Microsoft / Office 365 News
Be careful if you haven’t updated Exchange 2010, 2013, 2016 or 2019 yet – a proof of concept attack is in the wild right now
Install the latest CUs or Update Rollups released this February as soon as you can and also do the security update. Various websites and Infosec people are talking about this globally at the moment. CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability.
Updated: Microsoft Exchange Server Health Checker script updated
This is an Exchange Server Health Checker script that helps detect common configuration issues. David Paulson from Microsoft just released 2.41.0.
- This update includes:
- Display-Smb1ServerStatus method optimization
- Checks if your system is vulnerable to the following vulnerability which has been identified early February: CVE-2020-0688: Microsoft Exchange Validation Key Remote Code Execution Vulnerability.
Exchange Team Blog: Basic Auth and Exchange Online – February 2020 Update
As announced last year, this blog post digs into more detail to allow you to analyze who or what applications still use Basic Auth in Exchange Online. The current plans are to disable Basic Auth and Exchange Online in October 2020 – so you should plan ahead.
- Areas covered in the blog post:
- Azure AD Sign-In Report
- Outlook and Basic Authentication
- POP, IMAP and SMTP
- PowerShell and Automation
- Exchange ActiveSync
InTune App Protection Policies
Since we talked about the new Office App on the Practical 365 weekly podcast last week, Microsoft has made improvements to Intune App Protection policies to catch up with this new release.
If you haven’t already, check your Intune App Protection policies to ensure that you have included the new Office App for both iOS and Android.
Microsoft back-track on deploying the Chrome Browser Extension for Bing
This month Microsoft changed their minds, after thinking about it for far too long on plans to automatically deploy a “Microsoft Search in Bing” browser extension as part of Office 365 Pro Plus.
Most importantly, it won’t be deployed automatically.
However, it will be available in an “opt-in” experience – much like we suggested a few weeks ago – so that if you want to on-board users to Microsoft Search, then you’ve got the ability to do so.
For opted-in machines this will only be deployed to AD-joined machines for organizations that have opted in. What about Modern Azure AD joined machines?
And, rather strangely, if you – as an admin – opt-in, users will be able to opt-out themselves… Which doesn’t make a lot of sense if you’re encouraging users to search for organizational information via Microsoft Search…
The version/build won’t be in 2020 – and the release date and build for monthly channel and semi-annual are still to be decided.
New on the Roadmap
- Rolling-out now: Reply-All Storm Protection (Feature ID: 59440)
- When a Reply-All Storm is detected there will be a temporary block on the message for a couple of hours, you will receive a “The conversation is too busy with too many people” error message.
- Rolling-out now: Rich formatting has been added to Outlook for iOS
- This includes Title, header, body with bold, italics, underline, bullets, numbers and URLs.
- Available immediately, so update your Outlook for iOS to get this new feature.
- Rolling-out now: OAuth Support for POP3/IMAP4
- OAuth support to POP3 and IMAP4 to improve security of these legacy protocols.
- New: Poll added to Outlook (Windows)
- A new polling add-in will soon be pre-installed in Outlook for Windows by default, and there will be no need to install the Quick Poll add-in from the store anymore.
- Targeted release is soon, in March 2020.
- New: EOP/ATP Rescue portal
- Office 365 ATP protects customers is by blocking malicious attachments and URLs from reaching end users.
- The Rescue portal will provide a way for customers to allow malicious attachments at the time of click and during mail flow.
- This portal gives admins the opportunity to explicitly allow or block attachments and URLs in your Office 365 tenant.
- This is currently in development and planned for release Q3/CY2020.
Message Center Updates
- Teams Twitter Connector has been retired, as of the 21st Feb
- Microsoft recommends using Power Automate to replace this if you need it.
- This also means that you won’t see new tweets.
- Help for users to manage unhealthy – or broken – links in SharePoint and OneDrive
- Users will now be able to see links that have been broken.
- It’s an uncommon scenario and only applies if advanced APIs are being used to share links and then the link subsequently breaks.
- Mentioned last week – Now Intune App Protection policies for the new Office app are available
- You will need to update your MAM – or App Protection policies, to include the new Office apps.
- A new SharePoint Pages app is rolling out to Teams
- This is from the roadmap, and this will allow users to paste a link to create a new tab, rather than navigating to it.
- Office 365 ATP users
- If you saw campaign views in the roadmap late last year, then the good news is this is generally available.
- This is in the threat intelligence dashboard and provides a campaign view to give you an understanding of phishing campaigns Microsoft has identified as in progress and their timelines, targets, and who clicked what and when.
- This feature is essentially giving you the big picture.