In a December 24 announcement, Microsoft says that the roll-out of DNSSEC and DANE support in Exchange Online will start in mid-January 2022. Because this is a big change for the Exchange Online infrastructure, Microsoft is using a phased deployment which won't complete until mid-May. Support for DNSSEC and DANE has been coming for a long time, but it's good that the extra security which these standards bring will be available to Exchange Online tenants.
Microsoft 365 has many built-in controls to manage how users communicate externally, however, these controls do not generally extend to internal communication. While this is fine in most environments, situations exist where a degree of separation is required to segregate communication across different groups of users. This article details the configuration of Address Book Policies, and how they can be extended to include Teams.
Microsoft launched the preview of Azure AD custom security attributes on December 1. Custom attributes are well known to Exchange administrators. In this article, we look at how to create and add Azure AD custom security attributes, how to transfer data from Exchange to Azure AD, and how to retrieve information from the attributes. Azure AD custom security attributes have some advantages, but they also have some downsides.
Migrating application mailboxes to Exchange Online is critical for any migration project, and thorough planning is required since application mailboxes often serve vital business functions. It’s imperative to gather the details outlined in this article prior to updating internal application code, or test feature functionality of third-party products.
Microsoft Ignite 2021 happens (virtually) on Nov 2-4. There are tons of sessions scheduled and in this post we consider some important Microsoft 365 topics that we hope Microsoft will cover to help technologists plan tenant development over the coming year. Above all, we're looking forward to being able to attend conferences like Ignite in person so that we can learn from experts from inside and outside Microsoft.
Microsoft plans to remove the management of Exchange transport-rule based policies from the classic EAC in mid-2022. Given that Microsoft 365 DLP policies offer the same if not better functionality for Exchange Online and can process other workloads as well, it's a good time to consider transitioning away from the older technology. Microsoft is obviously not putting any engineering effort into Exchange-based DLP, so there's no good reason not to move over and use the technology they are investing in, The transition will take time and effort, but it will be worth it.
If you've migrated to Exchange Online, make sure you stop publishing your Exchange Servers to the internet. After a standard Hybrid migration, you still might be reliant on Exchange Server and in this article you can find out why and how to move remaining web services to Microsoft 365.
On November 1, Microsoft will limit auto-expanding archives to 1.5 TB and bring the era of "bottomless archiving" to an end. The new limit might not affect many Exchange Online tenants, but it's a wake-up call for administrators to check how archiving is used in their tenants. To help the process, we've written a PowerShell script to report the current set of user and shared mailboxes with archives.
It's often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange - however, the Autodiscover protocol isn't flawed in the way they describe. Even though the issue is hard to replicate, it shouldn't distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.
Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don't think a problem exists with Exchange Online, but it's possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.