DKIM

September 28, 2023 acbrownit Leave a comment

DKIM. No, it’s not a new singer/rapper/influencer/whatever. It’s a DNS controlled Email Authentication mechanism. What does that mean? Well, if you want a technical explanation, go see my article on Authorization vs Authentication, since that is important to understand if you want to understand DKIM. DKIM stands for DomainKeys Identified Mail. It uses a feature of Public Key Authentication to allow receiving mail servers to verify that the message is not modified in transit and that the sender is authentic. …

Continue Reading →

Controlling Autodiscover with the Registry or GPO

April 17, 2020 acbrownit Leave a comment

Depending on your situation, you may want to take control of how Exchange’s Autodiscover lookup process works. Specifically, there are a lot of scenarios where Autodiscover will break because the lookup process isn’t properly controlled. In this article, I’ll go over registry settings that will let you control which steps are used and which ones are skipped.…

Continue Reading →

Step By Step: Adding Email Phishing Report Button to Office 365

February 20, 2020 acbrownit Leave a comment

Email security is a war between security professionals and malicious actors. Security professionals are often following malicious actors and reacting to changes. Unfortunately, success in this war is dependant on information. To aid in that effort, every major security vendor that works in the email world has some way to report bad emails. Each report can be examined to figure out what techniques were used to bypass existing security.…

Continue Reading →

Step by Step: Enable MFA for All Users in Office 365

October 24, 2019 acbrownit Leave a comment

Update: Due to some changes in how MS handles MFA in O365, I’ve had to completely re-write this article. Updated instructions follow.

MFA in O365

Office 365 MFA is probably the best thing to enable for securing the environment. Microsoft has gone through a number of iterations on setting this up, but has finally ended with the existing settings.…

Continue Reading →

O365 Hybrid Migration Errors & Fixes

acbrownit Leave a comment

This post will go over some of the many errors that occur when attempting to move a mailbox to Office 365. The error messages you see are discovered when showing the details of a failed migration and then clicking on a failed user in that migration.

Issues

1. “You can‎’t use the domain because it‎’s not an accepted domain for your organization”

Office 365 will not accept migration of a mailbox if that mailbox has an email alias that includes a domain that doesn’t exist in Office 365.…

Continue Reading →

Step by Step: Add a UPN Domain in Windows Server

October 22, 2019 acbrownit Leave a comment

The Problem

A very common issue when moving an organization from an on-premises Exchange environment to Office 365 is non-usable domain names. The issue happens because a domain name of the Active Directory Domain has one of these issues:

The Domain used by AD is not “owned” by the organization. This issue happens when a company decides to use a specific domain name on their Internal network when they have either lost control of that domain name or never had control of it.

…

Continue Reading →

Intune RBAC – Delegate Permissions Explained

September 18, 2019 acbrownit Leave a comment

There are lots of permissions that can be delegated in Intune/Microsoft365 Device Management. Understanding what each of those permissions is for and when to assign them is, therefore, a little difficult. With this post, I’ve gone through the task of outlining all of the delegate permissions in Intune as of September 2019. I’ll try to keep this up to date, but if I fail to, just leave a comment telling me something has changed and I’ll get things fixed.…

Continue Reading →

Step by Step: Intune Delegation with RBAC #3

September 10, 2019 acbrownit Leave a comment

< Previous |

So far, this guide has covered terminology and theory used to develop Delegated Administrator roles for Intune’s RBAC system and how to create users with limited rights to Intune in Step by Step: Intune Admin Delegation with RBAC #1
Next, we covered building RBAC scope tags and assigning those tags with device groups in Step by Step: Intune Delegation with RBAC #2
For this article, we’ll cover the creation of an actual Role in Intune.…

Continue Reading →

Intune – Permissions for iOS and Android Devices

acbrownit Leave a comment

I was going to include this in part 3 of my Intune RBAC guide, but it’s a lot of stuff, so I’m making a separate post for it. With that said, here are the permissions you will want to set for a normal, run of the mill iOS and Android device manager in Intune. This permission set has no Windows device permissions, so you will need to add those if you want a management role for all devices.…

Continue Reading →

Step by Step: Intune Delegation with RBAC #2

September 3, 2019 acbrownit Leave a comment

< Previous | Next >

In this part of the Intune Delegation with RBAC guide, I’ll go over the pieces you need. In the first part of this guide, I went over the terminology and concepts, so go back to that if you haven’t already read it. We’ll use those concepts and terms heavily from here on out.…

Continue Reading →