Exchange

On the Line with Cohesity #44: Updates on M365 and more!

September 19, 2021 By Gareth Gudger Leave a Comment

2 Shares

On September 14th, I had the great pleasure of being a guest on On the Line with Cohesity podcast. I joined host Theresa Miller to discuss several M365 topics; including:

Introductions
Microsoft Viva and the new employee experience during the pandemic
The evolution of email security
Safety Tips to keep your users informed on questionable email
Microsoft Teams active users in the pandemic
Teams integrations with other products: Dynamics 365, Service Now.
Windows 365 Cloud PC
Windows 11 experience and GUI changes
How to join the Windows Insider Program to get Windows 11 now
The benefits of the Office Insiders program and who should enroll in an organization

[Read more…]

Workaround: Replying to a message with an invalid S/MIME digital signature fails

July 22, 2021 By Gareth Gudger Leave a Comment

0 Shares

If you received a message with an invalid or untrusted S/MIME digital signature, you might have problems replying to that message with Outlook on the Web (OWA).

The inability to reply is not necessarily a bad thing as it might indicate an impersonation attempt. Impersonation is where a bad actor pretends to be someone you know, often for financial gain. A common example of impersonation is a bad actor pretending to be a CEO asking their company accountant to wire money to the bad actor’s bank account.

So, if you see a failed digital signature, it is a good time to pause and determine if the sender really is who they say they are through other verified mechanisms (e.g., call them on a trusted phone number). Then validate if they are aware of the digital signature issue to see if they are already working to resolve it.

If using a product like Office 365, you can also check if the message has failed any impersonation checks. For example, are safety tips in OWA warning that you don’t typically receive mail from this sender with that email address.

The screenshot below provides an example of a message received in OWA where the S/MIME digital signature is not considered valid or trusted. Clicking the click here link gives us some additional insight into the error. We can see OWA does not trust this certificate because it has a broken certificate chain, more than likely caused by a missing or expired intermediary cert.

The digital signature on this message isn't valid or trusted OWA

When attempting to reply to this message in OWA, you may receive the following error.

This message can't be sent right now. Please try again later.

This message can't be sent right now. Please try again later.

[Read more…]

Former Calendar Delegate still receives meeting notifications

July 21, 2021 By Gareth Gudger 1 Comment

10 Shares

Calendar delegation allows a user to manage someone else’s calendar on their behalf. For example, an assistant could be granted delegator rights to their manager’s calendar. Through delegation, the assistant has the right to add, edit, or delete items from their manager’s calendar. A delegate can also be granted the ability to view items marked as private. Aside from calendar permissions, the delegate can receive meeting invites on behalf of the delegator and respond to those invites (accept, decline, tentative, propose new time).

When an assistant no longer needs to access their manager’s calendar, they can be removed as a delegate. Either the manager can do this via the Outlook client or an Exchange administrator by using PowerShell. When their delegation rights have been removed, all access to the calendar is revoked. In addition, meeting invites are no longer sent to the delegate to accept or decline.

It is possible that even when the delegate permissions have been revoked, the assistant could still unexpectantly receive items sent to their manager. In this article, we look at a couple of possible areas that could be forwarding these items to the former delegate.

Let’s get started!

Verify the user is no longer a delegate

The first item to confirm is whether the delegate rights have been properly removed. To do this, connect to Exchange PowerShell and run the following command.

 C:\> Get-MailboxFolderPermission -Identity river.song@xyz.com:\Calendar

FolderName            User                  AccessRights
----------            ----                  ------------
Calendar              Default               {AvailabilityOnly}
Calendar              Rory Williams         {Editor}

In the example above, we are checking the calendar permissions for the user River Song. We use the Get-MailboxFolderPermission command for this purpose. The Identity parameter is a combination of the delegator’s email address and the folder in question. In this case, the calendar folder. You can also use this command against any other folder in the mailbox. In our example, we want to see if River Song’s former assistant, Amy Pond, still has any rights to River’s calendar.

The example output returns two entries. The first is for a user named Rory Williams. We see Rory Williams has editor rights to River’s calendar. We also see a user named Default. Default is the default permission users receive if they have not been granted explicit permissions. In the example above, Rory Williams would receive editor rights to River’s calendar, whereas all other users will only see River’s free/busy information (availability only). Amy Pond is not identified in this output, so she should only receive free/busy information. In this example, Amy is not a delegate.

If the output had returned Amy Pond as a user, we could remove those rights using the Remove-MailboxFolderPermission. For example, to remove all of Amy’s permissions from River’s calendar folder, we would issue the following command.

 C:\> Remove-MailboxFolderPermission -Identity river.song@xyz.com:\Calendar 
-User amy.pond@xyz.com

[Read more…]

Exchange Server Cumulative Updates (March 2021)

March 20, 2021 By Gareth Gudger Leave a Comment

9 Shares

This week saw some critical cumulative updates for Exchange 2016 and Exchange 2019. These new updates contain the security patches previously released on March 2nd. Organizations that apply these cumulative updates don’t need to install the previous security patch.

