Security

Hi All, Yesterday the Exchange Team has anouced the Announcing Public Preview of Inbound SMTP DANE with DNSSEC for Exchange Online. Our target dates for upcoming roadmap items are: August 2024 – Inbound SMTP DANE with DNSSEC and MTA-STS report in the Exchange admin center October 2024 – General Availability of Inbound SMTP DANE with DNSSEC End of 2024 Deploying Inbound SMTP DANE with DNSSEC for all Outlook domains Transition provisioning of mail records for all newly created Accepted Domains into DNSSEC-enabled infrastructure underneath *.

Hi All, Recently i was playing around with some M365 Audit Log Querys. There are many ways how you can query the M365 Audit Log: The Audit Log search Microsoft Purview compliance portal Search-UnifiedAuditLog Management Activity API Preview Microsoft.Graph API Note: Update on the Deprecation of Admin Audit Log Cmdlets The Admin Audit Log cmdlets will be deprecated on September 15, 2024. The Mailbox Audit Log cmdlets will have a separate deprecation date, which will be announced early next year.

Hi All, Recently i have been stumbled upon a new Version of the Microsoft Purview Information Protection client Microsoft Purview Information Protection client Microsoft Purview Information Protection client - Release management and supportability Installation of the *.msi file Started the Information Protection Viewer client List commands from the PowerShell Module PurviewInformationProtection Get-Command -Module PurviewInformationProtection Regards Andres Bohren M365 Logo Security Logo

Hi All, While looking into Enable passkeys in Microsoft Authenticator (preview) i figured, it is a good Idea tho have a List of FIDO2 AAGUID’s of all Users if enabled. This Article shows you how to Export the FIDO2 Keys and the AAGUID of all Users in a M365 Tenant. During my research i also found some AAGUID Lists on the Internet YubiKey Hardware FIDO2 AAGUIDs FIDO2 AAGUID lists Passkey Provider AAGUIDs Here you can see a registered FIDO2 Key in the M365 Security Info

Hi All, What is MTA-STS Mail Transfer Agent Strict Transport Security (MTA-STS) makes sure that Emails are Transfered over a secured TLS Connection but has lower requirements than DNS based Authentification of Named Entities (DANE). “Mail Transfer Agent Strict Transport Security (MTA-STS)” has been defined in 2018 in the following RFC rfc8461 SMTP MTA Strict Transport Security (MTA-STS) MTA-STS benefits: Emails are transfered over a secure TLS connection Must use TLS-Version 1.

Hi All, While writing the Blog Article that Microsoft is moving to New cloud.microsoft Domain for M365 i’ve been stumbled across something very interesting. In the Article from the Exchange Team Blog from Septemer 2023, they have anounced that Inbound DANE will be available between March and July 2024 using a new Domain *.mx.microsoft Implementing Inbound SMTP DANE with DNSSEC for Exchange Online Mail Flow I’ve decided to test DNSSEC with MXToolbox

Hi All, Microsoft has published several Blog Articles on the Exchange Team Blog, that they will throttle then block old and unpatched on-premises Exchange Servers. Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online Update on Transport Enforcement System in Exchange Online How to pause throttling and blocking of out-of-date on-premises Exchange Servers Timeline They started in Summer 2023 with Exchange 2007. Now in February 2024 they start to block Exchange 2013 - Extended Support ended on 11 April 2023

Hi All, A few years ago, i have already written an Article how to Enable DKIM in Exchange Online. Enable DKIM in Office 365 Things change over time and so does the Exchange Admin Center. Enabling DKIM has moved to the Microsoft Defender Admin Portal. Here are some older Articles regarding DKIM SPF / DKIM / DMARC DKIM with Exchange To enable DKIM in Exchange Online you have to go to the Microsoft Defender Admin Portal and select > Policies & rules > Threat Policies > Email authentication settings

Hi All, You might think that only Domain Administrators are able to add Computers to the Active Directory Domain. But that’s not true. AD Schema documentation MS-DS-Machine-Account-Quota attribute The number of computer accounts that a user is allowed to create in a domain. As a result, a regular Domain User can join up to 10 Computers to a Domain. If you open up adsiedit.msc and check the Properties on the Domain container and search for the Active Directroy Attribute “ms-DS-MachineAccountQuota” you can see that it has a value of “10”.

Hi All, I’ve published a new Swiss Domain Security Report Q4 2023 to rise awareness about the available Security technologies around Domains and Mailsecurity. It shows the adoption of diffrent technologies for the whole .ch TLD (Top Level Domain). Hope you enjoy it and learn something. Let’s improve the Security in Switzerland! Note: I am a private Person and this is just a Hobby Project. But i still believe this Report can be useful as an Overview of the Mail- and Domain Security in Switzerland.