Podcasts

On April 4th, I had the great pleasure of being a guest on RunAs Radio. I joined host Richard Campbell to discuss vulnerable Exchange Servers; including:

• Introductions
• The state of HAFNIUM in 2023 and suggestions to stay secure
• Exchange split permissions (RBAC versus Active Directory permission models)
• RunAs Radio mug inception
• Throttling and blocking emails from unsupported Exchange Servers to Exchange Online
• “On-Premises” versus “Partner” Connector types in Exchange Online
• Inbound connectors of type “On-Premises” will be disabled by default in new tenants
• Support the Humanitarian Toolbox
• Deprecation of Remote PowerShell in new Exchange Online tenants created after April 1st, 2023
• Get the Exchange Online PowerShell v3 module (stop using the older versions)
• Exchange 2013 is end of life
• Use Exchange 2019 Management Tools for Exchange Online hybrid management
• Steve Goodman’s GUI for the Exchange 2019 Management Tools
• Security landscape and bad actors in 2023
• Getting rid of Exchange on-premises
• Coauthoring Office 365 for IT Pros 9th Edition
• Closing thoughts

On February 15th, I had the great pleasure of being a guest on RunAs Radio. I joined host Richard Campbell to discuss email transport security; including:

• Introductions
• Coauthoring Office 365 for IT Pros 8th Edition
• Clarifying the acronym soup
• Collecting all 11 RunAs Radio mugs
• Where is Exchange vNext?
• What happens to mail relay if we eliminate our last on-prem Exchange Server?
• How to make email transport more secure
  • Forced TLS vs. Opportunistic TLS
  • DANE for SMTP (DNS Authentication of Named Entities)
  • MTA-STS (Message Transport Agent – Strict Transport Security)
  • DANE versus MTA-STS versus Forced TLS
• How to make individual messages more secure
  • Should we use S/MIME?
  • Need for Office 365 Message Encryption in addition to transport layer security (TLS)
  • Office 365 Message Encryption versus Advanced Message Encryption
• Challenges of Multi-Factor Authentication (“MFA”)
• M365 Maps by Aaron Dinnage
• Domains that do not send email should have Sender Policy Framework (SPF) records
• Homoglyph attacks
• Closing thoughts

Opinion change: Since recording, I think that even if the MTA-STS TXT record was victim to a man-in-the-middle attack it probably would not be much of an issue. If the bad actor changed the ID in the TXT it would simply tell the sender to pull a new policy from a website the recipient owns and controls. As mentioned in the podcast, I believe DANE is the more secure solution. Be sure to consult with your security team about which solution best suits the needs of your organization.

On September 14th, I had the great pleasure of being a guest on On the Line with Cohesity podcast. I joined host Theresa Miller to discuss several M365 topics; including:

• Introductions
• Microsoft Viva and the new employee experience during the pandemic
• The evolution of email security
• Safety Tips to keep your users informed on questionable email
• Microsoft Teams active users in the pandemic
• Teams integrations with other products: Dynamics 365, Service Now.
• Windows 365 Cloud PC
• Windows 11 experience and GUI changes
• How to join the Windows Insider Program to get Windows 11 now
• The benefits of the Office Insiders program and who should enroll in an organization

On January 29th, I had the great pleasure of being a guest on MSP Unplugged. I joined host Jeff Halash to discuss several topics; including:

• Introductions
• TechCon Unplugged 2021
• A brief history of Gareth Gudger
• Staying on-prem versus going to the cloud
• Modern security threats leveraging email
• Benefits of Exchange hybrid for mailbox migrations
• Question from the audience: OneNote file storage options
• OneNote: Windows 10 OneNote vs. Office 365 OneNote
• OneDrive: Syncing and folder redirection
• Syncing vs. Backups
• Windows AutoPilot Overview
• Exchange Server vNext
• Exchange Server vNext subscription licensing
• Loss leaders and cash cows
• MSP Unplugged Patreon and Facebook Group
• Word: True dark mode in Office beta channel
• Edge Chromium supports ClickOnce
• Future of in-person conferences vs. Microsoft’s carbon negative goal

On September 14th, I had the great pleasure of being a guest on RunAs Radio. I joined host Richard Campbell to discuss several hot topics for Exchange and Office 365; including:

• Introductions
• Staying on-prem versus going to the cloud
• Importance of email availability
• Monitoring in the new Exchange Admin Center
• Exchange Server vNext
• Extended deadline for basic authentication deprecation
• Migrating away from basic authentication
• Exchange Server vNext in-place upgrade scenarios
• Exchange Server vNext licensing model
• Certificate-based authentication for unattended Exchange Online scripts
• Eliminating the last Exchange Server on-prem
• Keeping Exchange Server on-prem for SMTP relay
• DANE for SMTP (DNS Authentication of Named Entities)
• Plus Addressing in Exchange Online
• Tenant-to-tenant mailbox migrations in public preview
• SMTP domain sharing preview in development

On July 19th, I had the great pleasure of being a guest on SysAdmin Today. I joined host Paul Joyner to discuss several hot topics for Exchange and Office 365; including:

• Introductions
• Overview of Microsoft MVP Program
• Getting out of the patching and server management business
• Updated Hybrid Configuration Wizard (v17)
• Keeping an Exchange server on-prem for secure mail relay
• GUI for restoring deleted mail for users
• Reply-all storm protection
• Support for DANE / DNSSEC
• New defaults for SMTP Auth
• Deprecation and deadline extension for basic auth
• Getting all users to multi-factor authentication