The exception to this is those organizations on Exchange 2010 or Exchange 2013, where no update has superseded the March 2nd security patch. Those on Exchange 2010 and 2013 must ensure that they have the March 2nd patch applied as soon as possible.

The updates are as follows:

Exchange 2019 Cumulative Update 9 | KB4602570

Exchange 2016 Cumulative Update 20 | KB4602569 | UM Language Pack

Exchange 2013 Security Update | KB5000871 (March 2nd Security Patch)

Exchange 2010 SP3 Rollup 32 | KB5000978 (March 2nd Security Patch)

Tackling the March 2nd security exploits

It is imperative to protect yourself from the exploits published on March 2nd. HAFNIUM, a cyberespionage group with ties to the Chinese government, has leveraged these Exchange Server exploits to infiltrate victims’ networks to deliver malware and other malicious payloads with varying motives, primarily to exfiltrate confidential data.

First, patching is imperative.

Those on Exchange 2016 or 2019 should apply the latest cumulative update.
Those on Exchange 2013 will need to install Cumulative Update 23 (released June 2019), followed by the March 2nd, 2021 security patch.
Those on Exchange 2010 need to install rollup 32.

Note: On March 8th Microsoft updated the security patch allowing it to be installed on older cumulative updates. This aided organizations that could not yet upgrade to the latest cumulative update. Note that applying the security patch and then upgrading to an older CU (rather than the latest) will expose your organization to the exploits again.

Once you are fully patched, I recommend running the Microsoft Safety Scanner (also known as the Microsoft Emergency Response Tool), which detects and remediates all known malware. This is a self-executing program that can be downloaded here.

I recommend running a full system scan. Note that it takes a few hours to run a scan, and it may spike your CPU, so it’s best to do this during a maintenance window. If you have a database availability group, consider putting the server into maintenance mode so that you can run the scanner with zero user impact.

[Read more…]

MSP Unplugged Podcast – Office 365 Tips

February 1, 2021 By Gareth Gudger 2 Comments

9 Shares

On January 29th, I had the great pleasure of being a guest on MSP Unplugged. I joined host Jeff Halash to discuss several topics; including:

Introductions
TechCon Unplugged 2021
A brief history of Gareth Gudger
Staying on-prem versus going to the cloud
Modern security threats leveraging email
Benefits of Exchange hybrid for mailbox migrations
Question from the audience: OneNote file storage options
OneNote: Windows 10 OneNote vs. Office 365 OneNote
OneDrive: Syncing and folder redirection
Syncing vs. Backups
Windows AutoPilot Overview
Exchange Server vNext
Exchange Server vNext subscription licensing
Loss leaders and cash cows
MSP Unplugged Patreon and Facebook Group
Word: True dark mode in Office beta channel
Edge Chromium supports ClickOnce
Future of in-person conferences vs. Microsoft’s carbon negative goal

[Read more…]

Exchange Online Updates (December 2020)

December 23, 2020 By Gareth Gudger Leave a Comment

11 Shares

Plus Addressing in Exchange Online

During Ignite 2020, Microsoft announced that plus addressing was coming to Exchange Online. Plus addressing allows users to create their own unique email addresses by leveraging a plus sign in their email address—for example, john.smith+newsletter@contoso.com. Anything after the plus sign is completely at the discretion of the user.

This becomes particularly useful when you want to target newsletters to a unique email address, especially when configuring inbox rules. It is also useful to determine who might have sold or leaked your email address.

To leverage this feature, an administrator must enable it globally (by default, it is disabled). To do this, log onto Exchange Online PowerShell. First, let’s verify if plus addressing is disabled. We do this with the following command.

 C:\> Get-OrganizationConfig | FL AllowPlusAddressInRecipients

AllowPlusAddressInRecipients : False

From our output, we can see that plus addressing is disabled in our tenant. To enable, run the following command.

 C:\> Set-OrganizationConfig -AllowPlusAddressInRecipients $true

To confirm the setting has taken effect, rerun Get-OrganizationConfig.

Users can then start leveraging plus addresses. Emails addressed to a plus address will appear in the user’s inbox without any further user intervention. From there, the user can build inbox rules for the plus addresses if they desire.

[Read more…]

On the Line with Cohesity #44: Updates on M365 and more!

Workaround: Replying to a message with an invalid S/MIME digital signature fails

Former Calendar Delegate still receives meeting notifications

Verify the user is no longer a delegate

Exchange Server Cumulative Updates (March 2021)

Tackling the March 2nd security exploits

MSP Unplugged Podcast – Office 365 Tips

Exchange Online Updates (December 2020)

Plus Addressing in Exchange Online

Site Navigation

Want to stay up to date?

Join the conversation

Exchange

Verify the user is no longer a delegate

Tackling the March 2nd security exploits

Plus Addressing in Exchange Online

Footer

Site Navigation

Want to stay up to date?

Join the conversation