Featured Article
An interesting and worthwhile interview (available on YouTube) with security researcher Amit Serper reveals a lot more detail about the Autodiscover credential leak reported by Guardicore last month. The interview (with three Office 365 MVPs) goes through the collection of leaked credentials, how Serper tried to reproduce the problem, and his interaction with Microsoft. It’s a real pity Serper didn’t include the information in his original report as it would have taken a lot of heat out of the situation.
Latest Video
Latest Articles
It’s often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange – however, the Autodiscover protocol isn’t flawed in the way they describe. Even though the issue is hard to replicate, it shouldn’t distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.
Read More
Teams finally arrives in Apple CarPlay touting support for joining meeting and making calls. We road test this new feature to see whether it lives up to expectations.
Read More
Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don’t think a problem exists with Exchange Online, but it’s possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.
Read More
The Microsoft Graph SDK for PowerShell exists to help developers use Graph API calls from PowerShell. It works, but like anything in life, there’s a right way to connect and use the SDK and a wrong way. In this article we explore topics like how to connect to the right tenant, how permissions are managed (or not), and why running Graph SDK cmdlets interactively isn’t something you should do in production. Good as the SDK is, Microsoft has some big issues to solve to address some obvious security issues.
Read More
Still in public preview, new application authentication method policies will help Microsoft 365 customers adhere to best practices for managing application credentials, while asserting pressure on ISVs to do the same. Going forward we can expect this to turn into a standard configuration, enforced across many organizations. To address the problem, Microsoft is ready to release a set of features to help. In this article, we introduce you to Azure AD application authentication method policies, one of the features in the set.
Read More
In this week’s show, Steve and Paul are joined by Mike weaver for a post-Commsverse roundup, and the latest Microsoft 365, Teams, Viva and Exchange news this week.
Read More
Paul Robichaux provides insights from the independent Microsoft Teams conference, Commsverse, that just took place last week at Mercedez-Benz World outside of London.
Read More
From November 1, 2021, Microsoft requires Outlook 2013 Service Pack 1 (with fixes) as the minimum client version to connect to Exchange Online. Given all the publicity about attacks against the on-premises version of Exchange earlier this year, it’s a wonder why organizations continue to allow people to use outdated client software to connect to Exchange Online. In any case, the drop-dead date is November 1. If you have any old Outlook 2007, Outlook 2010, or Outlook 2013 (before SP1) clients, it’s time to start upgrading.
Read More
Despite the growing acceptance of Azure AD to manage identities, one of its main advantages as a platform that manages and secures identities is Azure AD join (AADJ), which still elicits hesitation amongst many IT professionals. This article delves into the justifications for switching to Azure AD join, breaks down some myths around it, and explains why your default position should be Azure AD join.
Read More
Building a bot used to require developer skills – writing complicated code, deploying it to a resource like Azure, and then performing cumbersome configuration steps to ensure it functioned properly. Now, with the Power Virtual Agents (PVA) app for Microsoft Teams, you can create exceptionally powerful chatbots without having to write a single line of code. What’s more, you don’t need direct access to Azure resources to deploy these bots. There’s no reason to not create a bot for your organization today.
Read More