Clik here to view.
Securing Your Windows 10 Login With Yubikey
The Yubikey is a small USB connected hardware device that can generate a variety of security codes. Being virtually indestructible and easy to clip to a key ring (Yubikey 4) or leave inside your only...
View ArticleRC4 Kerberos and AD FS Issues
It has become common place to consider the position of the RC4 cipher in TLS connections, but this is not something that you can take from a TLS connection (HTTPS) and assume the same for Kerberos...
View ArticleExchange Edge Server and Common Attachment Blocking In Exchange Online...
Both Exchange Server Edge role and Exchange Online Protection have an attachment filtering policy. The default in Edge Server is quite long, and the default in EOP is quite short. There is also a few...
View ArticleBypassing Focused Inbox and Clutter Folders
For the last few years Exchange Online mailboxes have been processed by a service call Clutter, which moved the less important emails, or indeed the clutter, to a dedicated folder. This is now in the...
View ArticleClik here to view.
Administrators, AADConnect and AdminSDHolder Issues (or why are some accounts...
AdminSDHolder is something I come across a lot, but find a lot of admins are unaware of it. In brief it is any user that is a member of a protected group (i.e. Domain Admins) will find that their AD...
View ArticleClik here to view.
OWA and Conditional Access: Inconsistent Error Reports
Here is a good error message. Its good, because I could not find any references to it on Google and the fault was nothing to do with the error message: The error says “something went wrong” and “Ref A:...
View ArticleMalware Filter Policy Updates in Office 365
In March I wrote a blog post that showed how to take the attachment filter list from Edge Server and add those attachment block types to EOP, as EOP had a very small list of attachments. Today on one...
View ArticleClik here to view.
Cloud Admins, AADConnect and Privilege Increase Issues
Microsoft recommends that you stay on top of version updates to AADConnect. In version 1.1.553.0, which became available in June 2017, there is a reference to a gain in admin privileges that could be...
View ArticleXOORG, Edge and Exchange 2010 Hybrid
So you have found yourself in the position of moving to Exchange Online from a legacy version of Exchange Server, namely Exchange 2010. You are planning to move everyone, or mostly everyone to Exchange...
View ArticleClik here to view.
Forcing Transport Level Secure Email With Exchange Online
In Exchange Online there are a few different options for forcing email to require an encrypted connection. These depend upon the level of licence you have, and some of them are user based (Office 365...
View ArticleClik here to view.
On-Premises Public Folders, Exchange Online, And Multiple Forests
Here is a scenario I have come across in a few clients in just the last few weeks. This is not something that I recommend implementing lightly, as there are implications. But it does allow some very...
View ArticleHow To Run an Advanced Threat Protection Proof of Concept
I put the following post together as I was asked this question from Microsoft themselves! This post covers what you need to put in place, and how you can test some of it (as testing the blocking of...
View ArticleDMARC Quarantine Issues
I saw the following error with a client the other day when sending emails from the client to any of the Virgin Media owned consumer ISP email addresses (virginmedia.com, ntlworld.com, blueyonder.com...
View ArticleClik here to view.
Azure AD SSO and Disabled Computer Accounts
When you set up Azure AD SSO, the Azure AD Connect application creates a computer account called AZUREADSSOACC. Do not disable this account, or SSO stops working. I’ve had a few clients in the past...
View ArticleClik here to view.
Unexpected Security and Compliance Center Changes
In the last few days the layout of the Security and Compliance Center with regard to the Threat Management section appears to have changed. In the middle of the week just gone, and for a long while...
View ArticleClik here to view.
Outlook Authentication Broken–Username and Password Missing
I came across an issue recently where the Outlook security dialog box popup was broken. Rather than looking as below, the username and password fields where missing: The dialog box appeared as: Notice...
View ArticleClik here to view.
Office 365 and ACDC
The best connectivity to Office 365 is achieved with local internet breakout and local DNS egress. This means things like each branch office should connect directly to the internet and not via the Head...
View ArticleClik here to view.
Conversation Red Number in Skype For Business That Won’t Go Away
I have had this issue for ages, but could not find any answer for it on the internet that did not involve resetting Skype for Business or other complex stuff when in fact the answer is so easy it...
View ArticleClik here to view.
Configuring Hybrid Device Join On Active Directory with SSO
The instructions from Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup are missing some of the steps on setting up hybrid...
View ArticleClik here to view.
Office 365 Advance Threat Protection Attachment Preview
It is now possible to preview attachments that Advanced Threat Protection (ATP) is currently in the process of checking. This was enabled on my tenant recently and so will come to all tenants soon. It...
View Article