An interesting and worthwhile interview (available on YouTube) with security researcher Amit Serper reveals a lot more detail about the Autodiscover credential leak reported by Guardicore last month. The interview (with three Office 365 MVPs) goes through the collection of leaked credentials, how Serper tried to reproduce the problem, and his interaction with Microsoft. It’s a real pity Serper didn’t include the information in his original report as it would have taken a lot of heat out of the situation.
Microsoft's Greg Taylor joins MVPs Steve Goodman and Paul Robichaux to discuss the demise of Basic Authentication (AKA Legacy Auth) in Exchange Online.
Yes - one of the core ways someone can exploit your tenant - but you might need it enabled thanks to a pesky vendor's app - will be gone. What do you need to do to prepare? What happens if you do nothing? We find that out, plus much more...
Microsoft plans to retire the now-decrepit and very old EAC on September 1, 2022. The old console has hung on too long, perhaps because Microsoft hasn’t progressed the development of its replacement as quickly as they could have since its 2019 debut. Although Microsoft claims that the new EAC reached feature parity with the old some time ago, any examination of the two consoles proves that this is not the case. With that in mind, it seems like Microsoft has some work to do to make everything ready for the big retirement date in 2022.Read More
There’s no definitive ‘right’ or ‘wrong’ way to structure Teams and channels, however there are some limits and best practices that can be followed to ensure the structures created are easy to use and navigate. This article explores the decision process Team owners can use to assess if a new channel is needed, what type should be used and how to manage large numbers of channels in a team.Read More
On June 30, 2022, Azure AD and Microsoft Online Services cmdlets will stop working for license management. The result is that you need to upgrade PowerShell scripts which use these cmdlets. The choice is to use Graph API calls or cmdlets from the Microsoft Graph PowerShell SDK. In this article, we explore the steps necessary to upgrade a script to remove service plans from an Office 365 license (SKU).Read More
Azure B2B guest accounts are often created during a Merger & Acquisition, so teams from both organizations can easily collaborate during the business and technology integration. However, these external users with B2B Guest accounts in their directory will eventually need to be migrated, which is problematic since B2B Guest accounts aren’t recognized as being licensed. The guest account can be removed and a new one created, but previous permissions would be lost. So how do we preserve permissions, keep collaborating without managing two sets of credentials while preparing the user account for data migrations? This article walks you through a solution that can be used in certain situations to help you easily manage the account to meet your needs.Read More
On the show this week, we’re joined by the Commsverse conference crew to discuss next week’s Teams conference. Missed TEC? Find out about the best bits. And as always the latest Microsoft 365 newsRead More
Microsoft would like Office 365 tenants to use Microsoft 365 retention policies instead of Exchange Online mailbox retention policies. Their stance is reasonable because Microsoft’s engineering effort is focused on workload-agnostic retention across the Microsoft 365 ecosystem. However, mailbox retention policies continue to offer some advantages that aren’t available in the Microsoft 365 equivalent. And they’re cheaper too because they don’t need Office 365 E3 or E5 licenses.Read More
Microsoft MVP Christina Wheeler demonstrates how to automate tasks with Power Automate and trigger events using Teams data. The new Teams connector (currently in preview) enables you to use in Logic Apps, Power Automate, and Power Apps.Read More
A new Exchange vulnerability has been disclosed this week known as ProxyToken that allows someone who can access an Exchange 2013, 2016 or 2019 server over HTTPS to perform configuration actions against mailboxes of their choosing, such as setting forwarding rules. Find out what you need to do to protect your organization.Read More
The cybersecurity paradigm is built on being prepared for the unexpected. Organizations have long relied on strategies like employee training, security procedures and IT solutions help defend against cyber threats. Therefore, it’s imperative for organizations to rethink their security strategies with remote work and the current threat landscape firmly in mind. Paula’s talk at TEC, Hacker’s Paradise: Top 10 Biggest Threats when Working from Home, will provide a deep analysis of the top threats to pay attention to, along with practical recommendations for both technical teams and decision makers.Read More