#simplifynow — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #simplifynow, aggregated by home.social.
-
Ready for #MSExchangeSummit in Würzburg, Germany! Speaking today after lunch: “We need to talk about (on-prem) Exchange Server”
#MSExchange #Microsoft365 #SimplifyNow #SMTP -
As a recipient org that receives forwarded mails, you might want to read up on Authenticated Received Chain or #ARC. While #SRS fixes any #SPF issues, that will still cause #DKIM and #DMARC validation issues. If the forwarding org has ARC, you can trust their authentication results by adding them as a trusted ARC sealer. More info: https://learn.microsoft.com/en-us/defender-office-365/email-authentication-arc-configure
-
As a forwarder you might want to read up on Sender Rewriting Scheme or #SRS, and how #Microsoft365 manages this. This is a solution for #SPF fails due to forwarding. Do note, if you route via an on-prem infrastructure, there might be a need to adjust a setting to force SRS. More info: https://learn.microsoft.com/en-us/exchange/reference/sender-rewriting-scheme
-
Reading #WeekITtip for the weekend. I am currently involved in a case in which mail (auto)forwarding is used but that is causing the forwarded mail to be rejected. When #SPF, #DKIM and #DMARC are implemented properly, this can break legitimate mail forwarding.
-
Also check several breaking changes in #MSExchange Online such as legacy tokens, EWS deprecation, but also external recipient rate limits. Some take effect in January, others (much) later but some mitigations might take time.
Now you have some of your #SMTP New year resolutions! 😉 See you next year!
-
Now #Microsoft has announced the rollout for #Mobile Outlook iOS/Android in Message Center MC960818. You do not have to do anything, but evaluate if the older add-in is still required. See also: https://www.microsoft.com/en-US/microsoft-365/roadmap?filters=&searchterms=371383
This might also be a time to do a (periodic!) review of your overall #Defender settings, processes, and awareness training (with an ethical attack simulation). Like previously indicated, there are still a lot of incoming threats via email.
-
Third party sites might still have #MSExchange courses online, at least #Pluralsight has a few courses. CBTNuggets seems to still have a Certification preparation. But be aware that these courses may not be up to date anymore. You might find some YouTube channels, but I haven't checked myself.
-
There are still #MSExchange books being sold but be sure to check the most recent release. At least I know "Pro Exchange Administration" is relatively up to date: https://link.springer.com/book/10.1007/978-1-4842-9591-5 . For more #PowerShell focus the https://practicalpowershell.com books are an option (note: cocreator of those). For more general #Microsoft365 focus, I can recommend "Office 365 for IT pros": https://o365itpros.gumroad.com/l/O365IT which has monthly updates.
-
Unfortunately, these options are all provide you can self-learn or might miss important real-life nuance and trainer interaction. Of course you could use fora, social media to ask your specific questions. As a last resort you could ask known trainers (MCTs or often MVPs) to develop a custom course or workshop.
-
Day 22 of #ITAdvent. There is no #Microsoft #MSExchange specific #certification available. Which unfortunately also means that there is less training offered, as they are based on Microsoft Official Courseware or #MOC. So, I sometimes see the question what options there are.
Obviously, #MicrosoftLearn sites were already a replacement for any books used during those MOCs. However, there is no Learning Path/Modules available that covers everything. https://learn.microsoft.com/en-us/training/browse/?expanded=m365&products=office-exchange-server%2Coffice-exchange-online
-
There are still #MSExchange books being sold but be sure to check the most recent release. At least I know "Pro Exchange Administration" is relatively up to date: https://link.springer.com/book/10.1007/978-1-4842-9591-5 . For more #PowerShell focus the https://practicalpowershell.com books are an option (note: cocreator of those). For more general #Microsoft365 focus, I can recommend "Office 365 for IT pros": https://o365itpros.gumroad.com/l/O365IT which has monthly updates.
-
Day 22 of #ITAdvent. There is no #Microsoft #MSExchange specific #certification available. Which unfortunately also means that there is less training offered, as they are based on Microsoft Official Courseware or #MOC. So, I sometimes see the question what options there are.
