Malicious Intra-Organizational Emails are now protected by default

Today’s #MicrosoftQuickFix is that Microsoft has enabled in Microsoft Defender for Office 365 intra-organizational email protection by default for high-confidence phishing messages containing malicious or spam-based URLs!

This new feature in the Windows Defender for Office 365 Anti-spam policy controls whether spam filtering and the corresponding selected action for the spam verdict is applied to internal messages (email sent between users in your Exchange Online organization).

Screen shot of Anti-spam policy settings

The deployment of this feature is complete for intra-organizational messages with the default value of High confidence phishing messages selected which will quarantine the message. This feature is available in all Microsoft Tenants worldwide!

If you don’t want to utilize this feature on intra-organizational messages it can be disabled by modifying the Anti-spam Policy setting for ‘Intra-Organizational messages to take action on’ to none

You can also modify the Anti-spam Policy setting to apply to other spam filter verdicts.

For more information about this see:

#Microsoft #Microsoft365 #MicrosoftDefender #ExchangeOnline #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Microsoft to begin sending DMARC Reports

Today’s #MicrosoftQuickFix is that #Microsoft will soon begin sending DMARC Aggregate Reports as part of the #DMARC standard and as the owner of a domain you can request reports be sent to wherever your DMARC DNS record RUA setting points to. Is it time to revisit your #Microsoft365 domains DMARC, DKIM and SPF security settings?

Phishing attacks are getting more sophisticated and most organizations have implemented email security measures like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to help mitigate these risks.

Unfortunately SPF and DKIM alone do not provide 100% protection against email attacks or nefarious hackers spoofing a companies domain regardless of SPF and DKIM implementation.

DMARC (Domain-based Message Authentication, Reporting) works with SPF and DKIM to authenticate your mail senders. With a DMARC record configured you’ll get reports that provide the status of your email authentication so you can improve it if needed. This helps you detect malicious emails that claim to be from your domain.

Note: DMARC reports are in XML format and contain a lot of technical data. There are several DMARC report analyzer tools available as well as third-party vendors offering DMARC reporting capabilities.

Using DMARC with SPF and DKIM gives organizations more protection against spoofing and phishing of email. DMARC also helps receiving mail systems decide what to do with messages from your domain that fail SPF or DKIM checks thru the actionable DMARC policy you specify.

DMARC Aggregate Reports will be available for all Exchange Online Protection customers beginning in late February 2023 with expected rollout to complete in late March 2023.

For more information about DMARC in Microsoft 365 see:

#Microsoft #Microsoft365 #MicrosoftDefender #ExchangeOnline #DMARC #DKIM #SPF #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Microsoft Authenticator Number Matching enabled by default at the end of February 2023

Upgrades to how your Microsoft Authenticator works to include number matching by default are coming at end of February 2023. That is today’s #MicrosoftCloudQuickFix !

With so many alerts on our phones these days from text messages, email messages, stock price alerts, Amazon reorder messages, new Spotify release notifications, Elon’s Tweets, and LinkedIn post alerts from me, its easy to get fatigued and just hit whatever to dismiss the alert (except this one of course 😎) and move on.

The increasing adoption of strong authentication and use of multi-factor authentication on corporate and personal accounts has added to this fatigue and spawned a technique called ‘MFA spamming’. These attacks rely simply on the users alert fatigue to approve a notification without any context to gain access.

To combat this for users using Microsoft Authenticator #Microsoft365 administrators can require users enter a number displayed on the sign-in screen when approving an MFA request in the #Microsoft Authenticator app. This feature is critical to protecting against MFA spamming attacks.

Note: If you are using ADFS/NPS there may be are some additional steps so please consult the full documentation below.

Microsoft will begin enabling this security feature for all users of the #MicrosoftAuthenticator App starting at the end of February 2023. Feature rollout controls will also be removed and as such it is recommended to begin testing and create training / change management documentation now.

