Yesterday, I participated in an escalation for a customer where one or more users had been successfully phished and had given up their credentials. While we were walking through some remediation steps, we started a discussion about data exfiltration attempts.
Many moons ago, I put together a few scripts that can be used to check mailbox forwarding and transport rule forwarding configurations, specifically looking for actions that send mail (forward, redirect, bcc) to recipients outside of the domains verified in your tenant. … [ Continue reading ]
Earlier this week, I had a request for assistance with delegating reporting features in Exchange Online to non-administrative users. This is a frequent topic of discussion when it comes to compliance and security officers validating that systems are not being misused by unauthorized persons.… [ Continue reading ]
In Part 1 of this blog series, I went through the setup of the Splunk Add-On for Microsoft Cloud Services, which you can use to extract, query, and analyze data provided by the Office 365 Management Activity API. In this particular post, we’re going to explore the Microsoft Office 365 Reporting Add-On for Splunk, which you can use to review message trace data from Office 365.… [ Continue reading ]
I’ve had a number of customers ask me about configuring their monitoring systems to Office 365. So, rather than repeating the same information and re-issuing the same links (most of which contain outdated information), I’m going to put together a series on how to connect a few systems to Office 365. … [ Continue reading ]