Ninja Cat Giveaway: Episode 2 | Mastering email authentication and slashing overrides: Part 2


For this episode, your opportunity to win a plush ninja cat is the following -

Reply to this thread with: Did you spot ninja cat throughout episode? Mention your favorite on-screen ninja cat appearance in this episode along with one thing you’ve learned from this episode of the Ninja Show! 


This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.

54 Replies

I like the cat who was hiding behind the painting at 7:08. 


In general, a very nice tutorial especially since it is spoken very clearly and therefore easy to understand, even for non-native speakers.


I learned some great things. I like the detection of the overrides with KQL (and also the short aka link) 



Like the Ninja Cat going down the rope and jumping with the pencil :) Thank you for putting this together. I have been thinking to fill my "Email Authentication" knowledge gap for a while now. Material is good, short and to the point. Reference to additional articles is also very useful. Thank you one more time!
Thank you Heike and Paul for this episode and in general for the initiative.
The ninja cat who makes pole vault with a pencil on Paul's frame made me laugh.
What I Learned is the capability to use Trusted ARC Senders in addition with SPF,DKIM and DMARC
Great Job !!!
I love the version where the dog :dog_face: runs behind the 🥷 :cat: The whole episode is interesting. I must check the KQL queries again. I handle the review of quarantine mail of a big customer. So with this information i can finetune the spam
I liked Ninja Cat peaking behind the picture on the wall.

I learned that even if spam filters are bypassed the email is still scanned for malware.

@Heike RitterThe Ninja behind the painting was clever and unexpected. Learning some more about ARC sealers is cool, and I'll definitely be able to use some of what I learnt in this episode with the M365 tenants I manage for my clients. 

@Heike Ritter Yes few places Ninja Cat was spotted and the best place was pop up behind the frame, the adhoc run on the screen, rope one was slick. I learnt that we should not trust anyone to allow list whether it is vendor, customer and anyone over the internet. We can addition criteria sending IP address, we can set spam confidence levels to secure and control the spam checking. The advance hunting look and feel demo was excellent too.

So that is definitely Cat1 that shows in the Advanced Hunting query around the ExchangeTransportRule! Paul's comment makes it perfect.
What I learned apart of the Advanced Hunting is a bunch of handy shortcuts to quickly lookup how it all works, thanks for that!
Hi, Thank you for your great video :)
In this video part 14:080-, I've understood that security admin can use advanced hunting to search malicious /blocked emails, and there are many sample KQL queries (EmailEvents) in microsoft learn, it's soo helpful.
Anyway, I love ninja cat ! I'd like to want to get this !
(a bit late to the party, sorry!) I liked the ninja cat running across the top of the screens the most- he's got places to go, sushi to eat!

The biggest takeaway for me was truly the concept of Zero Trust. Just because we trust our vendor, does not mean they have an air-tight solution on their end. Anyone can be compromised at anytime, so it makes sense to Trust No One and Verify Everyone!

This was a lot of fun and I enjoyed the casual setting. Thank you!
I love the plush cat that was chased by the dog, very funny and cute.

I've had hands-on experience with SPF, DKIM and DMARC, the session was a good opportunity for me to review all of them one more time. I also learned that there are two different sender addresses P1 and P2. The one is used in the transmission phase during the protocol, the other one is introduced in the message header during the actual transmission of the data. What we see in the email From is a P2 sender address. And P1 address can be found in message header.
The ninja cat going down the line was awesome. I liked the information on just SPF and DKIM are not good enough, you need to have the DMARC entry for complete safety.

@Heike Ritter 


My favorite appearance o Ninja Cat during this episode was when he climbed down a rope behind Paul's back. :xd:

@Heike Ritter 

I loved Ninja Cat rappelling down the walls and the plush is adorable.


We are transitioning to Exchange Online and having discussions about what rules we should migrate. Seeing this and the recommendations for not bringing those rules over is timely and helpful. It's a great explanation of how you handle allow lists, custom rules and default rules.


Liked the Policies & Rules session like threat policies tenant block and allow list, where the ninjacat was behind the scene ;) Awesome Mastering session !
I saw ninja cat throughout...especially when he is popping up on the shoulder of the presenter in this case Paul. Learned how to allow a message in the TABL using the submission page and not to just blanket apply a domain override.
I saw the ninja cat pop out from under the framed picture! Very sneaky!

This is handy info as we constantly get requests to "allow a domain," but it's much more complicated these days. It's nice to get validation from Microsoft that this is not the recommended path, and that it can get very granular if needed. We've found that many vendors request this out of old practice, but if they have good email security hygiene, it's not needed. Just like you mentioned, vendors can be compromised, and without those controls in place, we in IT will look like we're not doing our jobs if malicious messages from that vendor make it to inboxes.

@Heike Ritter Many ninjacats seen, some a bit more conspicuous than others. The Advanced Hunting section was the most instructive for me. What did you learn most from it? :)

I think I didn't know anything Paul talked about :D
Love the ninja cats everywhere and especially the one going down on the rope on the wall behind Paul and coming down from behind te picture on the wall behind Paul. Love the explaining about how to get less false positive results. Love the real cat that you can see in the reflection of the lower picture on the wall Always say to everyone not the use whitelist and to fix the problem at the side of the sender.