Find AD Objects with an Incorrect TargetAddress

When you have a hybrid environment setup with Exchange Online, you’ll notice a new Accepted Domain in the Exchange Online portal. <domain>.mail.onmicrosoft.com This domain is used by Exchange on-premises to route mail to a mailbox that has been migrated from Exchange on-premises to Exchange Online. After a mailbox is migrated from Exchange on-premises to Exchange…

2

Keep headers intact when forwarding a message

In my line of work, I am constantly requesting message samples from organizations so that I can analyze the headers. Whether an end user has received a message that they believe should have been marked as spam, or they receive a message that was marked as spam that should not have been, step one of…

3

Custom RBAC role to allow access to only the Action Center

May 2019 Update: We recommend that you use the Security & Compliance Center to remove users that have been blocked from sending outbound mail. For more information about using the Security & Compliance Center for this, please see https://docs.microsoft.com/en-us/office365/securitycompliance/removing-user-from-restricted-users-portal-after-spam. This blog article uses the Action Center in the Exchange Admin Center as an example and this…

3

When a certificated based connector is not working

I recently worked with an organization that had an Exchange Online inbound connector which accepted mail from their on-premises Exchange environment. This connector was scoped by IP, and the organization wanted to change it to be scoped by certificate instead due to an upcoming change in Exchange Online. For more details on this change see…

1

Upcoming Exchange Online connector changes pushed back

Today we announced that the connector changes that were planned for Exchange Online have now been pushed back from February 1st 2017 to July 5th 2017. These changes impact Exchange Online inbound connectors and require organizations with certain configurations to make changes and updates. The original blog post and KB article have both been updated…

1

Convincing phishing message and how ATP helped the remediation

Phishing messages are continuing to evolve and look ever more convincing. It’s scary to see just how legitimate some of these messages can look. Last week I was working with an organization that received a phishing message that looked incredibly legitimate. What stood out for me the most, was that this message included fake Safety…

1

Microsoft Canada is celebrating Azure today

Update: The Julia White tweetchat has been postponed to January 19. This article has been updated to reflect this change.   Today Microsoft Canada is celebrating Azure with various activities throughout the day. Fear not, you do not need to be Canadian to take part in today’s festivities. You do not need to wear flannel and…

0

Top ten posts of 2016

It’s a new year, and that means it’s time to look back at the top posts on this blog for last year. 2016 was a slower year for EOP Field Notes as I was on a leave from work for the first 5 months of the year. I returned in May when I continued my…

0

Happy Holidays!

With my move to special projects this year, I wasn’t able to post as many articles as I would have liked to. With that being said, I’m starting to do more case work again and will be trying to publish more articles in 2017. If you have any ideas for content or have specific questions,…

0

Release from quarantine and safe list the sender in one click

I recently found a new option you can select when releasing a message from the quarantine. While this option isn’t brand new, I’m not sure when it was added, and so wanted to share for visibility. The TechNet article that references this option is dated from June of this year, so I’m guessing it was…

5