Troubleshooting Transport Rules that are set to “Do not audit”

When creating a transport rule, please…. PLEASE, do not disable auditing. Your rule auditing setting should not look like this. Unless of course, you have a security mandate about not auditing transport rules, then please continue on and disable auditing on transport rules. But for those that do not have a security mandate, please do…

4

Don’t forget about the security and compliance center

For those of you that are Exchange Online Protection veterans, it may be second nature to always head to the Exchange Online portal whenever you need to make any changes to that service. You may not even think of making those changes in the Security and Compliance Center. I’d like to throw out this quick…

1

EOP resources for malware prevention

In light of the recent malware news, a couple of my colleagues put together a list of Exchange Online resources. This list is by no means definitive or complete, it is just a place to start when thinking about configuration options in Exchange Online Protection. EOP Best practices: includes how to create rules for extension blocking…

2

Find AD Objects with an Incorrect TargetAddress

When you have a hybrid environment setup with Exchange Online, you’ll notice a new Accepted Domain in the Exchange Online portal. <domain>.mail.onmicrosoft.com This domain is used by Exchange on-premises to route mail to a mailbox that has been migrated from Exchange on-premises to Exchange Online. After a mailbox is migrated from Exchange on-premises to Exchange…

2

Keep headers intact when forwarding a message

In my line of work, I am constantly requesting message samples from organizations so that I can analyze the headers. Whether an end user has received a message that they believe should have been marked as spam, or they receive a message that was marked as spam that should not have been, step one of…

3

Custom RBAC role to allow access to only the Action Center

If a user account has been compromised and used to send massive amounts of spam, Exchange Online will block the account from sending (if enabled, a notification email can be sent to administrators to alert them when this happens). Once the account password has been reset, the block can be lifted by an administrator from…

1

When a certificated based connector is not working

I recently worked with an organization that had an Exchange Online inbound connector which accepted mail from their on-premises Exchange environment. This connector was scoped by IP, and the organization wanted to change it to be scoped by certificate instead due to an upcoming change in Exchange Online. For more details on this change see…

1

Upcoming Exchange Online connector changes pushed back

Today we announced that the connector changes that were planned for Exchange Online have now been pushed back from February 1st 2017 to July 5th 2017. These changes impact Exchange Online inbound connectors and require organizations with certain configurations to make changes and updates. The original blog post and KB article have both been updated…

1

Convincing phishing message and how ATP helped the remediation

Phishing messages are continuing to evolve and look ever more convincing. It’s scary to see just how legitimate some of these messages can look. Last week I was working with an organization that received a phishing message that looked incredibly legitimate. What stood out for me the most, was that this message included fake Safety…

1