SECURITY

Hi All, Today, the Exchange Server Updates from November 2024 have ben re-released. Re-release of November 2024 Exchange Server Security Update packages Released: November 2024 Exchange Server Security Updates Downloads: Security Update For Exchange Server 2016 CU23 SU14 V2 (KB5049233) Security Update For Exchange Server 2019 CU14 SU3 V2 (KB5049233) Exchange 2019 You have to reboot the Server after the Installation There is a new Version of Healthchecker Exchange 2016 You have to reboot the Server after the Installation

Hi All, A few weeks ago, i did read the Article The latest enhancements in Microsoft Authenticator on the Entra Blog. The Process of storing a Passkey in Authenticator App has been massivly improved. I’ve tested this on my Android 14 Device. The Passkey has been created It’s explained how to use the Passkey If you click on the URL and choose to use a Passkey It still does not work in the Browser

Hi All, Recently i’ve blogged about Azure DNS finally supports DNSSEC (Preview). Today i want to show you how to enable DNSSEC on a Zone hosted in Azure by using the AZ PowerShell Connect to Azure and list the Azure DNS Zones Connect-AzAccount -Tenant icewolfch.onmicrosoft.com Get-AzDnsZone -ResourceGroupName rg_prod | ft name, ZoneType, ResourceGroupName, SigningKeys List a specific Zone (it is DNSSEC Enabled) Get-AzDnsDnssecConfig -ResourceGroupName rg_prod -ZoneName icewolf.ch List a specific Zone (it is not DNSSEC Enabled)

Hi All, On Ignite there was the anouncement, that Azure DNS finally supports DNSSEC (in public Preview). DNSSEC overview (Preview) How to sign your Azure Public DNS zone with DNSSEC (Preview) Setup Bevore changing anythin i did run a check on Verisign Labs DNSSEC Let’s go to Azure Portal and navigate to a DNS Zone. You can now see a “DNSSEC” Icon. Now let’s “Enable DNSSEC” Confirm After a few Seconds you see DNSSEC delegation information

Hi All, Recently i was working together with one of my fellows (shout out to Raul Ruta) to figure out how Register Passkeys with the new Microsoft Graph Beta API’s. The only thing we found was the Article of Jan Bakker, that uses the Yubico Sample scripts based on Phyton. Register Yubikeys on behalf of your users with Microsoft Entra ID FIDO2 provisioning APIs I was looking if there is a better way that does not require Phyton and found this PowerShell Module

Hi All, I recently had a customer that still allows SMS for MFA Authentication on theyr Entra ID Tenant. We all know, that SMS and Voice, should not be used anymore for MFA Authentication. In addition, i would point out, that can lead to a very bad situation, when using Teams Phone as your Voice destination. Think of how you want to authenticate to Teams, when receiving the MFA Voice call there 😂

Hi All, A week ago, i received a Mail from Microsoft with an Entra ID recommendation. Designate more than one global admin I was a little bit confused, since there are multiple Global Admins in my tenant. All between the recomeended 2 to 4 Accounts. As you can see in the Screenshots below Global Administrator - Eligible in Privileged Identity Management (PIM) Global Administrator - Active in Privileged Identity Management (PIM)

Hi All, Yesterday the Exchange Team has anouced the Announcing Public Preview of Inbound SMTP DANE with DNSSEC for Exchange Online. Our target dates for upcoming roadmap items are: August 2024 – Inbound SMTP DANE with DNSSEC and MTA-STS report in the Exchange admin center October 2024 – General Availability of Inbound SMTP DANE with DNSSEC End of 2024 Deploying Inbound SMTP DANE with DNSSEC for all Outlook domains Transition provisioning of mail records for all newly created Accepted Domains into DNSSEC-enabled infrastructure underneath *.

Hi All, Recently i was playing around with some M365 Audit Log Querys. There are many ways how you can query the M365 Audit Log: The Audit Log search Microsoft Purview compliance portal Search-UnifiedAuditLog Management Activity API Preview Microsoft.Graph API Note: Update on the Deprecation of Admin Audit Log Cmdlets The Admin Audit Log cmdlets will be deprecated on September 15, 2024. The Mailbox Audit Log cmdlets will have a separate deprecation date, which will be announced early next year.

Hi All, Recently i have been stumbled upon a new Version of the Microsoft Purview Information Protection client Microsoft Purview Information Protection client Microsoft Purview Information Protection client - Release management and supportability Installation of the *.msi file Started the Information Protection Viewer client List commands from the PowerShell Module PurviewInformationProtection Get-Command -Module PurviewInformationProtection Regards Andres Bohren M365 Logo Security Logo