/en-us/office/import-content-from-other-applications-into-powerpoint-8165a079-e639-4278-81be-8b3ee94f81fb If you rename the *.pptx or add *.zip at the end you can open in with Windows Explorer or any other ZIP Tool. As you can see there is a "oleObject1.bin" File in the ppt\embeddings Folder I have made a Test Anti-Malware Filter policy with just one...

posted @ Monday, August 1, 2022 11:39 AM | Filed Under [ Exchange ]

Exchange Online Cross-tenant mailbox migration (preview)

Hi All, There is a Preview for M365 Tenant to Tenant Migration of Exchange Mailboxes. I've tested this in my Lab. Took me several Days to complete the Migration or until i understand everything correctly and had everything fixed. Cross-tenant mailbox migration (preview) https://docs.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide I've created this Overview to explain it a bit more. Here are all prerequisits to create a Tenant to Tenant (aka Cross-tenant) Mailbox Migration. Target Tenant Azure AD Application Create a new Azure AD App registration Give it a Name, select Multitenant and Redirect URL is "Web" "https://office.com" Add a ClientSecret Add Permissions from "APIs my organization uses" and search for "Office 365 Exchange" Select Application Permission...

posted @ Wednesday, July 20, 2022 9:09 PM | Filed Under [ Exchange ]

Full Exchange Archive

Powered by:
Powered By Subtext Powered By ASP.NET