SECURITY

Hi All, Back in January, Microsoft has annouced that the Exchange Online Transport Rule (ETR) Condition “Attachment ist Password protected” will now also support PDF Files. You can read the Documentation: Use mail flow rules to inspect message attachments in Exchange Online If you look at a PDF (File > Properties) Security > Show details Note: Files with “Permissions Password” (Print, Edit and Copy Blocks with Password) are not affected by the Condition “Attachment ist Password protected”

Hi All, Just a few Hours ago, Microsoft has release a new Version of the AIPService PowerShell Module to the PowerShell Gallery. AIPService 2.0.0.3 https://www.powershellgallery.com/packages/AIPService/2.0.0.3 AIPService on Microsoft Learn https://learn.microsoft.com/en-us/powershell/module/aipservice/?view=azureipps Let’s check the installed Version and what’s available on the PowerShell Gallery Get-InstalledModule AIPService Find-Module AIPService Uninstall the old PowerShell Module and install the newest one Uninstall-Module AIPService Install-Module AIPService Get-Installed Module AIPService To connect use this Command Connect-AadrmService Let’s check if it is enabled

Hi All, You might already know, that i am a big Fan of Defender for Office 365 Advanced Hunting. It’s easy and fast to analyze the last 30 Days of your Messaging Logs. Defender for Office 365 Advanced Hunting I’ve published some of the KQL Querys in my GitHub Repo You can find Advanced Hunting it in de Microsoft 365 Defender Portal To Access these Querys with PowerShell we need to have an Azure Active Directory Application

Hi All, As a Messaging Engineer / Architect i am well familiar with all the Messaging Standards that help to improve the Security of your Domain. Check out my Get-Mailprotection.ps1 Script Basics about SPF / DKIM / DMARC SPF / DKIM / DMARC DMARC Advisor - so far the best DMARC Reporting Tool DMARC Advisor Lately there has been an Anoucement that Exchange Online will also send DMARC Aggregate Reports (RUA) if the MX Points directly to Exchange Online.

Hi All, I’ve heard from OneNote Phishing in the last few Months. That seems to be a new way of Attack. Sadly i don’t know the exact details of that Attack. What came to my mind was to block OneNote Attachments in the Malware Filter. Microsoft: Besserer Schutz vor riskantem OneNote-Phishing geplant Also Microsoft want’s to improve here according to the M 365 Roadmap M365 Roadmap I’ve checked the OneNote file Extensions on my Computer

Hi All, Did you notice that you can download Conditional Access Templates. The Templates are documented in the Conditional Access Doumentation below Conditional Access templates (Preview) In Conditional Access Management select “New policy from template” Now you have a diffrent range of Policys and can download the JSON Back in Conditional Access select “Upload policy file” Select your JSON File and choose between “Off”, “On”, “Report only” After that your Policy is created

Hi All, In this Article i’ll show you how you can “Search and Purge” Emails in Exchange Online. With Compliance Search you can search for Mails and purge (Soft- or HardDelete) them afterwards. That’s usually the case for Phishing or Spam Incidents. Your search can cover a maximum of 50'000 Mailboxes A new Compliance Search will create an Alert by default. First of all you need to have the correct Permissions https://security.

Hi All, Last Night the February 2023 Exchange Server Security Updates have been released. Released: February 2023 Exchange Server Security Updates Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: February 14, 2023 (KB5023038) Security Update For Exchange Server 2016 CU23 SU6 (KB5023038) The downloaded exe File extracts then starts the Installation in a elevated Promt After the Security Update is installed, it is a good idea to restart the Server.

Hi All, I’ve stumbled accross the new Microsoft 365 Defender Role-based access control (RBAC). It is still in Preview but i gave it a go.For now you can create the RBAC Roles only in the M365 Defender Portal. But Graph Integration is at least on the Roadmap. Centrally manage permissions with the Microsoft 365 Defender role-based access control (RBAC) model Microsoft 365 Defender role-based access control (RBAC) Let’s have a look.

Hi All, I had the “pleasure” again this week to Document the Azure AD Policies. Making several Screenshots in the Azure AD Portal seemed not the best way. MSGraph: List Conditional Access policies So tried to use the Microsoft Graph Explorer You need the Permission: Policy.Read.All https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies While using the JSON could be one way. It’s not very good if you have to Document it in a Word Document right.