In light of Windows 10: Comparing Service and Privacy agreements

Reading Time: 25 minutesThere's been a lot of media attention regarding Windows 10 and privacy concerns. Unfortunately not all reports contain correct facts while others suggest some of the implemented technology is unique for Windows 10. There's a lot of bad reporting (do some of them even fact check?) or even malicious FUD (Fear, Uncertainty and Doubt) out there. Now, don't get me wrong, knowing how the products you use handle your (meta)data and privacy is IMHO very important and should receive all

Read more

Checking security protocols and ciphers on your Exchange servers

Reading Time: 6 minutesMicrosoft states that Exchange 2010 and 2013 are secure out of the box. With this they mean that every traffic coming in and out of Exchange is one way or another encrypted with security protocols. Whether this is web traffic or specific for SMTP. Even IMAP and POP are enabled with mandatory encryption (although the services are disabled by default). However the past few months we've had reports that specific encryption security protocols and ciphers (algorithms used for encryption and decryption)

Read more

IIS Exploit can reboot your Windows Server; install patch KB3042553 ASAP

Reading Time: 3 minutesThis week Microsoft release a patch for Windows 7/Windows Server 2008 R2 and up that fixed a critical remote execution bug, see MS15-034 and CVE-2015-1635 for more info. Unfortunately the patch was reversed engineered and now an exploit is available. This was detected and described by ISC SANS. They added Denial of Service (DoS) as possible impact, next to Remote Code Execution. As it turns out, the DoS in question actually causes a Blue Screen of Death (BSoD, also known as bugcheck)

Read more

Exchange RBAC might be more granular than you think

Reading Time: 2 minutesMost Exchange admins probably know (or should know )  the permission model since Exchange 2010 is Role Based Access Control, RBAC for short. With it, you can regulate quite granularly what admins and end-user are able to do, without the hassles of Access Control Lists (ACLs). However, it recently became clear that it might be more granular than you think. You can allow only certain types of PowerShell Cmdlets, have only change rights on a certain Organizational Unit (OU)or types

Read more

Apple iPhone 5s TouchID and Exchange ActiveSync (updated)

Reading Time: 3 minutes2013/10/17: Added support statement by Microsoft below Just today I was curious how the Apple biometric convenience solution TouchID on the iPhone 5s would impact password policies enforced by Exchange ActiveSync(EAS). I frequently run into complaints from Android users who previously used a Pattern Lock instead of a PIN to unlock their phones. When my EAS policy sets specific password requirements, the Pattern Lock is replaced by the phone OS to the more traditional PIN (or alphanumeric password) unlock. Unfortunately,

Read more

Blocking iOS 7 in Exchange 2010 & 2013 (updated)

Reading Time: 3 minutesNow that iOS 7 available, it might be interesting to know how to block this version. In the past there were some issues with the Exchange ActiveSync implementation in specific iOS DeviceOS versions (read this and this). Please note that I did not encountered or heard of any ActiveSync issues with iOS 7, but it might be prudent to be prepared. But first we have to find out which DeviceOS versions are already present, or how they are presented to

Read more

How to use the Microsoft Authenticator WP app with Google

Reading Time: 3 minutesA while back, Microsoft enabled the long awaited 2-factor authentication feature for Microsoft Accounts and released a code generator for Windows Phone. But a little know fact is that this app can also be used for the Google Account Two-factor authentication. See the screenshots below on how to do this: Go to the right corner of you Google page and select Account. On the left you will see some options, select Security. Select Settings. When you haven’t entered a mobile

Read more

Exchange and malware protection

Reading Time: 4 minutesThis blog post is something I intended to write for a while now, because it is a question that i get asked a lot. On which Exchange server roles do you need to install the Exchange malware protection software, be it the now no longer for sale Forefront Protection for Exchange or similar products from McAfee, Symantec or GFI and the like. Why is this IMHO a valid question? Well, if we ignore the Microsoft recommendation to install multi-role servers

Read more

Exchange SSL Offloading and the upcoming update blocking certificates with RSA key length less than 1024bit

Reading Time: 2 minutesMicrosoft announced yesterday new approach regarding the validation of certificates coming in august this year. Certificates with a key length less than 1024bit will be blocked: Adding to our defense-in-depth measures, in August, we will release a change to how Windows manages certificates that have RSA keys of less than 1024 bits in length. Once this key length update is released, we will treat all of these certificates as invalid, even if they are currently valid and signed by a

Read more
1 2