For guidance on how to enable this security feature now and target users for testing and documentation see this link on Microsoft Doc – Enable number matching in the portal – Microsoft Entra

For more information please see:

#Microsoft #Microsoft365 #AzureAD #MultifactorAuthentication #MicrosoftAuthenticator #NumberMatching #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Exchange Server 2013 End of Support April 11, 2023

Yesterday was Groundhog Day and in honor of the great movie with the same name today’s #MicrosoftQuickFix is once again (get the reference now 😉) that Exchange Server 2013 is reaching end of support in 67 days from today on April 11, 2023!

After April 11, 2023, #Microsoft will no longer provide technical support for problems that may occur, bug fixes for newly discovered issues, security fixes for vulnerabilities that are discovered, and time zone updates.

Now look this doesn’t mean that because the Exchange Server software is out-of-date and no longer supported that it is going to stop working. Email will still flow, databases will still store data, mailboxes will still be accessible, but nefarious hackers will breathe a sigh of relief as the code now remains stagnant and despite “network magic” mitigation attempts all it takes is one zero-day venerability making its way in…

So your options are to Upgrade to Exchange Server 2019 – See the following page on Microsoft Docs for to Exchange Server 2019 system requirements, Exchange 2019 Requirements, Exchange 2019 Memory Requirements, Exchange 2019 Client Compatibility to begin.

Note: It is a supported coexistence scenario for Exchange 2019 and Exchange 2013 provided all your Exchange 2013 servers in your organization are patched to Exchange Server Cumulative Update 21 or higher.

and/or

Migrate to Exchange Online – See Decide on a migration path in Exchange Online on Microsoft Docs – Anyone still need a business case for migrating to #ExchangeOnline ?

In either case we recommend seeking assistance and using the Exchange Deployment Assistant which is a web-based tool that asks you about your current Exchange environment and generates a custom step-by-step checklist that will help you.

For more information about Exchange Server see:

#Microsoft #Microsoft365 #MicrosoftExchange #ExchangeOnline #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Sept 23, 2022 – New Podcast Available

In this episode Ryan McKay is joined by Andrew Lowes and discuss the deprecation of Basic Authentication in Microsoft 365 on October 1, 2022 and its impact to user experience along with the upcoming #MicrosoftIgnite2022

URLs shown in today’s video podcast include:
Deprecation of Basic authentication in Exchange Online
One Last Chance to Pause the Great Exchange Online Basic Authentication Shutoff
Microsoft Ignite Home

#Microsoft #Microsoft365 #BasicAuthentication #ModernAuthentication #MicrosoftCloudSecurity #MSIgnite #MicrosoftCloudQuickFix

Exchange Online – Basic Authentication Disabled Oct 1, 2022 – Part Deux

So you have done your due diligence and are sure your in the clear. You would like to manage this change and turn off Basic Authentication and test yourself before and not wait for Microsoft. That is todays #MicrosoftCloudQuickFix !

As outlined in my previous blogpost to prepare for the change check the Azure Active Directory Sign-In logs per New tools to block legacy authentication in your organization – Microsoft Tech Community which will help track down any clients still using Basic Authentication.

If you don’t have any Basic Authentication sign-ins then you can move on to block Basic Authentication for protocols on your tenant.

In your Microsoft 365 Admin Portal Next navigate to settings > Org Settings > under Services > Modern Authentication and ensure that “Turn on modern authentication for Outlook 2013 for Windows and later” is enabled and then under “Allow access to basic authentication protocols” uncheck any protocols you wish to no longer use Basic Authentication. Click “Save” and test.

For more information check out the following Disable Basic authentication in Exchange Online | Microsoft Docs in Microsoft Docs.

#Microsoft365 #ExchangeOnline #BasicAuthentication #ModernAuthentication #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Exchange Online – Basic Authentication Disabled Oct 1, 2022

There are three work weeks left until #Microsoft is scheduled to disable Basic Authentication access to Exchange Online. This is today’s #MicrosoftCloudQuickFix !

Back in September 2019 Microsoft announced they are disabling Basic Authentication access to Exchange Online to be replaced with Modern Authentication methods built on OAuth 2.0 token-based authorization. Modern Authentication has many improvements which mitigate issues with Basic Authentication and provide an improved security posture but as we are all aware there were circumstances in the world that pushed that date forward.