Obviously, #MicrosoftLearn sites were already a replacement for any books used during those MOCs. However, there is no Learning Path/Modules available that covers everything. https://learn.microsoft.com/en-us/training/browse/?expanded=m365&products=office-exchange-server%2Coffice-exchange-online
-
Third party sites might still have #MSExchange courses online, at least #Pluralsight has a few courses. CBTNuggets seems to still have a Certification preparation. But be aware that these courses may not be up to date anymore. You might find some YouTube channels, but I haven't checked myself.
-
Read this blog on how to do so: https://techcommunity.microsoft.com/blog/exchange/critical-update-applicationimpersonation-rbac-role-deprecation-in-exchange-onlin/4295762
Don't forget other upcoming potentially breaking changes, such as removal of legacy tokens, EWS and Client Access rules, enforcing external recipient rate limits to name some.
-
...The maximum results is increased from 1000 to 5000 though. You might have to change your scripts as this might be a breaking change, I know that I wil have to.
-
The findings are interesting, and I wonder why the adoption is not higher. Most protocols are not that hard to adopt for most situations, but perhaps I am missing things. I for one am open to give workshops, trains and consult your org if needed. And I am sure a lot of other experts are willing as well.
You can read the post here: https://www.forumstandaardisatie.nl/nieuws/internetveiligheid-bij-de-overheid-forum-standaardisatie-roept-op-tot-snelle-actie
-
Day 19 of #ITAdvent. The Dutch Forum Standarisatie is a Dutch Advisory commity on IT open standards in order to easily and safeliy exchange data between government bodies, companies, non-profits and citizens. They maintain lists of mandatory and recommended protocols for at least governmental bodies. But IMHO every organization should adopt these.
-
Today they published the rate of adoptions of these protocols and concludes that there is a lot of work to be done and urges orgs to pick up the rate of adoption, make plans, set target dates and implement them. There are explicit mentions of #DANE and #IPv6 now that #MSExchange Online supports them.
-
Do note that I've just scratched the surface and there are a lot of nuances IRL. This is my attempt to create greater awareness of these protocols, the need for them and the need to configure and use them properly for your organization. Let's make mail a little bit safer!
-
- Mail is manipulated after DKIM signing has occurred, for instance by adding disclaimers or subject tags. So, be sure to check your mail infra.
- Often a 1024 key length is still used, while 2048 is more robust. Solve this in #MSExchange Online by rotating your DKIM keys with PowerShell and setting a higher key length. See more here: https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dkim-configure#use-exchange-online-powershell-to-rotate-the-dkim-keys-for-a-domain-and-change-the-bit-depthHave you checked your environment for these issues? Did you see other issues with DKIM?
-
Luckily, there are various tools & services that can check syntax or flatten your record by replacing includes with IP addresses, reducing the DNS lookups. Often, those services also offer DMARC reporting (I will come back to that on a later day) analysis.
Did I forget any common mistakes? Do you have any you want to share?
If you want to dig deep in SPF, read the RFC7208: https://datatracker.ietf.org/doc/html/rfc7208 -
Day 16 of #ITAdvent. Let's talk about #SPF or Sender Policy Framework! Especially the most common mistakes I see happening, be sure to check those periodically (but during the holiday period you also might have time to do this):
- Forgotten sub domains: SPF does not inherit to subdomains
- Not having a correct syntax: typos or linefeeds where they shouldn't. -
Obviously, there are other options available, some depend on which license the Meeting Organizer has. Do note that also the recording itself has additional configuration options, such as retention. https://support.microsoft.com/en-us/office/record-a-meeting-in-microsoft-teams-34dfbe7f-b07d-4a27-b4c6-de62f1348c24
-
Do note: With MC841229 the recent rollout of the default Report button in Classic #Outlook was announced, no longer requiring an add-in be pushed. Be sure to check whether your users now might have two buttons to report and change your config and/or documentation.
