SECURITY

Block ADDS Domain Join of Computers for Domain Users

Block ADDS Domain Join of Computers for Domain Users

Andres Bohren
Hi All, You might think that only Domain Administrators are able to add Computers to the Active Directory Domain. But that’s not true. AD Schema documentation MS-DS-Machine-Account-Quota attribute The number of computer accounts that a user is allowed to create in a domain. As a result, a regular Domain User can join up to 10 Computers to a Domain. If you open up adsiedit.msc and check the Properties on the Domain container and search for the Active Directroy Attribute “ms-DS-MachineAccountQuota” you can see that it has a value of “10”.
Swiss Domain Security Report Q4 2023

Swiss Domain Security Report Q4 2023

Andres Bohren
Hi All, I’ve published a new Swiss Domain Security Report Q4 2023 to rise awareness about the available Security technologies around Domains and Mailsecurity. It shows the adoption of diffrent technologies for the whole .ch TLD (Top Level Domain). Hope you enjoy it and learn something. Let’s improve the Security in Switzerland! Note: I am a private Person and this is just a Hobby Project. But i still believe this Report can be useful as an Overview of the Mail- and Domain Security in Switzerland.
November 2023 Exchange Server Security Updates

November 2023 Exchange Server Security Updates

Andres Bohren
Hi All, It’s again Patchday and Microsoft has released Security Updates for Exchange 2016 and 2019. Exchange Team Blog Released: November 2023 Exchange Server Security Updates Updates: Security Update For Exchange Server 2019 CU12 SU11 (KB5032146) Security Update For Exchange Server 2019 CU13 SU4 (KB5032146) Security Update For Exchange Server 2016 CU23 SU11 (KB5032147) I’ve downloaded the - MonitorExchangeAuthCertificate And checked the Exchange Auth Certificate .\MonitorExchangeAuthCertificate.ps1 Run the Setup after downloading
Automate Exchange Certificate renewal with Let's Encrypt

Automate Exchange Certificate renewal with Let's Encrypt

Andres Bohren
Hi All, My old TLS Certificate from GoDaddy has expired a few Days ago. I have already used “Let’s Encrypt” Certificates for Exchange in some Test Environements. Today i want you to show how to set up initionally and then use a Script to renew the Certificate on a regular basis. Initial Setup First of all you need a Client that can handle the “Let’s Encrypt” Certificate Request. There are plenty of alternatives out there.
October 2023 Exchange Server Security Updates

October 2023 Exchange Server Security Updates

Andres Bohren
Hi All, It’s again Patchday and Microsoft has released Security Updates for Exchange 2016 and 2019. Exchange Team Blog Released: October 2023 Exchange Server Security Updates Updates: Security Update For Exchange Server 2019 CU12 SU10 (KB5030877) Security Update For Exchange Server 2019 CU13 SU3 (KB5030877) Security Update For Exchange Server 2016 CU23 SU10 (KB5030877) The Token Cache will be fixed with the OS Updates for IIS. Today, Windows team has released the IIS fix for root cause of this vulnerability, in the form of fix for CVE-2023-36434.
OnePlus 9 Android security patch 2023.09

OnePlus 9 Android security patch 2023.09

Andres Bohren
Hi All, A few Days ago, i have received an update for my OnePlus 9 Android Smartphone. It includes the Android 2023.09 Security Updates. Details can be found in the OnePlus Community OxygenOS 13.1.0.591 for the OnePlus 9/9 Pro Changelog Integrates the September 2023 Android security patch to enhance system security. Regards Andres Bohren Unified Messaging Logo
Exchange Online Custom RBAC Role for AWS

Exchange Online Custom RBAC Role for AWS

Andres Bohren
Hi All, I’ve had an interesting Use Case some Weeks ago. The collegues from the AWS Cloud Team wanted to create a Mailenabled Security List for each Application they create. So they can inform the right People and i guess also assign permissions to these People. I expected, that this will be an easy task. Just a few Microsoft Graph Commands to create a Group and add Members. But i was very wrong.
How Exchange Online DMARC Aggregate Reports Change the Game

How Exchange Online DMARC Aggregate Reports Change the Game

Andres Bohren
Hi All, Gain visibility with DMARC In the current digital era, email has become a crucial component of both our personal and professional lives. However, with the sophistication of cyber threats rising, it is more important than ever to ensure the security and legitimacy of email communications. This is where Domain-based Message Authentication, Reporting, and Conformance (DMARC) comes into play. The Mailservers of Recipients that support DMARC, provide feedback to domain owners about the use of their domains; this feedback can provide valuable insights about the use and abuse of your domains.
August 2023 Exchange Server Security Updates

August 2023 Exchange Server Security Updates

Andres Bohren
Hi All, It’s again Patchday and Microsoft has released Security Updates for Exchange 2016 and 2019. Exchange Team Blog Released: August 2023 Exchange Server Security Updates CVE-2023-21709 Microsoft Exchange Server Elevation of Privilege Vulnerability You have to run a Script after the Installation to Address CVE-2023-21709. The Update fails on Non-English Operating System. Workaround can be found here Exchange Server 2019 and 2016 August 2023 security update installation fails on non-English operating systems
Are Passkeys coming to AzureAD / M365?

Are Passkeys coming to AzureAD / M365?

Andres Bohren
Hi All, I’ve tried to register a Yubikey 5 NFC with my Android OnePlus9 (has Android 13 installed). First of all, it does not work with Chrome 114 on Android. So i used Microsoft Edge Browser on Android to Sign in to Security Info I’ve aded a Security Key Selected NFC Device Instead of NFC Key you can see a Passkey dialog In the end i could not save it