Quick tips to limit sending mail to the wrong recipient

Embarrassing The Dutch Data Protection Agency (Dutch: Autoriteit Persoonsgegevens) is responsible for the supervision of correct handing of personal data. This agency must be informed when there is a breach with personal data. It’s the agency that has its duties described within GDPR. So, it is extra painful when they themselves are responsible of a data leak. Over a year ago they mailed a press release (link to article in Dutch) to several journalists but used the Carbon Copy (or

Read more

How To: Exchange Authentication Policies

There are several ways how you can protect and limit access to Exchange Online. Conditional Access, Client Access Rules, the older ActiveSync Device rules and, the topic of this post, Authentication Policies. These policies are available in Exchange Online and Exchange Server 2019 since CU2. This article will show you how to implement this. Why use Authentication Policies? Authentication Policies only do one thing: enabling or disabling legacy or basic authentication (I use both terms) on protocols used by Exchange

Read more

I will be speaking at IT/Dev Connections 2018!

Next week I will be speaking at the IT/Dev Connection conference in Dallas (TX) during 16-18th October 2018, which is particularly exciting for me as it is the first time I will present in the USA! The session title is “Securing, Protecting, and Managing the Flow of Corporate Communications”. The session abstract tells you a bit more: Simple Mail Transport Protocol, or as it is better known, SMTP, should be simple. It says so in the name. However, the internet

Read more

I will be speaking at the European Collaboration Summit 2018

Some exciting news! I’ll be speaking at the European Collaboration Summit 2018 in Mainz, Germany on May 28-30. My session is “Securing Exchange Online” and during that hour I will go through the capabilities of Exchange Online (Office 365) to further secure your email data and mail flow based on up-to-date know-how. It’s a topic I like, is quite relevant and popular, I also have to update my session every time with new information and considerations. The Summit itself looks

Read more

Office 365 to enforce TLS 1.2 per October 15, 2020

Update 21 July 2020 Microsoft has set a new date for the deprecation of TLS1.0 and 1.1, after a previous postponement due to the pandemic. You can find it in the Microsoft 365 Message Center message MC218794, which also references this Docs article. From October 15, 2020 onward, Microsoft will gradually enforce TLS1.2 on Office 365 services. Note that this enforcement change will take to roll-out to every tenant etc., so you might not see it immediately. I hope everybody

Read more

I'll be speaking at E-Communications & Collaboration Day 2017 (BE-COM.eu) on May 3rd 2017

In a few weeks, I’ll be travelling to Novotel Leuven in my neighboring country Belgium for the E-Communications & Collaboration Day 2017, a full-day (May 3rd 2017) of expert presentations and content about Office 365, Exchange, Skype for Business and related technologies. During this day, I will be presenting “Securing Exchange Online”: In this session, Dave Stork will go through the capabilities of Exchange Online (Office 365) to further secure your email data and mail flow. Questions like: •    How

Read more

Creating an Activity alert in Office 365

Within Office 365 you can use Audit Logging to monitor specific actions admins and users take. It’s comparable with Auditing within Exchange, but for most of all actions available in your Office 365 tenant. However, you need to do a search to find those actions perhaps long after the fact. That might be adequate for most organizations, but it would be nice to get an near immediate alert on the important stuff. Luckily, that is also possible! Consider the following

Read more

The end is nigh for Exchange 2007: support nearing end and some other reasons to upgrade

The Exchange Team blog reminded us today that in about a year the extended support for Exchange Server 2007 will end. This means no more updates of any kind, not even security updates. Feature updates already stopped 4 years earlier when Mainstream support ended. The product will continue to run, but how longer it’s being kept in production that will add some risk to your environment due to security issues not being fixed. You can find lifecycles of other Microsoft

Read more

In light of Windows 10: Comparing Service and Privacy agreements

There's been a lot of media attention regarding Windows 10 and privacy concerns. Unfortunately not all reports contain correct facts while others suggest some of the implemented technology is unique for Windows 10. There's a lot of bad reporting (do some of them even fact check?) or even malicious FUD (Fear, Uncertainty and Doubt) out there. Now, don't get me wrong, knowing how the products you use handle your (meta)data and privacy is IMHO very important and should receive all

Read more

Checking security protocols and ciphers on your Exchange servers

Microsoft states that Exchange 2010 and 2013 are secure out of the box. With this they mean that every traffic coming in and out of Exchange is one way or another encrypted with security protocols. Whether this is web traffic or specific for SMTP. Even IMAP and POP are enabled with mandatory encryption (although the services are disabled by default). However the past few months we've had reports that specific encryption security protocols and ciphers (algorithms used for encryption and decryption)

Read more
1 2