-
Besides having (filtering) protections in place, be sure to educate your users about what to do, for instance to report suspicious mail but also how they should respond if they do where tricked into clicking malicious mails. In various #Outlook clients, users can use a Report button. See: https://learn.microsoft.com/en-us/defender-office-365/submissions-user-reported-messages-custom-mailbox
-
Day 14 of #ITAdvent. In 2024 #Microsoft reported in their Digital Defense Report 2024 that #Phishing is still the greatest threat from #mail. So, it's good to periodically review your orgs #security preparedness on this.
-
I couldn't quickly find an overview article from #Microsoft, but in my search I came across https://msshells.net/ that lists the different modules, their latest stable version and a way to install them. As far as I could tell it's still correctly maintained. Looks like a site to bookmark!
-
Day 13 of #ITADvent. Administrating #Microsoft365 comes with a lot of #PowerShell work, requiring to install and update lots of different modules. The ones I have to use frequently I know by heart. Others, not so much...
-
Day 12 of #ITAdvent. Be sure to check whether you have apps/devices that send #mail with multiple FROM: headers (or P2) without a SENDER: header. To comply with RFC5322 #Microsoft365 will reject those mails.
Why? "Most of the traffic exhibiting multiple P2 From Addresses without a Sender Address will be inbound spam destined for your tenant sent by malicious spammers on the internet." as stated in #MC886603. However, you could have valid mail that does this.
-
Day 7 of #ITADvent. While I do not work with #Microsoft365 #eDiscovery often, the fact that you needed to use a click-once app in order to #export data was a major drawback of the whole experience. Especially in heavily controlled environments this was challenge to explain & implement.
-
This will change this month among other improvements. But this part made me smile: "customers don’t need to install the app anymore and can download directly through browser." More in Message Center MC939916 or https://www.microsoft.com/en-US/microsoft-365/roadmap?filters=&searchterms=469031
-
But with Face and Voice enrollment, #Microsoft365 #Copilot can do that without specific hardware. Be aware that this is on per default mid-february 2025.
While users can choose to enroll their face and/or voice and it's explicitly stated that this is not used to train AI models, admins can disable the feature completely if the org wishes. The policy csTeamsAIPolicy is configurable now. More in Message Center MC912707 or: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=413708
-
Day 6 of #ITAdvent. If you have a lot of #MicrosoftTeams meetings and sharing audio/video via BYOD, you know that especially transcripts attribute what has said to the account that was connected to those devices. You then need to check recordings to verify who said what. But for #Copilot cant' do that.
There are devices with Intelligent Speakers, that can identify the speaker in the room which requires specific hardware.
-
Most filtering systems can detect both and manage them differently; the key part is the Bulk Confidence Level #BCL akin to the Spam Confidence Level #SCL. In #MSExchange Online Protection you can indicate Bulk has to be managed as spam. Or let users create rules to manage it.
-
So, I've started a new blog site. Consider this a soft launch, I still need to quite a lot of customizations. But I wanted to get this out in the world. I'll probably post a lot about #Microsoft #Exchange #SMTP #Microsoft365 and related topics. Bookmark https://davestork.nl !
-
PSA: There seem to be networking issues in the #Microsoft #Network in North & West-Europe region. It's affecting #Azure and #Microsoft365 services. See for status:
https://azure.microsoft.com/en-us/status/ and MO842351 in the M365 Admin portal. -
Starting to implement Inbound #DANE in my #MSExchange #Microsoft365 tenant. First, lowering TTLs & setting #MTA-STS to Test. Now wait!
