A typical headache for Microsoft Exchange Server administrators is to setup load-balancing with port 25. They face the issue that, typically in these setups, they no longer see the source client IPs of the actual clients; All traffic is translated and is presented to the SMTP service with the load balancer IP as source. This … Continue reading "Field notes: Make the actual source client IP visible for a load-balanced SMTP service"
Author: Bastiaan Arkesteijn
Field Notes: DKIM and missing selector records
During a project with one of my customers, I was tasked to look at a non-delivery report (NDR) for a mail message. The bounce error was pretty confusing, but after reviewing the headers, we noticed that the DKIM check had failed. This was a bit of a surprise, because the message was sent from Microsoft … Continue reading "Field Notes: DKIM and missing selector records"
Field Notes: Meeting the requirements for Interoperability between Microsoft Teams and Microsoft Exchange Server
In this blog post, I want to walk you through my experiences with setting up and enable the interoperability between Microsoft Teams and on-premises Microsoft Exchange Server environments. Since the beginning of this year, Microsoft Teams adoption has seen a tremendous uptick in usage. Organizations needed to adopt Microsoft Teams as their Unified Communications (UC) … Continue reading "Field Notes: Meeting the requirements for Interoperability between Microsoft Teams and Microsoft Exchange Server"
Field notes: What is the current default SMTP certificate for your Exchange Server environment?
The last couple of weeks I have been working with several Microsoft Exchange Server environments. I encountered lots of expired certificates. Organizations wanted help with that. One of the questions that kept coming back was: Do I press Yes to change the default certificate, when I enabled the certificate for SMTP? The official answer is … Continue reading "Field notes: What is the current default SMTP certificate for your Exchange Server environment?"
Security Officer: Please block the iOS native mail app (for) now!
Last week an announcement was made: The native mail app in Apple's iOS has zero-day vulnerabilities, deemed critical. No patch is available at this time. More information about the vulnerability can be found here. For you as IT admin this means that you probably have work to do. The main questions you may be facing … Continue reading "Security Officer: Please block the iOS native mail app (for) now!"
Field Notes: How has your Azure AD Connect been configured?
As a consultant, I see a lot of different environments. Often, I need to know the answer to one of the most important questions: What did you select during the setup of Azure AD Connect? The answers vary: A colleague did the setup and has left the company, department… A external supplier did the setup … Continue reading "Field Notes: How has your Azure AD Connect been configured?"
Field notes: Azure AD Identity protection end-user perspective
In my previous blog post Field Notes: Azure AD Identity Protection we looked at the administrator perspective on Identity Protection. The focus was how to protect your corporate accounts. In this blog the focus is the end-user (employee and IT staff) experiences. The experiences I want to share are: Suspicious Activity User with a high-risk … Continue reading "Field notes: Azure AD Identity protection end-user perspective"
Field notes: Azure AD Identity Protection
I'm managing several Azure AD tenants with a wide variety of licenses and settings. I've had a focus on Azure AD Identity Protection for the last weeks, so I'm sharing my field notes with you. What is Azure AD Identity Protection? Let's start with a little introduction. Microsoft has a lot of experience with identities … Continue reading "Field notes: Azure AD Identity Protection"
Enable Valimail Single Sign-On with Azure Active Directory
In my previous blogpost, I described how to enroll Valimail Monitor for Office 365. The initial setup is based on credentials, stored at Valimail. This results in another set of credentials that needs to be remembered, needs to be stored in a password vault, another set that may be leaked… Additional admins and/or auditors also … Continue reading "Enable Valimail Single Sign-On with Azure Active Directory"
Valimail Monitor for Office 365: Your Free DMARC Reporting Tool
On their security blog on the 3rd of June 2019, Microsoft announced that Valimail Monitor for Office 365 is available. This option enables organizations using Exchange Online from Office 365 for their company mail to leverage DMARC. The Road to securing E-Mail Cyberattacks are common these days. These attacks can be actively targeting your organization … Continue reading "Valimail Monitor for Office 365: Your Free DMARC Reporting Tool"