Parlerò all’evento AperiTeams Conference 2021 #1. Vorresti partecipare?
📆 25 novembre
⌚ Dalle 8:30 alle 17:30
📍 Agriturismo la Camilla
🍸 Aperitivo dalle 18:00 by Meme Cocktails
👨🏫 Andrea Gallazzi - Andrea Benedetti - Simone Frigerio - Silvio Di Benedetto
Maggiori informazioni e per iscriversi 👉 https://lnkd.in/d2V6eBgV
Vi aspetto alla mia sessione: Defender for Office 365!
Molti di voi si saranno chiesti come diavolo vengano stabiliti i numeri di versione di Windows.
Ecco la spiegazione ufficiale:
I numeri di versione sembrano aver "deviato" da un percorso ben definito a partire da Windows 7. Il suo numero di versione era 6.1 e non 7. A causa della popolarità di Windows XP, quando Windows Vista ha portato il numero di versione a 6.0, alcune applicazioni non sono riuscite a rilevare il corretto (SO) perché gli sviluppatori controllavano le major release con maggiore o uguale a 5 e i numeri di minor release con maggiore o uguale a 1, che non era il caso di Windows Vista. Avendo imparato la lezione, Microsoft ha scelto di lasciare il numero della versione principale come 6 e il numero della versione secondaria come 2 (maggiore di 1) per ridurre al minimo tali incompatibilità. Tuttavia, con Windows 10, il numero di versione è stato aggiornato a 10.0 ed è rimasto tale con Windows 11, al momento della scrittura 10.0.22000
Exchange Server Emergency Mitigation FAQ
Q: What is Exchange Server Emergency Mitigation?
A: Exchange Server Emergency Mitigation is a new feature in Exchange Server introduced in the September 2021 CUs. It detects Exchange Servers that are vulnerable to one or more known threats and applies temporary mitigations until the admin can install the available SU.
Q: What does Exchange Server Emergency Mitigation do?
A: This feature runs as a Windows service, and it checks the Office Config Service for available mitigations hourly. If a mitigation is available, the EM service downloads it and automatically applies it to the server.
Q: What is a Mitigation?
A: A mitigation is an action or set of actions used to secure an Exchange server from a known threat. If a security threat becomes known to Microsoft and we create a mitigation for the issue, that mitigation can downloaded to the Exchange server, which can automatically implement the pre-configured settings. Mitigations are sent in a signed XML file that contains configuration settings for mitigating a security threat.
Q: If I disable sending optional data to Microsoft, will the EM service still automatically apply mitigations?
A: Yes. Automatic mitigation by the EM service does not require the sending of data to Microsoft. If sending data to Microsoft is not enabled, the EM service will function normally.
Q: Will Microsoft release mitigations for every vulnerability that will be eventually fixed in an SU?
A: No. Our plan is to release mitigations only for the most severe security issues, such as issues that are being actively exploited in the wild. Because applying mitigations may reduce server functionality, we plan on releasing mitigations only when the highest impact or severity issues are found.
Earning Microsoft 365 Security Administrator Associate certification validates the skills and knowledge to proactively secure Microsoft 365 enterprise and hybrid environments, implement and manage security and compliance solutions, respond to threats, and enforce data governance.
DNSLookupView is a new DNS tracing tool for Windows 10, made by Nir Sofer, that allows you to view the details of every DNS query sent through the DNS Client service of Windows.
For every DNS query, the following information is displayed: Query Timestamp, Host Name, Query Type (A, AAAA, and so on), Query Status (Error or succeeded), Query Result, ID and name of the process that requested the DNS lookup.
You can use the DNSLookupView tool with GUI as well as you can run DNSLookupView without displaying any user interface for the specified number of milliseconds, and then export the captured DNS requests to csv/tab-delimited/xml/html file
Ringrazio la Community WindowServer.it, con la quale collaboro ormai da tempo, per il badge ricevuto.
Il badge di Honor Community Member viene assegnato a coloro che fanno parte della community WindowServer.it da molti anni e che continuano a diffondere i valori di WindowServer.it, che vanno oltre il concetto di articolo, video o sessione durante gli eventi. I membri di questo club sono colonne portanti di questo sito e dei valori che rappresenta.
Eseguire il seguente comando nel PDC Emulator sostituendo NTPSERVER con il server ntp geograficamente più vicino, ad esempio:
ntp1.inrim.it 193.204.114.232 NTP (RFC 5905)
ntp2.inrim.it 193.204.114.233 NTP (RFC 5905)
time.inrim.it 193.204.114.105 NTP (RFC 5905), TIME (RFC 868), DAYTIME (RFC 867)
w32tm /config /manualpeerlist:NTPSERVER /syncfromflags:manual /reliable:yes /update
net stop w32time && net start w32time
Per verificare che effettivamente sia stato configurato correttamente possiamo usare i seguenti comandi:
Forzare la sincronizzazione
w32tm /resync /nowait
Controllare la configurazione
w32tm /query /configuration
Visualizzare la sorgente time
w32tm /query /source
Visualizzare l'elenco di tutti i server NTP configurati e il loro stato
w32tm /query /peers
Visualizzare lo stato del servizio, ad esempio se sta ricevendo l'ora dall'orologio cmos locale/server NTP esterno
w32tm /query /status
Monitor
w32tm /monitor
Configurazione del server NTP attraverso le GPO
Creare un filtro WMI e specificare la query:
Select * from Win32_ComputerSystem where DomainRole = 5
Creare una GPO da linkare ai DC e collegare il filtro in modo che sarà applicata solo al PDC Emulator
Editare la gpo e posizionarsi in “Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers”
Abilitare “Enable Windows NTP Client” e “Enable Windows NTP Server”
Impostare “Configure Windows NTP Client”
Una delle richieste degli utenti più longeve è finalmente una realtà. Gli utenti possono finalmente inviare e-mail "come" uno dei propri indirizzi SMTP alias.
