Exchange Online

Latest Articles

Why Using App Secrets in Production is a Bad Idea

As many organizations adapt legacy scripts to use app authentication instead of traditional service account credentials, security can be compromised if certain risks are overlooked. While app secrets can be great for testing code, there’s a reason they have an enforced expiry date - the longer a secret exists in production, the higher the risk it will become compromised. The methods described in this article will help build a good foundation for app authentication while keeping security top of mind when creating or updating automation scripts.

February 16, 2022

Attack Simulation Training: RBAC and End User Notifications

Attack Simulations are Microsoft’s foray into a crowded field of competitors who provide a service that trains users to recognize dangerous email with simulated Phishing or malware-infested messages. Microsoft has continually added features and functionality since they released Attack Simulations, including additional simulation types, different payloads, custom payloads, customizable training and more. The most recent upgrades are RBAC permissions and end user notifications. These two additions to Attack Simulation Training are a great incentive to deploy and adopt this functionality, as End User communications are the key enhancement that make this feature worthwhile for an organization.

February 15, 2022

Exchange Online Launches Support for MTA-STS

Exchange Online now supports SMTP Strict Transport Security (MTA-STS), a mechanism to help defend SMTP communications between mail servers. Microsoft 365 tenants can decide if they want to enable MTA-STS for their domain by publishing a DNS record and an MTA-STS policy. You don't have to use MTA-STS, but it's a good idea to consider the option.

February 4, 2022

Bridging the Gap Between Microsoft Teams and Email

Teams is mostly an internal communications platform while email connects billions of people around the world. Inside Microsoft 365 tenants, you might need to connect Teams and email together. In this article, we discuss the out-of-the-box features available to link the two and describe some of the positive and negative points of each. You can certainly bridge the gap between Teams and email, but maybe Microsoft could grease the connection just a little more...

January 25, 2022

How to Transition from Exchange Online Mailbox Retention Policies to Microsoft 365 Retention

Exchange Online has mailbox retention policies. Microsoft 365 has retention policies and retention labels. In this article, we explore how to move away from Exchange Online retention to use Microsoft 365 retention. The transition makes it possible to use the advanced retention capabilities Microsoft is developing that will never show up in Exchange Online, so it's a good long-term goal to have even if it's not on your immediate work list.

January 20, 2022

Exchange Online Introduces DANE and DNSSEC for Outbound Email

In a December 24 announcement, Microsoft says that the roll-out of DNSSEC and DANE support in Exchange Online will start in mid-January 2022. Because this is a big change for the Exchange Online infrastructure, Microsoft is using a phased deployment which won't complete until mid-May. Support for DNSSEC and DANE has been coming for a long time, but it's good that the extra security which these standards bring will be available to Exchange Online tenants.

January 17, 2022

Separating users in Office 365 using Address Book Policies

Microsoft 365 has many built-in controls to manage how users communicate externally, however, these controls do not generally extend to internal communication. While this is fine in most environments, situations exist where a degree of separation is required to segregate communication across different groups of users. This article details the configuration of Address Book Policies, and how they can be extended to include Teams.

January 5, 2022

Can Entra ID Custom Security Attributes Replace Exchange Custom Attributes?

Microsoft launched the preview of Azure AD custom security attributes on December 1. Custom attributes are well known to Exchange administrators. In this article, we look at how to create and add Azure AD custom security attributes, how to transfer data from Exchange to Azure AD, and how to retrieve information from the attributes. Azure AD custom security attributes have some advantages, but they also have some downsides.

January 4, 2022