DMARC Quarantine Issues

Posted on Leave a commentPosted in dkim, dmarc, EOP, exchange, exchange online, Exchange Online Protection, Exchange Server, spf, spoof

I saw the following error with a client the other day when sending emails from the client to any of the Virgin Media owned consumer ISP email addresses (virginmedia.com, ntlworld.com, blueyonder.com etc.) mx3.mnd.ukmail.iss.as9143.net gave this error:vLkg1v00o2hp5bc01Lkg9w DMARC validation failed with result 3.00:quarantine In the above, the server name (…as9143.net) might change as will the value before the error, but either DMARC validation failed with result 3.00:quarantine or 4.00:reject is the end of the error message. […]

How To Run an Advanced Threat Protection Proof of Concept

Posted on Leave a commentPosted in Advanced Threat Protection, ATP, malware, Office, Office 365, Office 365 ProPlus, Proof Of Concept, Safe Attachments, Safe Links

I put the following post together as I was asked this question from Microsoft themselves! This post covers what you need to put in place, and how you can test some of it (as testing the blocking of malware involves sending malware first!) First, lets take a look at the Advanced Threat Protection steps for a proof of concept (PoC), and then later we will look at the new Office Smart Links feature. You need […]

On-Premises Public Folders, Exchange Online, And Multiple Forests

Posted on 1 CommentPosted in exchange online, Exchange Server, Office 365, Public Folders

Here is a scenario I have come across in a few clients in just the last few weeks. This is not something that I recommend implementing lightly, as there are implications. But it does allow some very specific problems with public folder integration to be solved in the short term. The specifics of the scenario is that with Exchange Online mailboxes and on-premises public folders, each user in Exchange Online needs a login account in […]

Forcing Transport Level Secure Email With Exchange Online

Posted on Leave a commentPosted in EOP, exchange online, Exchange Online Protection, Exchange Server, Office 365, security, starttls, TLS

In Exchange Online there are a few different options for forcing email to require an encrypted connection. These depend upon the level of licence you have, and some of them are user based (Office 365 Message Encryption for example), but there are two ways to force TLS (transport layer security) for the email between when the message leaves Office 365 and arrives with the recipient email system. The first of these is a Mail Flow […]

XOORG, Edge and Exchange 2010 Hybrid

Posted on Leave a commentPosted in 2010, Edge, EOP, exchange, exchange online, Exchange Online Protection, Exchange Server, Office 365

So you have found yourself in the position of moving to Exchange Online from a legacy version of Exchange Server, namely Exchange 2010. You are planning to move everyone, or mostly everyone to Exchange Online and directory synchronization plays a major part (can it play a minor part?) in your plans. So you have made the option to go hybrid mode when you discover that there are manual steps to making Exchange 2010 mail flow […]

Cloud Admins, AADConnect and Privilege Increase Issues

Posted on Leave a commentPosted in AADConnect, AADSync, AdminSDHolder, Office 365, server administrator

Microsoft recommends that you stay on top of version updates to AADConnect. In version 1.1.553.0, which became available in June 2017, there is a reference to a gain in admin privileges that could be possible with password writeback (part of Azure AD Premium and EMS licences) that hints at a security issue. The following is what I think the issue is, and therefore why you should be running 1.1.553.0 or later. Global admins can change […]

Malware Filter Policy Updates in Office 365

Posted on 3 CommentsPosted in EOP, exchange online, Exchange Online Protection, malware, Office 365

In March I wrote a blog post that showed how to take the attachment filter list from Edge Server and add those attachment block types to EOP, as EOP had a very small list of attachments. Today on one of my client tenants I noticed this precanned list of attachment extension types is now at 96 items, which is a considerable change from the list back in March 2017. The list in March was ace, […]

OWA and Conditional Access: Inconsistent Error Reports

Posted on 1 CommentPosted in AzureAD, conditional access, EM+S, enterprise mobility + security, exchange, exchange online, Exchange Online Protection, IAmMEC, Outlook

Here is a good error message. Its good, because I could not find any references to it on Google and the fault was nothing to do with the error message: The error says “something went wrong” and “Ref A: a long string of Hex Ref B: AMSEDGE0319 Ref C: Date Time”. The server name in Ref B will change as well. It also says “more details” and if you click that there are no more […]

Administrators, AADConnect and AdminSDHolder Issues (or why are some accounts having permission-issue)

Posted on 1 CommentPosted in AADConnect, AADSync, active directory, AdminSDHolder, dirsync, exchange, exchange online, hybrid, Office 365

AdminSDHolder is something I come across a lot, but find a lot of admins are unaware of it. In brief it is any user that is a member of a protected group (i.e. Domain Admins) will find that their AD permission inheritance and access control lists on their AD object will be reset every hour. Michael B. Smith did a nice write-up on this subject here. AdminSDHolder is an AD object that determines what the […]

Bypassing Focused Inbox and Clutter Folders

Posted on Leave a commentPosted in Clutter, Focused Inbox, IAmMEC, Office 365, Outlook

For the last few years Exchange Online mailboxes have been processed by a service call Clutter, which moved the less important emails, or indeed the clutter, to a dedicated folder. This is now in the processes of being replaced by the Focused Inbox, which is client version dependant and is all based on views on the mailbox and not different folders. The way to ensure mail is not marked as clutter, or shown in the […]