Why every organization should enable DANE

Inbound DANE is now several months available in Exchange Online and Outbound DANE has already been automatically active since years. Since a few months Azure DNS also supports DNSSEC, which is a prerequisite for DANE. For those organizations that have a full Microsoft stack, there are now no longer any showstoppers implementing DANE. And I think every organization should make...

Exchange Online Transport Encryption: What You Need to Know from a Security Viewpoint

The Simple Mail Transfer Protocol (SMTP) is originally not secured by design, but there are many additional protocols added to improve security. One such protocol is Transport Layer Security (TLS) that encrypts the connections between mail servers aiming to prevent mail interception. This post discusses the different options with Exchange Online Transport Encryption. I warn you that some of the...

Why Opportunistic TLS and Mail Security Need Your Attention

Opportunistic TLS is the standard configuration for mail transport security on all Message Transfer Agents (MTA) and mail servers. Sending and receiving mail servers will negotiate with each other which encryption they both are able to use. The most secure connection both parties can handle will be used. This means that mail can sent out with no encryption at all....

Exam MS-220 Exchange Online Troubleshooting list of sources

This month the beta exam MS-220: Troubleshooting Microsoft Exchange Online became available. This exam will provide the Microsoft 365 Certified: Exchange Online Support Engineer Specialty. Microsoft Learning announced this new certification in March. Because it’s a beta exam there is not a lot of training material or courses (yet) you can use to prepare. I’ve created a list of reference...

I will host an ESPC live webinar “Controlling your Enterprise Mail flow” on October 26th

I will be hosting a webinar on the 26th of October with the title “Controlling your Enterprise Mail flow”. The European SharePoint, Office 365 and Azure Conference (ESPC) is hosting this live event webinar. It is a topic I have frequently visited before. However, I still find organizations struggle with it. If you are an mail admin and struggling with...

Exchange Online finally has plus addressing!

During the virtual Microsoft Ignite 2020, the Exchange Product Group announced the general availability of plus address support in Exchange Online. This has been a long request feature; I blogged about this in 2014 and Microsoft already announced it during Microsoft Ignite 2019. But now it’s here! Considering enabling Plus Addressing And if your re-read my 2014 post, you might...

Quick tips to limit sending mail to the wrong recipient

It happened to all of us: sending a mail to the wrong recipient. Or disclosing the other recipients to each other.Let me show some quick tips that might help limit your users sending information to the wrong recipient. Embarrassing The Dutch Data Protection Agency (Dutch: Autoriteit Persoonsgegevens) is responsible for the supervision of correct handing of personal data. This agency...

How To: Exchange Authentication Policies

There are several ways how you can protect and limit access to Exchange Online. Conditional Access, Client Access Rules, the older ActiveSync Device rules and, the topic of this post, Authentication Policies. These policies are available in Exchange Online and Exchange Server 2019 since CU2. This article will show you how to implement this. Why use Authentication Policies? Authentication Policies...