Clik here to view.
Disclaimers and calendar invites
Rather than tease you with a witty, or even humorous opening paragraph, I’m going to instead jump right to the dessert. Because really, who doesn’t love dessert? As I recently discovered with an...
View ArticleClik here to view.
Release from quarantine and safe list the sender in one click
I recently found a new option you can select when releasing a message from the quarantine. While this option isn’t brand new, I’m not sure when it was added, and so wanted to share for visibility. The...
View ArticleHappy Holidays!
With my move to special projects this year, I wasn’t able to post as many articles as I would have liked to. With that being said, I’m starting to do more case work again and will be trying to publish...
View ArticleTop ten posts of 2016
It’s a new year, and that means it’s time to look back at the top posts on this blog for last year. 2016 was a slower year for EOP Field Notes as I was on a leave from work for the first 5 months of...
View ArticleMicrosoft Canada is celebrating Azure today
Today Microsoft Canada is celebrating Azure with various activities throughout the day. Fear not, you do not need to be Canadian to take part in today’s festivities. You do not need to wear flannel and...
View ArticleClik here to view.
Convincing phishing message and how ATP helped the remediation
Phishing messages are continuing to evolve and look ever more convincing. It’s scary to see just how legitimate some of these messages can look. Last week I was working with an organization that...
View ArticleUpcoming Exchange Online connector changes pushed back
Today we announced that the connector changes that were planned for Exchange Online have now been pushed back from February 1st 2017 to July 5th 2017. These changes impact Exchange Online inbound...
View ArticleClik here to view.
When a certificated based connector is not working
I recently worked with an organization that had an Exchange Online inbound connector which accepted mail from their on-premises Exchange environment. This connector was scoped by IP, and the...
View ArticleClik here to view.
Custom RBAC role to allow access to only the Action Center
If a user account has been compromised and used to send massive amounts of spam, Exchange Online will block the account from sending (if enabled, a notification email can be sent to administrators to...
View ArticleClik here to view.
Keep headers intact when forwarding a message
In my line of work, I am constantly requesting message samples from organizations so that I can analyze the headers. Whether an end user has received a message that they believe should have been marked...
View ArticleClik here to view.
Find AD Objects with an Incorrect TargetAddress
When you have a hybrid environment setup with Exchange Online, you’ll notice a new Accepted Domain in the Exchange Online portal. <domain>.mail.onmicrosoft.com This domain is used by Exchange...
View ArticleEOP resources for malware prevention
In light of the recent malware news, a couple of my colleagues put together a list of Exchange Online resources. This list is by no means definitive or complete, it is just a place to start when...
View ArticleClik here to view.
Don’t forget about the security and compliance center
For those of you that are Exchange Online Protection veterans, it may be second nature to always head to the Exchange Online portal whenever you need to make any changes to that service. You may not...
View ArticleClik here to view.
Troubleshooting Transport Rules that are set to “Do not audit”
When creating a transport rule, please…. PLEASE, do not disable auditing. Your rule auditing setting should not look like this. Unless of course, you have a security mandate about not auditing...
View ArticleClik here to view.
Expert Office 365 – Notes from the Field… The BookExpert Office 365 – Notes...
Microsoft Canada recently published a book on Office 365 titled Expert Office 365 – Notes from the Field. Each chapter in the book is about a technology in Office 365, and is written by an expert that...
View ArticleClik here to view.
Combating Display Name Spoofing
My lack of updates around these parts can be attributed to the craziness of work over the last few months. This afternoon I have some time and am typing this out as quickly as I can before someone...
View ArticleClik here to view.
Cleaning up a full recoverable items folder
I recently worked with an organization where one of their users had a full Recoverable Items folder. This user had a hold on their mailbox, but also had the Exchange Online Unlimited Archive, so why...
View ArticleClik here to view.
Figure out which spam filter marked a message as spam
It has been quiet around these parts as of late. Much too quiet. To put that to an end, I have a handy tip today that could help in your spam troubleshooting adventures. For various reasons,...
View ArticleDid I get zapped by ZAP?
ZAP, also known as Zero-hour Auto Purge, is a protection feature in Exchange Online that can move spam, phish, or malware messages from users’ inbox to their junk folder. This feature works in the...
View ArticleUse headers to determine which Exchange Online tenant a message was...
Consider the following mail flow. On-premises environment --> Your Exchange Online tenant --> External Recipient With the above mail flow, you may find yourself in a situation where you need to...
View Article