Subscribe

Latest Posts

Why a Potential Autodiscover Flaw is Just the Tip of an Iceberg

It's often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange - however, the Autodiscover protocol isn't flawed in the way they describe. Even though the issue is hard to replicate, it shouldn't distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.

September 28, 2021

Hot Air and Publicity for Purported Autodiscover Security Flaw

Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don't think a problem exists with Exchange Online, but it's possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.

September 23, 2021

Connecting to the Microsoft Graph Using the PowerShell SDK

The Microsoft Graph SDK for PowerShell exists to help developers use Graph API calls from PowerShell. It works, but like anything in life, there's a right way to connect and use the SDK and a wrong way. In this article we explore topics like how to connect to the right tenant, how permissions are managed (or not), and why running Graph SDK cmdlets interactively isn't something you should do in production. Good as the SDK is, Microsoft has some big issues to solve to address some obvious security issues.

September 23, 2021

Azure AD App Management Method Policies Harden Application Security Posture

Still in public preview, new application authentication method policies will help Microsoft 365 customers adhere to best practices for managing application credentials, while asserting pressure on ISVs to do the same. Going forward we can expect this to turn into a standard configuration, enforced across many organizations. To address the problem, Microsoft is ready to release a set of features to help. In this article, we introduce you to Azure AD application authentication method policies, one of the features in the set.

September 22, 2021

Contemplating Commsverse

Paul Robichaux provides insights from the independent Microsoft Teams conference, Commsverse, that just took place last week at Mercedez-Benz World outside of London.

September 21, 2021

Old Versions of Outlook for Windows Stop Connecting to Exchange Online November 1

From November 1, 2021, Microsoft requires Outlook 2013 Service Pack 1 (with fixes) as the minimum client version to connect to Exchange Online. Given all the publicity about attacks against the on-premises version of Exchange earlier this year, it's a wonder why organizations continue to allow people to use outdated client software to connect to Exchange Online. In any case, the drop-dead date is November 1. If you have any old Outlook 2007, Outlook 2010, or Outlook 2013 (before SP1) clients, it's time to start upgrading.

September 20, 2021

Why Aren’t You Creating Bots for Microsoft Teams?

Building a bot used to require developer skills - writing complicated code, deploying it to a resource like Azure, and then performing cumbersome configuration steps to ensure it functioned properly. Now, with the Power Virtual Agents (PVA) app for Microsoft Teams, you can create exceptionally powerful chatbots without having to write a single line of code. What’s more, you don’t need direct access to Azure resources to deploy these bots. There’s no reason to not create a bot for your organization today.

September 16, 2021

Microsoft to Retire Old Exchange Admin Center in Office 365 Next Year

Microsoft plans to retire the now-decrepit and very old EAC on September 1, 2022. The old console has hung on too long, perhaps because Microsoft hasn't progressed the development of its replacement as quickly as they could have since its 2019 debut. Although Microsoft claims that the new EAC reached feature parity with the old some time ago, any examination of the two consoles proves that this is not the case. With that in mind, it seems like Microsoft has some work to do to make everything ready for the big retirement date in 2022.

September 14, 2021

P365 Goes to Commsverse!

Mike Weaver, Paul Robichaux and Steve Goodman head to Commsverse on Sept 15 & 16 at Mercedez-Benz World just outside of London, UK. Learn more about the hybrid conference as well as the session that Mike and Paul are hosting together - 'Teams Tenant-to-Tenant Challenges: It Just Keeps Getting Worse!'

September 13, 2021

How Many Channels Should a Team Have?

There's no definitive 'right' or 'wrong' way to structure Teams and channels, however there are some limits and best practices that can be followed to ensure the structures created are easy to use and navigate. This article explores the decision process Team owners can use to assess if a new channel is needed, what type should be used and how to manage large numbers of channels in a team.

September 10, 2021