-
Blocking More Obvious Phish – Attachment Filtering
One relatively easy way to block some categories of phishing email is to block the attachment type that is sent with some of these messages. For example, I have had a few of these recently: Hovering over the attachment I see the filename, and it ends .shtml. This attachment is for server-side HTML (SSI includes […]
-
Exchange Hybrid Wizard – New Tenants and Missing Errors
A short blog post on this issue – you see in the Microsoft Exchange Server Hybrid Configuration Wizard logs the following error “Connecting to remote server failed with the following error message: Connecting to remote server outlook.office365.com failed with the following error message : For more information, see the about_Remote_Troubleshooting Help topic.”. The error does […]
-
Adobe Creative Cloud and Conditional Access Restrictions
In Azure Active Directory it is possible to create Conditional Access rules that restrict applications to only running on company owned or managed devices. Conditional Access approves or rejects the login based on that knowledge – so what happens if the app in question is running on a company (managed or compliant) machine, but the […]
-
More Frequent Quarantine Notifications in Exchange Online Protection
Available from the end of April 2023 there is now an option to increase the notification interval to end users about items in the quarantine. The Microsoft 365 Quarantine is at https://security.microsoft.com/quarantine and though this is a good link to add corporate intranets, its also a useful one for users to remember and bookmark. Up […]
-
Join Button Not Working In Teams
If you have any URL rewriting software in place outside of Microsoft 365 (i.e. not Defender for Office Safe Links) then you may find that functionality such as the Join button in the Teams Calendar view is broken and the only way to join is via the URL to the meeting: The only way you […]
-
Restricting OneDrive To Multiple Tenants
You can use GPO or Intune/MDM settings to restrict a number of settings with OneDrive. One of the documented settings is called “Allow syncing OneDrive accounts for only specific organizations”. Notice how it is a title in the plural – more than one organization. But if you look at all the documentation and examples others […]
-
Zoom For Intune 5003 and Network Connection Errors
This was an interesting error to track down and fix. Its probably not going to affect a lot of my readers, but its was an interesting problem to get to the bottom of and it might apply for any Intune based app and not just Zoom. The specific scenario I have is a tenant to […]
-
Migrating MFA Settings To Authentication Methods
Released to Azure AD in December 2022 there is now a process for migrating from the legacy MFA methods and Self-Service Password Reset (SSPR) authentication methods to the unified Authentication Methods policies in Azure AD. This migration window is open until Jan 2024 when the legacy methods will be disabled. This change will allow you […]
-
Managing Hybrid Exchange Online Without Installing an Exchange Server
In April 2022 Microsoft finally released the ability to manage Active Directory synced attributes (Hybrid Identity) to Azure Active Directory for Exchange without a full Exchange Server installation. You have instead an install of the Exchange Management Tools. You need to be Exchange Server 2019 CU12 to do this, and you either uninstall your existing […]
-
Conditional Access in Defender for Cloud (MCAS)
I was asked this question last week at Microsoft Ignite following a talk that I did, and as it was a question it was clearly not as clear cut as maybe I thought it was. The question was, “why is Conditional Access found in Azure AD and Defender for Cloud?” (Defender for Cloud was previously […]
-
Conditional Access Authentication Strengths
Newly released to Conditional Access in Azure AD is the “Authentication Strengths” settings. These allow you to control the strength of the authentication you need to be used for that conditional access rule. Before this feature was available you had the option of allowing access with no second factor, MFA as a second factor (any […]
-
What Is “Multifactor Authentication Trusted IPs”
In Azure AD for location based conditional access rules you can select “Multifactor Authentication Trusted IPs” as a location. This short blog post outlines what this is. As an example of the use of this location, it could be used as follows in Conditional Access: The location selected in the above is “Multifactor Authentication Trusted […]
-
Getting Teams Meetings Added to Your Events When Using Apple iOS Calendar App
A user can enable an “All Meetings Online” option in Outlook (all versions) to add a Teams meeting automatically when the meeting is created and an admin can enable this centrally for all users with the PowerShell Set-OrganizationConfig -OnlineMeetingsByDefaultEnabled $true But this does not add the meeting bridge to events created in Apple Calendar on […]
-
Improving Exchange Online Email Deliverability Through Third Party Filtering Services – Trusted ARC Sealer
When you receive emails into Exchange Online and you filter the external messages before arrival with a third party filter such as Mimecast, Proofpoint or others, then you can have DMARC failures that result in messages being junked or quarantined. This is a new feature to Exchange Online to allow you to trust the DMARC […]
-
Fixing the Display of Voicemail In Outlook
Once upon a time voicemail in Office 365 was done in Exchange Online Unified Messaging, but that was retired early 2020. Voicemail is now provided by a service known as Cloud Voicemail but Outlook did not keep up to date if you have a newly created tenant and now when voicemail arrives in Outlook it […]
-
Gmail showing “via” in Microsoft 365 Email Headers
I came across this issue the other day. In the headers of an email received from Microsoft 365 / Exchange Online into Gmail (and not other recipients) the message header reads “name@domain via otherdomain.onmicrosoft.com”, for example: In this case the via header for onmicrosoft.com was an old organization name and as tenant rename does not […]