cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange Team Blog

You Had Me at EHLO..
Options
4,710

Use Authentication Policies to Fight Password Spray Attacks

The_Exchange_Team on Oct 03 2022 02:19 PM
You should read this post if basic authentication is in use in your tenant for any protocol.
12.6K

Exchange Online email applications stopped signing in, or keep asking for passwords? Start here.

The_Exchange_Team on Oct 01 2022 07:30 AM
If your email clients stopped signing in starting October (as we disable basic authentication in Exchange Online) - this...
46.4K

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

The_Exchange_Team on Sep 30 2022 12:06 AM
We have gotten several questions from our customers related to recent reports of new zero-day vulnerabilities impacting ...
6,258

Deprecation of Client Access Rules in Exchange Online

The_Exchange_Team on Sep 27 2022 07:09 AM
Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023.
8,835

Exchange Online PowerShell V3 Module General Availability

The_Exchange_Team on Sep 20 2022 06:56 AM
The Exchange Online PowerShell v3 module (the v3 module) is now Generally Available.
4,830

Notes from the field: does Outlook for Mac insist on using basic auth with Exchange Online?

The_Exchange_Team on Sep 16 2022 10:45 AM
It may be frustrating to find some Outlook for Mac clients that are up to date but still turning up in your sign-in repo...
7,959

An update to the Exchange Server Extended Protection script is now available

The_Exchange_Team on Sep 15 2022 03:23 PM
We’ve released an update to the script for enabling Extended Protection on your Exchange Servers after the installation ...
7,361

Join us Sept 13-14 at the Microsoft Exchange Community (MEC) Technical Airlift

The_Exchange_Team on Sep 09 2022 08:40 AM
MEC is Back! Join us September 13-14 for this free, digital airlift dedicated to Exchange Online and Exchange Server
4,522

#WeAreMEC: IN CASE YOU MISSED IT... MEC is back September 13-14!

Scott Schnoll on Sep 07 2022 09:53 AM
It’s been a while since our last MEC, and a lot has changed since then. The MEC Technical Airlift is a free, digital eve...
288K

Basic Authentication Deprecation in Exchange Online – September 2022 Update

The_Exchange_Team on Sep 01 2022 08:00 AM
Starting on October 1st, 2022 we’re going to start to turn off basic authentication for specific protocols in Exchange O...
8,210

Decommissioning Exchange Server 2013

The_Exchange_Team on Aug 31 2022 07:33 AM
To help Exchange 2013 customers move to a newer version of Exchange Server, here’s an overview of Exchange 2013 decommis...
4,968

Looking Into Exchange Server Disk I/O Latency Issues

The_Exchange_Team on Aug 30 2022 07:50 AM
Traditionally, disk latency is one of main areas to explore if you are seeing performance issues with Exchange Server.
5,066

Converting mailboxes already migrated to Exchange Online to Shared mailboxes

The_Exchange_Team on Aug 29 2022 08:57 AM
How do you convert mailboxes already migrated to Exchange Online to Shared mailboxes? Read on!
11.4K

Notes from the field: Using OAuth for ActiveSync and POP/IMAP in Exchange Online

The_Exchange_Team on Aug 22 2022 08:54 AM
We wanted to address two areas that prompt questions about using OAuth in Exchange Online: Exchange ActiveSync (EAS) rep...
5,289

Finding Transport Rule Size Part 2 – Regex Limit

The_Exchange_Team on Aug 11 2022 12:48 PM
We have received questions from customers who want to know how to determine the character limit for regular expressions ...
112K

Released: August 2022 Exchange Server Security Updates

The_Exchange_Team on Aug 09 2022 10:04 AM
We are releasing a set of security updates for Exchange Server 2013, 2016 and 2019.
22.7K

Announcing OAuth 2.0 Client Credentials Flow support for POP and IMAP protocols in Exchange Online

The_Exchange_Team on Jun 30 2022 11:04 AM
Today, we’re excited to announce the availability of OAuth 2.0 authentication via client credentials grant flow for the ...
11.7K

Exchange Server 2013 End of Support Reminder

Scott Schnoll on Jun 24 2022 02:03 PM
Exchange Server 2013 will reach End of Support on April 11, 2023, and we strongly recommend that you migrate from Exchan...
49K