Gli amministratori di Exchange possono assegnare indirizzi email alternativi, o alias, alle cassette postali degli utenti. Gli utenti possono ricevere e-mail per uno qualsiasi dei loro alias, ma fino ad ora, e-mail e risposte possono essere inviate solo utilizzando il loro indirizzo e-mail SMTP principale. Con il nuovo comportamento, i messaggi di posta elettronica inviati utilizzando un alias, mostrano l'indirizzo del mittente e l'indirizzo di risposta come indirizzo SMTP dell'alias utilizzato.
E' possibile abilitate la funzionalità tramite il seguente cmdlet
Set-OrganizationConfig -SendFromAliasEnabled $true
Una volta impostato, gli utenti potranno inviare e-mail utilizzando uno dei loro indirizzi alias configurati, in Outlook o OWA. In Outlook, l'utente deve prima mostrare il campo Da per i nuovi messaggi di posta elettronica utilizzando il menu Opzioni, quindi scegliere un indirizzo alias o fare clic su Altro indirizzo email e digitare quello che si desidera utilizzare.
Exchange logs could became very huge.
This script can clean the logs easily
Latest Microsoft patch kb:5000802, kb:5000808 produce BSOD on printing.
We can resolve this issue with the two commands below:
In a command prompt with administrative rights
wusa /uninstall /kb:5000802
wusa /uninstall /kb:5000808
Per ragioni di sicurezza si dovrebbe ridurre al minimo la superficie di attacco, soprattutto sui domain controller. Per cominciare potremmo disattivare una serie di servizi, magari tramite una GPO
Outlook App
In the newer versions of Outlook App, Modern Authentication is enabled by default.
In case of problems, that is the window in Outlook that continues to ask for the password, it is also recommended to force the use of Modern Authentication in Outlook, adding, through Regedit, the following registry key, setting the DWORD value to 1
HKEY_CURRENT_USER\Software\Microsoft\Exchange\
AlwaysUseMSOAuthForAutoDiscover – DWORD=1
Tenant
Check to see if Modern Authentication is ENABLED for your Office 365 tenant
Run the command Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
If you see “False” listed next to your Office 365 tenant proceed to the next step to enable Modern Auth. If you see “True” then Modern Auth is already enabled; no further action is required. Skip to Disconnect your PowerShell session.
Enable Modern Authentication for your Office 365 tenant
Run the command Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Note: This command does not prevent connections via Basic Authentication. Desktop and mobile e-mail client applications which do not support Modern Authentication will still be able to connect to the Office 365 account using Basic Authentication until October 13, 2020.
Verify Modern Authentication is ENABLED for your Office 365 tenant
Run the command Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
You should now see “True” listed next to your Office 365 tenant indicating that Modern Authentication is enabled for your Office 365 tenant
The Dynamic Delivery action in Safe Attachments policies seeks to eliminate any email delivery delays that might be caused by Safe Attachments scanning. The body of the email message is delivered to the recipient with a placeholder for each attachment. The placeholder remains until the attachment is found to be safe, and then the attachment becomes available to open or download.
If an attachment is found to be malicious, the message is quarantined. Only admins (not end-users) can review, release, or delete messages that were quarantined by Safe Attachments scanning. For more information, see Manage quarantined messages and files as an admin.
Most PDFs and Office documents can be previewed in safe mode while Safe Attachments scanning is underway. If an attachment is not compatible with the Dynamic Delivery previewer, the recipients will see a placeholder for the attachment until Safe Attachments scanning is complete.
If you're using a mobile device, and PDFs aren't rendering in the Dynamic Delivery previewer on your mobile device, try opening the message in Outlook on the web (formerly known as Outlook Web App) using your mobile browser.
Here are some considerations for Dynamic Delivery and forwarded messages:
If the forwarded recipient is protected by a Safe Attachments policy that uses the Dynamic Delivery option, then the recipient sees the placeholder, with the ability to preview compatible files.
If the forwarded recipient is not protected by a Safe Attachments policy, the message and attachments will be delivered without any Safe Attachments scanning or attachment placeholders.
There are scenarios where Dynamic Delivery is unable to replace attachments in messages. These scenarios include:
Messages in public folders.
Messages that are routed out of and then back into a user's mailbox using custom rules.
Messages that are moved (automatically or manually) out of cloud mailboxes to other locations, including archive folders.
Deleted messages.
The user's mailbox search folder is in an error state.
Exchange Online organizations where Exclaimer is enabled. To resolve this, see KB4014438.
S/MIME) encrypted messages.
You configured the Dynamic Delivery action in a Safe Attachments policy, but the recipient doesn't support Dynamic Delivery (for example, the recipient is a mailbox in an on-premises Exchange organization). However, Safe Links in Microsoft Defender for Office 365 is able to scan Office file attachments that contain URLs (depending on how the global settings for Safe Links are configured).
