An interesting and worthwhile interview (available on YouTube) with security researcher Amit Serper reveals a lot more detail about the Autodiscover credential leak reported by Guardicore last month. The interview (with three Office 365 MVPs) goes through the collection of leaked credentials, how Serper tried to reproduce the problem, and his interaction with Microsoft. It’s a real pity Serper didn’t include the information in his original report as it would have taken a lot of heat out of the situation.
Microsoft's Greg Taylor joins MVPs Steve Goodman and Paul Robichaux to discuss the demise of Basic Authentication (AKA Legacy Auth) in Exchange Online.
Yes - one of the core ways someone can exploit your tenant - but you might need it enabled thanks to a pesky vendor's app - will be gone. What do you need to do to prepare? What happens if you do nothing? We find that out, plus much more...
It’s often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange – however, the Autodiscover protocol isn’t flawed in the way they describe. Even though the issue is hard to replicate, it shouldn’t distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.Read More
Teams finally arrives in Apple CarPlay touting support for joining meeting and making calls. We road test this new feature to see whether it lives up to expectations.Read More
Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don’t think a problem exists with Exchange Online, but it’s possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.Read More
In this week’s show, Steve and Paul are joined by Mike weaver for a post-Commsverse roundup, and the latest Microsoft 365, Teams, Viva and Exchange news this week.Read More
From November 1, 2021, Microsoft requires Outlook 2013 Service Pack 1 (with fixes) as the minimum client version to connect to Exchange Online. Given all the publicity about attacks against the on-premises version of Exchange earlier this year, it’s a wonder why organizations continue to allow people to use outdated client software to connect to Exchange Online. In any case, the drop-dead date is November 1. If you have any old Outlook 2007, Outlook 2010, or Outlook 2013 (before SP1) clients, it’s time to start upgrading.Read More
Building a bot used to require developer skills – writing complicated code, deploying it to a resource like Azure, and then performing cumbersome configuration steps to ensure it functioned properly. Now, with the Power Virtual Agents (PVA) app for Microsoft Teams, you can create exceptionally powerful chatbots without having to write a single line of code. What’s more, you don’t need direct access to Azure resources to deploy these bots. There’s no reason to not create a bot for your organization today.Read More