Microsoft and Apple Working Together to Improve Exchange Online Security

The_Exchange_Team on Jun 16 2022 08:00 AM
Today we’re delighted to take the next step along the journey to transition away from basic auth by sharing the work we’...
11.5K

Consistently block delegates or shared mailbox members from accessing protected messages in Outlook

The_Exchange_Team on Jun 06 2022 01:58 PM
Based on customer feedback, we are introducing new Get/Set/Remove-MailboxIRMAcess cmdlets that provide admins with more ...
64.6K

Exchange Server Roadmap Update

The_Exchange_Team on Jun 02 2022 10:01 AM
We are now ready to share our long-term roadmap for Exchange Server.
16.2K

MEC is Back!

The_Exchange_Team on Jun 02 2022 10:00 AM
Today, we are thrilled to announce the Microsoft Exchange Community (MEC) Virtual Technical Airlift, which will take pla...
7,690

Open Enrollment for Exchange Server 2019 TAP

The_Exchange_Team on Jun 02 2022 10:00 AM
Today we are excited to announce that the Exchange Server 2019 Technology Adoption Program (TAP) is accepting nomination...
17.8K

Removing Your Last Exchange Server FAQ

The_Exchange_Team on Jun 01 2022 07:19 AM
In April, we released an update to the Management tools in Exchange Server 2019 that enables organizations that use Azur...
8,660

Moving from the Exchange PowerShell v1 Module to the v2 Preview

The_Exchange_Team on May 31 2022 09:28 AM
Since our recent post explaining the different versions of Exchange Online PowerShell modules, we have been asked: What’...
8,729

New Office 365 Tab Behavior in the On-premises Exchange Admin Center

The_Exchange_Team on May 23 2022 07:16 AM
With the release of Exchange Server H1 2022 CUs, we have changed the experience of Exchange hybrid customers accessing O...
20.2K

Understanding the Different Versions of Exchange Online PowerShell Modules and Basic Auth

The_Exchange_Team on May 18 2022 08:28 AM
Exchange Online PowerShell is deprecating support for Basic Authentication starting in October 2022. So, we wanted to cl...
8,844

Announcing Public Folder Migration Scripts with Modern Authentication Support

The_Exchange_Team on May 16 2022 12:13 PM
We are excited to announce that we have updated the following scripts for migrating public folders from Exchange Server ...
108K

Released: May 2022 Exchange Server Security Updates

The_Exchange_Team on May 10 2022 10:00 AM
We are releasing a set of security updates for Exchange Server 2013, 2016 and 2019.
20.8K

New Exchange Server Security Update and Hotfix Packaging

The_Exchange_Team on May 10 2022 09:59 AM
Today, we’re excited to announce that we have made changes in the way we deliver Security Updates (SUs) and Hotfixes (HF...

Latest Comments

ceantuco
in Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server on Oct 06 2022 12:35 PM
@David_Richard I am working on removing PS access for non admin accounts now. Thanks for the suggestion. @ninobilic I added the firewall rule on 09/30 and I have not experienced any Exchange related issues. Yes, I understand blocking those ports do not prevent exploitation. Thank you.
0 Likes
Nino Bilic
in Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server on Oct 06 2022 12:28 PM
@ceantuco Well, truth is - they will not do any damage; I am not immediately aware of anything (Exchange related) that would use those ports, so you could leave them blocked. The main thing is to realize that this was not an effective mitigation for CVE-2022-41082.
0 Likes
David_Richard
in Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server on Oct 06 2022 12:28 PM
@ceantucoYes, remove it. But did you disable remote PowerShell access for nonadmin users/service accounts? An excellent way is to create a security group and add the admin accounts/service accounts to that group and run the DisableRemotePS.ps1, which you can find here: https://www.alitajran.com/0-da...
0 Likes
glady2000
in Basic Authentication and Exchange Online – September 2021 Update on Oct 06 2022 12:24 PM
@Greg Taylor - EXCHANGE shame on me! For me the this blog was very up-to-date because I only noticed the day and month -the year I have really overseen.Thank you for your quick answer and the link!
1 Likes
ceantuco
in Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server on Oct 06 2022 12:15 PM
I removed and re-added the rule with the latest recommendations from MS. Since port 443 is used for the attack, should I remove the Windows Firewall rule I created blocking ports 5985-5986? Please adviseThank you!
0 Likes