Security › Undocumented Features

January 26, 2018

Update to the Office 365 Proxy PAC Tool

I have updated the Office 365 Proxy PAC tool to allow selection of the US Department of Defense XML feed for proxy bypass configurations.

You can see previous updates for the tool:

Update to the Office 365 Proxy PAC tool

Updates to Office 365 Proxy PAC Generator

And of course, the updated tool is available on the TechNet Gallery, with a couple of other bugfixes that some people reported (invalid characters/smart quotes appeared in some versions of the file, which have been corrected): https://gallery.technet.microsoft.com/Office-365-Proxy-Pac-60fb28f7… [ Continue reading ]

December 5, 2017April 10, 2020

Creating and Managing Security and Compliance Filters in the Real World [Part 2]

Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations.

In this scenario, we’re going to:

Remove users from any existing eDiscovery roles or groups
Create a security group to hold users that will perform eDiscovery searches
Create a custom role group that has the appropriate eDiscovery roles and add the security group as a member
Verify

If you didn’t read the previous blog post on this topic, I’d encourage you to go back and do so, since I’m going to continue using the same users and compliance filters.… [ Continue reading ]

December 1, 2017April 10, 2020

Creating and Managing Security and Compliance Filters in the Real World [Part 1]

Diving deeper into the Security & Compliance Center, I decided to embark on trying to scope eDiscovery permissions to meet a certain set of requirements that we see when multiple business units want or need to maintain independence from a content search and discovery perspective.… [ Continue reading ]

November 21, 2017January 29, 2019

Block direct delivery to @onmicrosoft.com addresses in a hybrid environment

UPDATE: [11/20/2018] I had an error in the transport rule configuration in the last example, as well as a note that a TR would NDR external traffic. I have this post accordingly.

We’re all familiar with how Office 365 tenants work–when you spin up a new Office 365 tenant, you get a managed domain (tenant.onmicrosoft.com). … [ Continue reading ]

November 17, 2017November 29, 2021

Detecting Outlook / Exchange data exfiltration

*Updated 2021-11-29 with new links to the Audit Scripts*

While I was working on a script to configure Office 365 Secure Score settings, I came up with a few scripts that I thought would be helpful in monitoring your messaging environments. … [ Continue reading ]

October 2, 2017

Office 365 Secure Score Script

In light of the discovery that a recent comprise involved administrator credentials that were not protected with multi-factor authentication, I thought revisiting http://securescore.office.com might be a good idea.

For the uninitiated, Secure Score is a tool that we provide to examine some configuration items and give guidance on others in respect to creating a more secure operating environment for your Office 365 tenant. … [ Continue reading ]

September 15, 2017January 25, 2023

Use AAD Connect to disable accounts with expired on-premises passwords

This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization:

Password expiration policy

If a user is in the scope of password synchronization, the cloud account password is set to Never Expire.… [ Continue reading ]

August 25, 2017

OneDrive for Business Admin Tool

Update: I’ve also added some new features, detailed in https://bhr.62e.myftpupload.com/2017/10/16/recovering-from-crypto-or-ransomware-attacks-with-the-onedrive-for-business-admin-tool/.

While updating a script I wrote to remove the “Shared with Everyone” folder in OneDrive for business, it dawned on me that there are a number of bulk management tasks for OneDrive that are not easy to do, that we don’t have specific guidance on, or only have little bits of information scattered around the interwebs.… [ Continue reading ]

June 7, 2017

Update to the Office 365 Proxy PAC tool

The people have spoken.

I’ve updated the tool with a couple of features:

Include the Skype for Business IP ranges in the proxy bypass list, since there are occasions that it is necessary.
Added an option for *all* IP ranges in the XML feed for selected products to be added to the proxy bypass list
Added an option for *only* IP ranges in the XML feed for selected products to be added to the proxy bypass list
Added an option to export the IP ranges for selected products to a separate text file.

… [ Continue reading ]

June 2, 2017April 27, 2020

Managing Content Searches in the Security & Compliance Center

Recently, a customer asked for clarification on the difference between Content Search (Security & Compliance center | Search & investigation | Content search) and the Content Search feature in an eDiscovery case (Security & Compliance center | Search & investigation | eDiscovery). … [ Continue reading ]

May 23, 2017

WannaCry/WannaCrypt and other Ransomware

This past week has seen the widespread growth of the WannaCry ransomware attack, which was based on the EternalBlue SMB vulnerability. We released security update MS17-010 on March 14, 2017 to address the vulnerability.

Preliminary reports show at least 300,000 computers have been affected globally by this ransomware that encrypts files, requiring up to $600 in bitcoin payments within 7 days before the data is deleted.… [ Continue reading ]

August 18, 2016

Updates to Office 365 Proxy PAC Generator

I wrote the original Proxy PAC tool for a customer almost a year ago, and since have added a lot of new functionality. Rather than updating my previous blog posts about it, I thought I would start a fresh thread. If you want some background on how Proxy PAC files work and how to distribute them to your users via GPO or WPAD, I would suggest taking a look at my posts dealing with those topics:

Office 365 PAC File – https://bhr.62e.myftpupload.com/2015/11/16/office-365-pac-file/

… [ Continue reading ]

June 20, 2016

Remove a user’s oldest ActiveSync device

A few weeks ago, I saw something come up for a peer that needed a way to manage the maximum number of ActiveSync devices that a user had connected in Office 365. Using only native Exchange policies, we can’t do that (MDM solutions solve this problem by manning the Exchange ActiveSync quarantine). … [ Continue reading ]

April 6, 2016

Deploying the Office 365 Proxy PAC to manage your users

Several months ago, I released a tool (the Office 365 Proxy Pac Gen) to generate a Proxy Automatic Configuration file that can be used to bypass local proxy servers for Office 365 services. I also wrote a blog (Office 365 PAC file) on using the tool.… [ Continue reading ]

November 16, 2015

Office 365 PAC File

When we talk about Office 365 services with our customers, a lot of the discussion revolves around the networking components. While we generally have a “good idea” of networking, we’re not experts in your technology and will frequently tell you to go talk to your vendors. … [ Continue reading ]