Combating Display Name Spoofing

My lack of updates around these parts can be attributed to the craziness of work over the last few months. This afternoon I have some time and am typing this out as quickly as I can before someone notices and gives me something else to work on. Let’s begin. I’ve recently seen a very big…


Troubleshooting Transport Rules that are set to “Do not audit”

When creating a transport rule, please…. PLEASE, do not disable auditing. Your rule auditing setting should not look like this. Unless of course, you have a security mandate about not auditing transport rules, then please continue on and disable auditing on transport rules. But for those that do not have a security mandate, please do…


Disclaimers and calendar invites

Rather than tease you with a witty, or even humorous opening paragraph, I’m going to instead jump right to the dessert. Because really, who doesn’t love dessert? As I recently discovered with an organization, adding disclaimers to calendar invite emails can cause problems and confusion for end users. When an individual shares their calendar, we…


The Common Attachment Types Filter

The Common Attachment Types Filter is a feature that was rolled out to Exchange Online earlier this year. If you haven’t opened your malware filter for a while, you may not even know this new filter is there! With this filter, you no longer need to create transport rules to block file types as attachments…


Auditing transport rules

Transport rules contain an Audit setting that is often misunderstood and unchecked without realizing the implications. Unchecking this box has quite adverse effects on future reporting and troubleshooting for the transport rule. While this may be desirable, I see a lot of organizations unchecking this box and not realizing what the impact will actually be….


Support Hot Topics – Reducing the threat of zero-day malware

Welcome to the second episode in our Support Hot Topics for Exchange Online Protection series. I’m joined in this episode by my co-worker, Jason, and we discuss Exchange Online Protection strategies that can help reduce the threat of zero-day malware. I have seen an increase in zero-day malware attacks that use social engineering to get…


An Introduction to the new Spam Filter Allow and Block Lists

Rather than start this article with an appetizer, I’m going to switch things up and dive right into the meat and potatoes. Very soon, if not already, you will see two new entries in your Spam Filter in Exchange Online Protection, Allow Lists & Block Lists. As suggested by the name, this is a new…


Tips to prevent Zero-Day Malware with EOP

I have recently seen a lot of zero-day malware attacks and interestingly, these attacks aren’t even trying to be covert. In these cases, the malware is attached to an email in the form of an executable file and the recipient is asked to run the attachment. Being in the technology works, people like you and…


Need details on who and what are triggering your rules? There's a cmdlet for that!

Need to get a list of all messages that triggered a particular transport rule, or do you want to see all rules that have been triggered by a particular sender? This information can be easily found using the Get-MailDetailTransportRuleReport cmdlet. Looking past the name being much too long, this cmdlet can provide very insightful information…


Use PowerShell to search for transport rules (updated)

Update (April 7, 2015): More content and examples have been added to this article since the original posting. PowerShell can be used to quickly search for rules matching specific criteria. This can be incredibly valuable for a tenant that contains a lot of rules. While possible to search for transport rules in the EOP portal,…