The Microsoft Learn Cloud Skills Challenge is open!

Here is your #MicrosoftCloudQuickFix – #MSIgnite has begun, and the Microsoft Ignite Cloud Skill Challenge is now open until November 9, 2022!

There are 7 challenges to choose from and once you complete a challenge you choose you earn a 𝗳𝗿𝗲𝗲 exam credit for a Microsoft Certification exam on your #MicrosoftLearning account!!!

Check out The Microsoft Learn Cloud Skills Challenge for more information.

#MicrosoftCloudQuickFix #Microsoft #Microsoft365 #MicrosoftAzure #MicrosoftIgnite2022 #MSIgnite

Exchange Server Patch Alert!

Get ready to patch your on-premises versions of Exchange Server ASAP! This is today’s #MicrosoftCloudQuickFix !

Yet again as announced by #Microsoft on Friday September 30, 2022 there are two new reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 that are being exploited…

CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and can only be exploited by authenticated attackers while CVE-2022-41082 allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Microsoft has said it’s “working on an accelerated timeline” to provide a patch for the two newly disclosed vulnerabilities and while mitigations exist I would recommend a rapid patch deployment once one is available and of course always keeping your Exchange Servers up-to-date with the latest Cumulative Update (CU) and Security Updates (SU).

Microsoft indicated that #ExchangeOnline customers don’t need to take any action at the moment because the company has detections and mitigation in place and of course will apply the patch seamlessly once available – Anyone still need a business case for migration to #ExchangeOnline ?

For more information about this and Exchange Server Patching see:

#Microsoft #Microsoft365 #ExchangeOnline #MicrosoftExchangeServer #MicrosoftCloudQuickFix

General Availability of Exchange Online PowerShell V3

Microsoft has released Exchange Online PowerShell V3 module. This is today’s #MicrosoftCloudQuickFix !

It is recommended to now use the Exchange Online PowerShell V3 module. Exchange Online cmdlets backed by the REST API are available in Exchange Online PowerShell V3. REST API cmdlets have the following advantages:

  • More secure: REST API cmdlets have built-in support for modern authentication and don’t rely on the remote PowerShell session, so PowerShell on your client computer doesn’t need Basic authentication in WinRM for Exchange Online PowerShell.
  • More reliable: REST API cmdlets handle transient failures with built-in retries, so failures or delays are minimized. For example:
    • Failures due to network delays.
    • Delays due to large queries that take a long time to complete.
  • Better performance: The connection avoids setting up a PowerShell runspace in Exchange Online PowerShell.

For installation and connection instructions, see Exchange Online Management 3.0.0 and Connect to Exchange Online PowerShell.

#MicrosoftCloudQuickFix #Microsoft365 #ExchangeOnline

Exchange Online – Basic Authentication Disabled Oct 1, 2022 – Part Deux

So you have done your due diligence and are sure your in the clear. You would like to manage this change and turn off Basic Authentication and test yourself before and not wait for Microsoft. That is todays #MicrosoftCloudQuickFix !

As outlined in my previous blogpost to prepare for the change check the Azure Active Directory Sign-In logs per New tools to block legacy authentication in your organization – Microsoft Tech Community which will help track down any clients still using Basic Authentication.

If you don’t have any Basic Authentication sign-ins then you can move on to block Basic Authentication for protocols on your tenant.

In your Microsoft 365 Admin Portal Next navigate to settings > Org Settings > under Services > Modern Authentication and ensure that “Turn on modern authentication for Outlook 2013 for Windows and later” is enabled and then under “Allow access to basic authentication protocols” uncheck any protocols you wish to no longer use Basic Authentication. Click “Save” and test.

For more information check out the following Disable Basic authentication in Exchange Online | Microsoft Docs in Microsoft Docs.

#Microsoft365 #ExchangeOnline #BasicAuthentication #ModernAuthentication #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Exchange Online – Basic Authentication Disabled Oct 1, 2022

There are three work weeks left until #Microsoft is scheduled to disable Basic Authentication access to Exchange Online. This is today’s #MicrosoftCloudQuickFix !

