Protection for Exchange Online - FileWall Review

The following blog post is a paid review for FileWall expressing the opinion of the author.

FileWall is a 3rd party Cloud Email Security solution for Exchange Online. In general, I am not a huge fan of adding 3rd party solutions into Exchange Online for several reasons…

First, Microsoft does a decent job of virus protection for your mailboxes within Office 365, and that protection is included in the licensing fee for every mailbox. Exchange Online Protection (EOP) is not a flawless system, but I find it to be adequate for most mailboxes in most circumstances. I do find that some customers do not trust Microsoft anti-virus protection, and probably never will. I am not sure if that lack of trust is justified or not, and that is not really the point here.

Read more

Preparing Active Directory for the Cloud

IT departments in organizations of all sizes can expect to be moving resources to one cloud or another in the very near future. This is becoming a fact that all IT professionals are going to need to deal with in the coming years.

One factor that can impact the success of migrations to cloud services is the overall health and preparedness of your on-premises Active Directory. In my experience this is a step that many organizations overlook in their move to cloud resources.

In this blog post, we are going to look at some of the steps an organization can take to prepare an on-premises Active Directory forest before moving resources to the Microsoft cloud. I assume many of these steps will also be relevant for migration to other cloud services, but my focus here is going to be Microsoft cloud services.

Read more

Climbing the Auth Ladder in Azure AD: Rung 2

This blog post is part 3 in a series. If you have not seen parts 1 and 2, you should go back and read those first.

Now we are really on that ladder! For me, MFA should be the default level of security for all Azure AD accounts as I stated in the last post in this series. Now we are getting into “advanced” features that you should consider. The rest of the features we will talk about in this series are going to require high license levels, and more administrative work to implement and maintain. Many accounts in many organizations may not need the higher levels of protection that we will talk about from this point forward.

Read more

Climbing the Auth Ladder in Azure AD: Rung 1

There really are a lot of features within Azure Active Directory that are there to secure you authentication. Makes sense that Microsoft would invest heavily in security, but I think a lot of IT professionals do not take the time to think of authentication deeply enough, I know I have been guilty of that.

This “Climbing the Auth Ladder” series of blog posts I am doing is my attempt to rectify that, at least for myself.

Rung 1 on the Azure AD auth ladder is Multi-Factor Authentication, so that is where this blog post is going to focus.

Read more

New Features for Single Item Recovery

There's a lot of content out there about backups for Office 365. I, personally, have written and spoken a lot about backups for Office 365. If you ask 10 experts, you will probably get 10 different opinions about how, or why, or what you should or should not backup in Office 365. Depending on the day (and let’s be honest, who I am working for) I may give you different answers myself.

Here is one thing I will say every time about backing up Office 365 – before you buy any add-on service, you better know what is built in.

In this blog post, I am going to look at Single Item Recovery for Exchange Online. I will go through what it is, how it works, and what is new in Single Item Recovery.

Read more

Is Password Hash Sync Secure?

I have done a lot of migrations into Office 365. I started doing these migrations around about June 2011 and have been doing them almost constantly since then. One of the questions that I am asked during almost every one of those migrations is if AD FS or Password Hash Sync (PHS) is more secure. There really is not one straight forward simple answer I can give to that question, so I thought it was about time for me to write down my answer as a blog post here.

In this blog post I am going to look PHS and how it works as an authentication option for your Office 365 tenant. I will give you my best recommendation as to which you should be using under what circumstances, and why. I will try to break my overall answer down into a few small chucks as sort of a FAQ style brief. Let us get started.

Read more

Securing Exchange Servers

Securing Exchange servers is hard. I mean it can be a giant pain sometimes. There are what, hundreds of millions or maybe billions of lines of code running on your Exchange servers, right? It doesn’t take much for a typo to get through and open a vulnerability that can then be exploited opening the most important and valuable data within your organization to all kinds of bad actors.

When I was starting my career as an IT pro, generally a virus would just crash your PC. Maybe you would get your hard drive deleted, which was terribly inconvenient but not much of a financial threat to organizations. In 2020, if a hacker can gain access to your IT resources, that person is most often doing so with some sort of monetary goal in mind. That goal might be a ransomware attack, it might be to harvest passwords to sell (notice how I did not say “on the dark web”? I assume that is where most passwords are sold but since this is not a commercial for some sketchy identity protection product, I don’t feel the need to include that bit of extra scare tactic).

There are real world vulnerabilities out that that could be affecting your on-premises Exchange servers right now (okay, maybe a little scare is warranted). In this blog post I’m going to talk about those exploits, how to protect your organization from them, and how to keep your organization safe from future exploits.