Beginning October 1, 2022 Microsoft will start disabling Basic Authentication for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell access protocols on randomly selected Exchange Online tenants. You will know ahead of time when your tenant has been chosen by a posted message in your Microsoft365 Admin Center Messages 7 days beforehand and a post to the Service Health Dashboard notifications.

To prepare for this change check the Azure Active Directory Sign-In logs per New tools to block legacy authentication in your organization – Microsoft Tech Community which will help track down any clients still using Basic Authentication and allow you to update your clients as appropriate. After the change to your tenant any client using Basic Authentication for an affected protocol will be unable to connect and will receive an HTTP 401 error: bad username or password error.

If you don’t have any Basic Authentication sign-ins then there is nothing you need to do.

Microsoft does recognize you may not be ready to turn off Basic Authentication and there is a Self-Service Re-Enablement process outlined. Note: that this is a one time re-enablement of Basic Authentication which will last until the end of December 2022 only and during the first few weeks of 2023 any re-enabled protocols will be disabled again permanently.

For more information check out the following Deprecation of Basic authentication in Exchange Online in Microsoft Docs.

#Microsoft365 #ExchangeOnline #BasicAuthentication #ModernAuthentication #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

‘Replace’ Policy Action in Safe Attachments Retiring – Microsoft Defender for Office 365

If you’re like me you enjoy the rich set of features included in Microsoft Defender for Office 365 including the Safe Links and Safe Attachments capabilities. Microsoft has announced a change to retire the ‘replace’ action in Safe Attachment policies and that is today’s #MicrosoftCloudQuickFix !

Safe Attachments in Microsoft Defender for Office 365 provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection in Exchange Online Protection (EOP). Specifically, Safe Attachments uses a virtual environment to check attachments in email messages before they’re delivered thru a process know as detonation.

Safe Attachments protection is controlled by Safe Attachment policies configured in the Microsoft 365 Defender portal. In Safe Attachment policies one of the actions which can be applied to a message is the ‘Replace’ action which delivers only the message body to the recipient without the original attachments when it has been found to contain malware.

Beginning in September 2022 the ‘Replace’ action will be retired and no longer available for use in Safe Attachment policies. The first phase of the retirement will automatically apply the ‘Block’ action, which will quarantine the email, to any existing policies with the ‘Replace’ action specified.

The second phase of the retirement targeted to complete by late-October 2022 will remove the ‘Replace’ action altogether from the Microsoft Defender portal and any existing policies with it will be changed to use the ‘Block’ action.

There will not be a similar action to ‘Replace’ post retirement and we recommend that you review and update all applicable Safe Attachments policies in your tenant beforehand.

For more information on Safe Attachment policy settings in Microsoft Defender for Office 365 please see Safe Attachments – Office 365 | Microsoft Docs

#Microsoft #Microsoft365 #MicrosoftDefenderforOffice365 #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Sept 2, 2022 – New Podcast Available

In this episode Ryan McKay and Andrew Lowes look at new Microsoft Entra portal for modern identity and access solutions.

URLs shown in today’s video podcast include:

Microsoft Entra | Microsoft Docs
Microsoft Entra – Secure Identities and Access | Microsoft Security
Microsoft Entra Datasheet
Microsoft Entra Admin Center

#Microsoft #Microsoft365 #MicrosoftEntra #MicrosoftIdentityandAccess #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Aug 19, 2022 – New Podcast Available

In this episode Ryan McKay and Andrew Lowes discuss the retirement of Azure Active Directory Connect V1 and steps to transition to V2 of Azure Active Directory connect.

URLs shown in today’s video podcast include:

https://azure.microsoft.com/en-us/updates/action-required-upgrade-to-the-latest-version-of-azure-ad-connect-before-31-august-2022/

Azure AD Connect: Version release history

#Microsoft #Microsoft365 #AzureActiveDirectory #AzureADConnect #MicrosoftCloudQuickFix