Back in September 2019 Microsoft announced they are disabling Basic Authentication access to Exchange Online to be replaced with Modern Authentication methods built on OAuth 2.0 token-based authorization. Modern Authentication has many improvements which mitigate issues with Basic Authentication and provide an improved security posture but as we are all aware there were circumstances in the world that pushed that date forward.

Beginning October 1, 2022 Microsoft will start disabling Basic Authentication for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell access protocols on randomly selected Exchange Online tenants. You will know ahead of time when your tenant has been chosen by a posted message in your Microsoft365 Admin Center Messages 7 days beforehand and a post to the Service Health Dashboard notifications.

To prepare for this change check the Azure Active Directory Sign-In logs per New tools to block legacy authentication in your organization – Microsoft Tech Community which will help track down any clients still using Basic Authentication and allow you to update your clients as appropriate. After the change to your tenant any client using Basic Authentication for an affected protocol will be unable to connect and will receive an HTTP 401 error: bad username or password error.

If you don’t have any Basic Authentication sign-ins then there is nothing you need to do.

Microsoft does recognize you may not be ready to turn off Basic Authentication and there is a Self-Service Re-Enablement process outlined. Note: that this is a one time re-enablement of Basic Authentication which will last until the end of December 2022 only and during the first few weeks of 2023 any re-enabled protocols will be disabled again permanently.

For more information check out the following Deprecation of Basic authentication in Exchange Online in Microsoft Docs.

#Microsoft365 #ExchangeOnline #BasicAuthentication #ModernAuthentication #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

‘Replace’ Policy Action in Safe Attachments Retiring – Microsoft Defender for Office 365

If you’re like me you enjoy the rich set of features included in Microsoft Defender for Office 365 including the Safe Links and Safe Attachments capabilities. Microsoft has announced a change to retire the ‘replace’ action in Safe Attachment policies and that is today’s #MicrosoftCloudQuickFix !

Safe Attachments in Microsoft Defender for Office 365 provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection in Exchange Online Protection (EOP). Specifically, Safe Attachments uses a virtual environment to check attachments in email messages before they’re delivered thru a process know as detonation.

Safe Attachments protection is controlled by Safe Attachment policies configured in the Microsoft 365 Defender portal. In Safe Attachment policies one of the actions which can be applied to a message is the ‘Replace’ action which delivers only the message body to the recipient without the original attachments when it has been found to contain malware.

Beginning in September 2022 the ‘Replace’ action will be retired and no longer available for use in Safe Attachment policies. The first phase of the retirement will automatically apply the ‘Block’ action, which will quarantine the email, to any existing policies with the ‘Replace’ action specified.

The second phase of the retirement targeted to complete by late-October 2022 will remove the ‘Replace’ action altogether from the Microsoft Defender portal and any existing policies with it will be changed to use the ‘Block’ action.

There will not be a similar action to ‘Replace’ post retirement and we recommend that you review and update all applicable Safe Attachments policies in your tenant beforehand.

For more information on Safe Attachment policy settings in Microsoft Defender for Office 365 please see Safe Attachments – Office 365 | Microsoft Docs

#Microsoft #Microsoft365 #MicrosoftDefenderforOffice365 #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Azure AD Connect V1.x End of Support

For the last few weeks we have been advising that all Azure Active Directory Connect V1.x versions would reach end of support on August 31, 2022. Well that’s tomorrow and in case you haven’t yet upgraded here is your #MicrosoftCloudQuickFix !

Azure Active Directory Connect supports a couple different methods for upgrading from previous versions from an in-place upgrade to a swing migration upgrade depending on the complexity of your deployment and/or if you need to upgrade Azure Active Directory Connect onto a newer version of the Windows Server Operating system. Windows Server 2016 is the minimum supported version of Windows Server but we recommended Windows Server 2022.

For both the in-place upgrade and swing methods please see the instructions contained in Azure AD Connect: Upgrade from a previous version to the latest. Specific to the swing method please see instructions on how to Import and export Azure AD Connect configuration settings.