Read more

Modern Auth Updates in Exchange Online

The great thing about Office 365 is that it is a constantly updated service. For your subscription, your organization is constantly getting new features and functionality that can greatly improve the overall Office 365 experience. Of course, the downside of that is that IT pros working in Office 365 need to keep up to date on these changes. Luckily for you, you have found this amazing blog post that is going to explain some recent updates to Modern Authentication in Exchange Online.

That’s right. In this blog post, I am going to explain what Modern Authentication is, what the alternative is, why you want it, and how you can implement it in your Exchange Online deployment.

Read more

Do you need to make Exchange Online backups?

Moving from on-premises Exchange into Exchange Online is a big change for multiple reasons. These are different systems that require different administration strategies.

For administrators, one of the best reasons for moving to a cloud service such as Office 365 is that a lot of the tedious and difficult tasks are done for you. Building new servers, checking hard drives for enough space, replacing failed hardware, patching systems and making backups are areas that Microsoft and other cloud service providers will handle for your organization. But one area that requires some attention is Exchange Online backups.

Read more

PowerShell for Teams Reporting

Hello from the bunker! I assume most of you will be reading this blog post from my future, and hopefully the world has returned to something closer to “normal”. By normal, I mean there isn’t a pandemic going on and people can leave their houses. As I write this blog post, I am about a month into the COVID-19 pandemic of 2020 and I haven’t left my house except for trips to the grocery store for what feels like about 20 years.

Regardless of if you’re reading this from your own social distancing hide out, or if you’re back in the office working like you did in 2019, it’s time for organizations to put more effort into their remote worker management. I do think that a lot more people are going to be doing a lot more remote work in the very near future. With more users working remotely, we as IT pros need to focus more on reporting data around our services usage and helping management understand how IT resources are being used.

Read more

How to plot out an Office 365 tenant-to-tenant migration

With the number of users and organizations on Office 365, circumstances will inevitably require some of them to move between tenants.

An Office 365 tenant-to-tenant migration can occur for several reasons, such as after a merger or acquisition or part of a company gets sold. These business events come with complicated legal maneuvers with rigid timelines. Most of these situations require completing tenant-to-tenant migrations on a schedule made by lawyers and executives with little to no regard for the time it takes to move the associated data. It's up to the technical team to work out how to complete the migration and meet their deadline.

Whatever the reason, successfully executing a tenant-to-tenant migration within Office 365 is a complex process with some significant limitations. Let's walk through the process to clarify what's involved with this type of data migration process.

Read more

Keeping Active Directory Healthy

There is no doubt that Microsoft has fully embraced The Cloud. While “Mobile first, cloud first” might be a silly statement, there is no doubt that Microsoft means it. There are very few on-premises products that Microsoft has much interest in selling at all. If there is a cloud-based option for any solution, Microsoft is going to push that cloud version at the expense of the on-premises version.

It’s also clear that Microsoft big advantage over other cloud providers in the ability to provide hybrid solutions. Not every solution can be cloud-only, and aside from maybe Windows itself, I would say Active Directory leads that category. On-premises Active Directory isn’t going away.

In this blog post we’re going to look at on-premises Active Directory and my suggestions for how to keep it healthy. I’ll try to cover all the big points you to keep your organization’s Active Directory happy, healthy and functional.

Read more

What's new with the Exchange hybrid configuration wizard?

Exchange continues to serve as the on-ramp into Office 365 for many organizations. One big reason is the hybrid capabilities that connect on-premises Exchange and Exchange Online.

If you use Exchange Server, it's not difficult to join it to Exchange Online for a seamless transition into the cloud. Microsoft refined the Exchange hybrid configuration wizard to remove a lot of the technical hurdles to shift one of the more important IT workloads into Exchange Online. If you haven't seen the Exchange hybrid experience recently, you may be surprised about some of the improvements over the last few years.

Read more

Authentication Planning in the enterprise

What a great time to be an IT pro. I mean really, who has it better than us? On any given day there is so much going on, so much to learn, so much to improve, I do really enjoy my job(s). As I think about how to open this blog post, it occurs to me that I’ve had some great opportunities in my career. Sort of a “as one door closes, another one opens” sort of thing.

I have spent most of my career as an “email guy”. I started as a Banyan Vines administrator, moved through numerous evolutions of the email concept, and now I find myself at a place where email is being deemphasized. I don’t mean to say email is “done”. I don’t by into that nonsense that Yammer, Slack, Teams, Skype, or any other alternative collaboration platform is ever going to replace what email. Email provides a platform that none of those others can replace. They can add-on and improve the overall enterprise collaboration experience, but I don’t see replace an option that will ever happen.

Read more