Posts

202301 - Exchange onpreme - PowerShell Serialization Payload Signing

Image
Released: January 2023 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-january-2023-exchange-server-security-updates/ba-p/3711808 https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ 1.  Update KB5022143 (Exchange SU) 2. Run latest HealthCherker 3.  PowerShell Serialization Payload Signing https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ Certificate signing of PowerShell serialization payload in Exchange Server https://support.microsoft.com/en-us/topic/certificate-signing-of-powershell-serialization-payload-in-exchange-server-90fbf219-b0dd-4b2c-8a68-9d73b3309eb1 4.  MonitorExchangeAuthCertificate    https://microsoft.github.io/CSS-Exchange/Admin/MonitorExchangeAuthCertificate/ 5.                 New-SettingOverride -Name "EnableSigningVerification" -Component Data -Section EnableSerializationDataSigning -Parameters @("Enabled=true&qu

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

 https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

Welcome to the 2022 MEC Airlift!

Image
https://mecairlift.event.microsoft.com/ Get Ready for Basic Auth Deprecation in Exchange Online Sept 13, 2022 | 8:00am - 8:50am Ask the Experts: Basic Auth Deprecation in Exchange Online Sept 13, 2022 | 9:00am - 9:50am Messaging Security: Deep dive into Exchange Online Protection, Microsoft Defender for Office 365 and other Messaging Security Features Sept 13, 2022 | 9:00am - 9:50am Delighting Exchange Online Admins Sept 13, 2022 | 10:00am - 10:50am Deep Dive: Increasing mail flow security posture Sept 13, 2022 | 10:00am - 10:50am Exchange Online Onboarding Updates Sept 13, 2022 | 11:00am - 11:50am Recent and Upcoming Features from the Exchange Transport team Sept 13, 2022 | 11:00am - 11:50am Cross-tenant user data migration in Exchange Online Sept 13, 2022 | 12:00pm - 12:50pm Exchange Online and Exchange Hybrid Tips & Tricks Sept 13, 2022 | 2:00pm - 2:50pm Secure Exchange Online with Privileged Identity Management Sept 14, 2022 | 7:00am - 7:50am Troubleshooting Slow Email Deliver

Exchange Extended Protection Service - 前置作業

Image
前置作業  若有Exchange ORG 中有Modern Hybrid server、Public Folder 等使用,可請排除或再詳細確認支援事項,也可參閱worldwide 的用戶反饋經驗 完成最新的CU & SU,基本支援N-1,如Exchange 2016 CU22也支援,但強烈建議直接上 到最新的CU23 (2022H1 CU)  所有EX 的CU/SU 版本要一致,可用Get-ExchangeServer | ft name, *version*  每台Exchange Server 上的TLS設定需完全相同 https://docs.microsoft.com/en-us/exchange/exchange-tls-configuration?view=exchserver-2019 可統一執行下列機碼 (部分需重開機才會生效)  HealthChecker 也可檢查TLS 配置 可透過模擬方式執行腳本觀看結果 .\ExchangeExtendedProtectionManagement.ps1 -WhatIf 可用的參數詳細介紹 https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/ 執行路徑有debug log 可參考 完成模擬執行結果,詳細列出異動的步驟 實際執行結果 心得: 若組織內有多台Exchange Server 且分布多個site 如全球,那檢查步驟有可能非常耗時 執行前及執行後多用HealthChecker 驗證結果 EP 執行後不需要重開機或重設IIS

LAB: Manual enablement of Windows Extended Protection on Exchange Hybrid Server (classic hybrid)

Image
#ExchangeHybird #Exchagne2016 #Extended-Protection(EP) Reference https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862 https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/ Apply AUG SU for CU23 Exchange2016-KB5015322-x64-en Download EP powershell .\ExchangeExtendedProtectionManagement.ps1 -SkipExchangeServerNames lab1-hybrid-01 .\ExchangeExtendedProtectionManagement.ps1 -ShowExtendedProtection Before apply EP After apply EP

E15: Exchange 2013 MAPI over HTTP

Image
    Messaging Application Programming Interface (MAPI) over HTTP 是 Microsoft Exchange Server 2013 Service Pack 1 (SP1) 和 Microsoft Outlook 2013 SP1 所實作的新式傳輸通訊協定。 MAPI over HTTP 將傳輸層提升為符合業界標準的 HTTP 模型 ,因而改善了 Outlook 和 Exchange 連線的可靠性與穩定性。這可更清楚地檢視傳輸錯誤,並可增強復原能力。此外, 也具有支援明確暫停和繼續功能的能力。這讓受支援的用戶端能夠變更網路或從休眠狀態恢復,同時保有相同的伺服器內容。 實作 MAPI over HTTP,並不表示這是唯一可供 Outlook 用來存取 Exchange 的通訊協定。不具 MAPI over HTTP 功能的 Outlook 用戶端, 仍可使用 Outlook Anywhere (RPC over HTTP),透過擁有 MAPI 功能的 Client Access Server 來存取 Exchange。 MAPI over HTTP 的優點 MAPI over HTTP 可為使用 Outlook 2013 SP1 的用戶端提供下列優點: 採用以 HTTP 為基礎的通訊協定,可支應未來在驗證方面的創新能力。 縮短通訊中斷後所需的重新連線時間,因為只需重新建立 TCP 連線即可,而不需要 RPC 連線。通訊中斷的範例包括: 裝置休眠 從有線網路變更為無線或行動數據網路 提供無需依賴連線的工作階段內容。伺服器可在設定的時段內保有工作階段內容,即便使用者變更網路亦然。

E15: Exchange 2013 傳輸規則新功能 - 支援DLP

  Exchange 2013 Transport Rules 支援 DLP Support for data loss prevention policies Data loss prevention (DLP) features in Exchange 2013 can help organizations reduce unintentional disclosure of sensitive data. Transport rules have been updated to support creating rules that accompany and enforce DLP policies. To learn more about DLP support in transport rules, see the following topics: Integrating sensitive information rules with transport rules Data loss prevention 新述詞 AttachmentExtensionMatchesWords 用於偵測包含特定副檔名附件的郵件訊息。 AttachmentHasExecutableContent    用於偵測包含可執行檔附件的郵件訊息。 HasSenderOverride 用於偵測寄件人選擇覆寫 DLP 原則限制的郵件訊息。 MessageContainsDataClassifications    用於偵測郵件內文與任何附件中的敏感資訊 。如需可用的資料分類清單,請參閱 敏感資訊類型詳細目錄 。 MessageSizeOver    用於 偵測整體容量大於或等於指定上限的郵件訊息 。 SenderIPRanges    用於 偵測特定 IP 位址範圍中傳送的郵件訊息 。 新動作 GenerateIncidentReport    產生傳送至指定 SMTP 地址的附