Note: A handy tool is available from Microsoft to document and report on the current configuration of an Azure Active Directory Connect installation named Azure AD Connect Configuration Documenter. This tool can be used to create a comparison report for a swing migration.

#Microsoft365 #AzureActiveDirectory #AzureADConnect #MicrosoftCloudQuickFix

Reminder – Exchange Server 2013 End of Support April 2023

Today’s #MicrosoftCloudQuickFix is that Exchange Server 2013 is reaching end of support in a little over 7 months from now. After April 11, 2023, #Microsoft will now longer provide technical support for problems that may occur, bug fixes for new issues that are discovered, security fixes for vulnerabilities that are discovered, and time zone updates.

Upgrade to Exchange Server 2019 – See the following page on Microsoft Docs for Exchange Server system requirements and/or

Migrate to Exchange Online – See Decide on a migration path in Exchange Online on Microsoft Docs

In either case I highly recommend using the Exchange Deployment Assistant which is a web-based tool that asks you about your current Exchange environment and generates a custom step-by-step checklist that will help you.

Note: It is a supported coexistence scenario for Exchange 2019 and Exchange 2013 provided all your Exchange 2013 servers in your organization are patched to Exchange Server Cumulative Update 21 (CU21 – released June 2018) or higher. See Exchange Server build numbers and release dates

#Microsoft #Microsoft365 #ExchangeOnline #MicrosoftExchange #MicrosoftCloudQuickFix

Data Lifecycle Management – Classic Exchange Admin Centre features migrating to Microsoft Purview Compliance portal

Microsoft has announced that Information Governance features currently available in the Classic Exchange Admin Center including Retention policies, Retention tags, and Journal rules are moving to the Microsoft Purview Compliance portal.

This is today’s #MicrosoftCloudQuickFix !

Retention Policies and Retention tags from messaging records management, and journaling rules are older compliance features that were originally managed in the Classic Exchange Admin Center. With the pending retirement of the Classic Exchange Admin Center forthcoming these features will not be brought forward to the new Exchange Admin Center but rather will be available as part of the Data Lifecycle Management solution found inside the Microsoft Purview Compliance portal under Data lifecycle management > Exchange (legacy).

Rollout of this change will begin in early August 2022 and is expected to be completed by the end of the month. Please advise your Exchange administrators or team responsible for Exchange compliance management and adjust access to the Microsoft Purview Compliance portal as needed.

For more information about data lifecycle management in Microsoft Purview Data Lifecycle Management see Learn about Microsoft Purview Data Lifecycle Management – Microsoft Purview (compliance) | Microsoft Docs

#Microsoft #Microsoft365 #MicrosoftPurview 
#MicrosoftCloudGovernance #MicrosoftCloudQuickFix

Upgrade to the latest version of Azure AD Connect before August 31, 2022

Today’s #MicrosoftCloudQuickFix is that Microsoft is retiring all V1.x versions of Azure Active Directory (Azure AD) Connect on August 31, 2022. To remain supported you must upgrade to the most recent version of Azure AD Connect V2!

Azure AD Connect was released several years ago. Since that time, several of the components that Azure AD Connect uses have been scheduled for deprecation and updated to newer versions. #Microsoft has bundled the newer components into a single release so you only have to update once. This release is Azure AD Connect V2.

If you continue with a retired version of Azure AD Connect after August 31, 2022 it might unexpectedly stop working, not have the latest security fixes, lack performance improvements and service enhancements, or if you require support #Microsoft you may be turned away!

Note: Azure AD Connect V2 requires Windows Server 2016 and above since it contains SQL Server 2019 components which are not supported on older versions of Windows Server.

Upgrading from V1.x is fully supported and for complete Azure AD Connect Upgrade V2 instructions see Azure AD Connect: Upgrade from a previous version – Microsoft Entra | Microsoft Docs

#Microsoft365 #AzureActiveDirectory #AzureADConnect #MicrosoftCloudQuickFix