See the blog from #Microsoft here: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/bc-p/4194057#M39364
Read my thought about this here: https://www.linkedin.com/posts/dmstork_microsoft-dane-exchange-activity-7219386721304547328-87P1
-
The day that #Microsoft announced the General Availability date of #NewOutlook also known as #Monarch (1 aug '24), my install decided to start, crash, start, crash, start, crash ad infinitum... and the load screen gets focus & prevents me working. *sigh*
#MVPBuzz #SimplifyNow -
And with every big #Microsoft event such as #MSBuild, there is a Book of News or #BoN that summarizes the biggest announcements which aren't only for developers. Ideal if you don't have the time to attend any sessions. You can find it here: https://news.microsoft.com/build-2024-book-of-news/
-
In this week's #WeekITtip I share my thoughts about why I am excited about #MicrosoftPlaces and its Public Preview. Read more on my #LinkedIn profile page https://www.linkedin.com/in/dmstork/
#WeekITtip #SimplifyNow #Microsoft365 #MicrosoftTeams #MSExchange
-
Well, I can now finally talk about the near future of #Exchange as #Microsoft just published their product roadmap for #Exchange Server! And Exchange Server "vNext" now has a name: Exchange Server Subscription Edition or SE.
Read more details here: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/4132742I talk a bit more in-depth about #MSExchange Subscription Edition on my #LinkedIn profile page: https://www.linkedin.com/in/dmstork/
-
There's been a new #WeekITtip, this time it's about some misconceptions surrounding the state of New #Outlook. Read more here: https://www.linkedin.com/posts/dmstork_mvpsummit-weekittip-outlook-activity-7179515790725939200-APtE?utm_source=share&utm_medium=member_desktop
Check for more helpful tips the LinkedIn tag #WeekITtip and/or #SimplifyNow: https://www.linkedin.com/feed/hashtag/?keywords=weekittip and https://www.linkedin.com/feed/hashtag/?keywords=simplifynow
#Microsoft365 -
Sending a mail you shouldn't have sent or used the Reply-All button by mistake.. It happens to the best of us. Yes, that includes me 🤫. Read my post on #LinkedIn on a #MSExchange feature you might have missed! Check https://www.linkedin.com/in/dmstork/ and tags #WeekITtip #SimplifyNow
-
New year, new #WeekITtip (with a bit of a delay)!
Did you know Google and Yahoo are going to be stricter with unauthenticated mails from 1 februari?
Google: https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Yahoo: https://senders.yahooinc.com/best-practices/Especially tend to 3rd-party services you might use. In recent days I've seen a lot of requests to implement DNS changes. Sadly, often the bare minimum.
So, again a little help on the fundamentals of mail authentication: https://www.youtube.com/watch?v=gc58wubizx0&t=70s
-
Hey, instead of doing a weekly #WeekITtip I'm currently doing an #ITadvent tip every day until Christmass! I'm posting those on #LinkedIn. Today's tip is about Outlook COM going away in favor of web add-ins. Check out: https://www.linkedin.com/in/dmstork/recent-activity/all/
-
Now that #MSIgnite is behind, the real journey begins with learning about all the newly announced features, capabilities, and technology. One way to learn this massive amount of information is to do one or more #Microsoft Cloud Skills Challenge. You also might win a ticket for #MSIgnite 2024: win win! Find a suitable topic and register in this list here: https://aka.ms/IgniteCSC?ocid=ignite23_csc_M365-MVP-5000976
-
It's #MSIgnite 2023 time! Or should I say #msAIgnite ? 🤓 There will be a lot of announcements and as usual #Microsoft has released the #BookOfNews which contains the most important announcements. Read up here! https://news.microsoft.com/ignite-2023-book-of-news/
You can still register! There are tons of virtual and/or recorded sessions you can watch even after #MSIgnite. Register here: https://register.ignite.microsoft.com/
-
Mail or SMTP is a protocol that was not developed with a security-by-design mindset. There are a lot of additional protocols needed to make it safe. But is it safe enough? Read my thoughts on LinkedIn:
https://www.linkedin.com/posts/dmstork_smtp-spf-dkim-activity-7127980685541138434-I11-?utm_source=share&utm_medium=member_desktop
#WeekITtip #SimplifyNow #FoodForThought -
Sometimes you have take a break or step back and give your thoughts a bit more time. That is what I'm going to do after this week, so that means no #WeekITtip this week.
Or is this the #WeekITtip? 🤔 😉
In any case, good weekend to you all!