Author: Tony Redmond

Latest Articles

Researcher Says Autodiscover Problem is Client-Side, Not in Exchange

Researcher Says Autodiscover Problem is Client-Side, Not in Exchange

An interesting and worthwhile interview (available on YouTube) with security researcher Amit Serper reveals a lot more detail about the Autodiscover credential leak reported by Guardicore last month. The interview (with three Office 365 MVPs) goes through the collection of leaked credentials, how Serper tried to reproduce the problem, and his interaction with Microsoft. It’s a real pity Serper didn’t include the information in his original report as it would have taken a lot of heat out of the situation.

October 12, 2021
Time to Move Off Exchange Online DLP Policies 8 Comments

Time to Move Off Exchange Online DLP Policies

Microsoft plans to remove the management of Exchange transport-rule based policies from the classic EAC in mid-2022. Given that Microsoft 365 DLP policies offer the same if not better functionality for Exchange Online and can process other workloads as well, it's a good time to consider transitioning away from the older technology. Microsoft is obviously not putting any engineering effort into Exchange-based DLP, so there's no good reason not to move over and use the technology they are investing in, The transition will take time and effort, but it will be worth it.

October 8, 2021
Consumption Models and Potential Cost Introduced by Microsoft’s New Teams APIs Require Careful Calculation 2 Comments

Consumption Models and Potential Cost Introduced by Microsoft’s New Teams APIs Require Careful Calculation

Along with the general availability of a new Graph Export API for Teams, Microsoft is introducing new licensing and charging models. Understanding the charging incurred for different uses will take some time to sort out and could pose real challenges for ISVs working in the migration space. Developers need to understand terms like model A and model B, seeded capacity, and consumption units and how these apply to their apps. The question now is if this is a test bed for Microsoft to apply similar charges to other APIs.

October 5, 2021
Microsoft Caps Exchange Online’s “Unlimited Archive” at 1.5 TB 19 Comments

Microsoft Caps Exchange Online’s “Unlimited Archive” at 1.5 TB

On November 1, Microsoft will limit auto-expanding archives to 1.5 TB and bring the era of "bottomless archiving" to an end. The new limit might not affect many Exchange Online tenants, but it's a wake-up call for administrators to check how archiving is used in their tenants. To help the process, we've written a PowerShell script to report the current set of user and shared mailboxes with archives.

September 29, 2021
Hot Air and Publicity for Purported Autodiscover Security Flaw 13 Comments

Hot Air and Publicity for Purported Autodiscover Security Flaw

Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don't think a problem exists with Exchange Online, but it's possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.

September 23, 2021
Connecting to the Microsoft Graph Using the PowerShell SDK 49 Comments

Connecting to the Microsoft Graph Using the PowerShell SDK

The Microsoft Graph SDK for PowerShell exists to help developers use Graph API calls from PowerShell. It works, but like anything in life, there's a right way to connect and use the SDK and a wrong way. In this article we explore topics like how to connect to the right tenant, how permissions are managed (or not), and why running Graph SDK cmdlets interactively isn't something you should do in production. Good as the SDK is, Microsoft has some big issues to solve to address some obvious security issues.

September 23, 2021
Old Versions of Outlook for Windows Stop Connecting to Exchange Online November 1

Old Versions of Outlook for Windows Stop Connecting to Exchange Online November 1

From November 1, 2021, Microsoft requires Outlook 2013 Service Pack 1 (with fixes) as the minimum client version to connect to Exchange Online. Given all the publicity about attacks against the on-premises version of Exchange earlier this year, it's a wonder why organizations continue to allow people to use outdated client software to connect to Exchange Online. In any case, the drop-dead date is November 1. If you have any old Outlook 2007, Outlook 2010, or Outlook 2013 (before SP1) clients, it's time to start upgrading.

September 20, 2021
Microsoft to Retire Old Exchange Admin Center in Office 365 Next Year 3 Comments

Microsoft to Retire Old Exchange Admin Center in Office 365 Next Year

Microsoft plans to retire the now-decrepit and very old EAC on September 1, 2022. The old console has hung on too long, perhaps because Microsoft hasn't progressed the development of its replacement as quickly as they could have since its 2019 debut. Although Microsoft claims that the new EAC reached feature parity with the old some time ago, any examination of the two consoles proves that this is not the case. With that in mind, it seems like Microsoft has some work to do to make everything ready for the big retirement date in 2022.

September 14, 2021
Microsoft Forces Move from Azure AD Cmdlets for License Management 9 Comments

Microsoft Forces Move from Azure AD Cmdlets for License Management

On June 30, 2022, Azure AD and Microsoft Online Services cmdlets will stop working for license management. The result is that you need to upgrade PowerShell scripts which use these cmdlets. The choice is to use Graph API calls or cmdlets from the Microsoft Graph PowerShell SDK. In this article, we explore the steps necessary to upgrade a script to remove service plans from an Office 365 license (SKU).

September 9, 2021
Why Microsoft’s Workload-Agnostic Retention Strategy Sometimes Comes Up Short for Email 7 Comments

Why Microsoft’s Workload-Agnostic Retention Strategy Sometimes Comes Up Short for Email

Microsoft would like Office 365 tenants to use Microsoft 365 retention policies instead of Exchange Online mailbox retention policies. Their stance is reasonable because Microsoft's engineering effort is focused on workload-agnostic retention across the Microsoft 365 ecosystem. However, mailbox retention policies continue to offer some advantages that aren't available in the Microsoft 365 equivalent. And they're cheaper too because they don't need Office 365 E3 or E5 licenses.

September 7, 2021
Teams Advanced Communications Add-on (Version 2) Ready to Go 4 Comments

Teams Advanced Communications Add-on (Version 2) Ready to Go

After a false start in 2020, Microsoft is coming back with version 2 of the Teams Advanced Communications add-on. The documentation lists four new capabilities. You'll have to make your mind up whether these features are worth whatever Microsoft asks for in terms of add-on pricing. We probably won't have that information until the preview phase of the features terminates at the end of 2021. I can't wait!

August 26, 2021
Unpatched Exchange Servers Remain at Risk
Exchange hybrid migrations

Unpatched Exchange Servers Remain at Risk

It's incredible, but reports still come in to prove that thousands of unpatched Exchange on-premises servers remain connected to the internet. New reports indicate that servers continue to be attacked and that thousands of vulnerable servers remain available as hacking targets. It's time to either get patched or move to the cloud.

August 21, 2021