Microsoft Exchange and Active Directory Blog
A reader asked for an article on how brute force attacks on Exchange servers can be prevented. Since Exchange servers in smaller environments are often directly accessible on the Internet (e.g. via port forward) and can also be identified very quickly thanks to autodiscover, Exchange servers are very suitable for brute force attacks. In a brute force attack ... Read more
Here you now have the opportunity to suggest a topic for a new article. So if you have a question about a specific topic related to Exchange or Active Directory, or simply want to know how function XY works and can be used, then you are welcome to submit a suggestion for a new post. A suggestion should ... Read more
A reader of this page asked whether it is possible for certain users to create and manage contacts for the organization. A separate RBAC (Role Based Access Control) role can be used for this with little effort. A corresponding role, which can only create and edit contacts in a specific organizational unit, can be created with little effort. ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. The updates can be downloaded here: Exchange Server 2013 CU23 Exchange Server 2016 CU21 and CU22 Exchange Server 2019 CU10 and CU11 The updates close the vulnerability CVE-2022-23277, which is classified as Critical, and the vulnerability CVE-2022-24463, which is classified as Important. As Exchange Server currently likes to ... Read more
The last Exchange 2019 Hybrid articles were about migrating Exchange on-prem mailboxes to Microsoft 365. This last article is about ending the hybrid mode and uninstalling the last on-prem Exchange server. Once all mailboxes have been migrated to Microsoft 365 and the synchronization of the local Active Directory accounts ... Read more
If you are already using Kemp Loadbalancer with Edge Security Pack (ESP) and Okta, you may find this article interesting. Multi-factor authentication (MFA) for OWA can be implemented using Kemp ESP and Okta. Unfortunately, only the MFA for OWA can be implemented in this way, other protocols such as MAPIoverHTTPs for Outlook or ActiveSync work ... Read more
In this article you will find my settings for hardening Windows Server 2022. These settings can be used for the template for VMs. New VMs based on these settings therefore already have a certain level of security. In my opinion, the settings are not too restrictive and should therefore be suitable for most applications/services. Read more
The Windows updates that Microsoft released on 11.01.2022 are causing some problems on Windows servers. In the meantime, there are increasing reports that domain controllers keep restarting after January CU has been installed. Some other problems seem to increasingly affect Windows Server 2012 R2. After installing the update, Hyper-V no longer starts and ReFS formatted ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. The security update is intended to fix the following three vulnerabilities CVE-2022-21969 (Important) CVE-2022-21855 (Important) CVE-2022-21846 (Critical) The three vulnerabilities mentioned are errors that allow remote code execution. The updates should therefore be installed as soon as possible, even if no exploitation is currently ... Read more
Schannel error messages are common and can have many different causes. Here is a rather specific error message that occurred on a Windows Server 2022 after the operating system underwent standard hardening. After disabling outdated cipher suites and SSL / TLS protocols, the following error message appeared very frequently in the system event log: Source: Schannel ... Read more
