Disabling Basic authentication in Exchange Online – Public Preview Now Available

Several months ago we added a feature to the Microsoft 365 Roadmap which generated a lot of interest. The feature was named Disable Basic Authentication in Exchange Online using Authentication Policies and as the roadmap items stated – it provided the capability for an Admin to define protocols which should allow Basic Authentication. Why was…


MS11-025 required on Exchange Server versions released before October 2018

In the security advisories released on 10/09/2018, CVE-2010-3190 was updated to apply to Exchange Server. This bulletin now applies to all versions and cumulative updates for Exchange Server released prior to October 2018. The Exchange team is aware that the installation program for Exchange Server is applying an unpatched version of a Visual Studio released…


Exchange Server TLS guidance Part 3: Turning Off TLS 1.0/1.1

Overview In part 3 of our Exchange Server TLS Guidance series, we introduce how to turn off TLS 1.0 and 1.1 in your Exchange Server deployment. Turning off TLS 1.0 and 1.1 can be a highly disruptive event if not planned and executed properly. The Exchange team believes that it is time for the ecosystem…


Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It

Overview In part 2 of our Exchange Server TLS Guidance series we focus on enabling and confirming TLS 1.2 can be used by your Exchange Servers for incoming and outgoing connections, as well as identifying any incoming connection which is not utilizing TLS 1.2. The ability to identify these incoming connections will vary by Windows…


Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2

Update: With the Office 365 deadline to have TLS 1.2 enabled being moved from March 2018 to October 2018 we have changed the timing of subsequent post releases; please see below! Overview As the realm of security in technology continues to evolve over time, every so often we say hello to newer and more competent…


Demystifying Certificate Based Authentication with ActiveSync in Exchange 2013 and 2016 (On-Premises)

Some of the more complicated support calls we see are related to Certificate Based Authentication (CBA) with ActiveSync. This post is intended to provide some clarifications of this topic and give you troubleshooting tips.What is Certificate Based Authentication (CBA)? Instead of using Basic or WIA (Windows Integrated Authentication), the device will have a client (user)…


Multi-Factor Authentication in Exchange and Office 365

Multi-Factor Authentication (MFA), which includes Two-factor authentication (2FA), in Exchange Server and Office 365, is designed to protect against account and email compromise. Microsoft has evaluated recent reports of a potential bypass of 2FA. We have determined that the technique described is not a vulnerability and the potential bypass does not exist on properly configured…


Certificate-Based Authentication (CBA) for Exchange Online

Update 6/6/2017: We updated this post to reflect availability for China plans. Update 7/28/2017: Updated with links for support with Outlook for iOS and Android. On-premises Exchange environments support the ability for certain mobile apps to utilize certificate-based authentication (CBA). Today, we are pleased to announce that CBA is available for customers using Office 365…


Exchange 2016 Coexistence with Kerberos Authentication

With the release of Exchange Server 2016, I thought it would be best to document our guidance around utilizing Kerberos authentication for MAPI clients. Like with the last two releases, the solution leverages deploying an Alternate Service Account (ASA) credential so that domain-joined and domain-connected Outlook clients, as well as other MAPI clients, can utilize…

2

Enabling BitLocker on Exchange Servers

The Exchange Preferred Architecture, for both Exchange Server 2013 and Exchange Server 2016, recommends enabling BitLocker on fixed data drives that store Exchange database files. Over the years, there have been a number of questions regarding how BitLocker should be enabled on servers. However, before we discuss that, I think it is important to provide…

2