admin.microsoft.com/Adminportal/...
This will speed up a LOT of investigative efforts, I imagine. Awesome stuff to see from MSFT!
17.09.2025 16:04
π 0
π 0
π¬ 0
π 0
admin.microsoft.com/Adminportal/...
This will speed up a LOT of investigative efforts, I imagine. Awesome stuff to see from MSFT!
Little late on posting this out, but I wrote a blog on auditing and blocking Direct Send in Exchange Online using MDO tools to audit and EXO ETRs to block. Enjoy and let me know any changes you'd recommend! thecloudtechnologist.com/2025/08/09/a...
It looks like the cat thinks he is wearing the hat.
I need one of these birbs
EXO ETR to quarantine DirectSend emails (sample, use with care/caution/and lighter handed actions than the picture!
bsky.app/profile/chri...
bsky.app/profile/chri...
KQL to review #DirectSend abuse
EmailEventsβ
| where SenderMailFromDomain == RecipientDomainβ
| where isempty(Connectors)β
| where DeliveryAction !in ("Junked", "Blocked")β
| extend AuthenticationDetails = parse_json(AuthenticationDetails)β
| where AuthenticationDetails.DMARC == "fail"β
Hey Brian - haven't written since I left twitter. Cannot believe this is happening. Heartfelt gratitude from us to you and all in the Colbert family. I hope yall take the kid gloves off + let the lawyers deal with whatever yall do the next few months. Also, avoid tall buildings and open windows.
Holy shit. Lumen is down so bad you cannot get to their web site. Wonder if this has to do with the at&t purchase and transition?
FYI XE, XJ and XS are no longer valid ISO country codes for MSFT Antispam inbound policies. If you chose to use these at some point in the future, you will find your antispam policy is no longer editable. To fix:
set-hostedcontentfilterpolicy -regionblocklist {@remove="XJ","XS","XE"}
@xsalazar.bsky.social love the elevator tracker. Please consider a βis the 17th underpass usableβ tracker!
New EXO Tenant limits coming soon. techcommunity.microsoft.com/blog/exchang...
TIL - those times when it says block but the message inboxed is answered right here.
May 5th MSFT will Junk messages not meeting these requirements - generally aligning with the Google/Yahoo requirements here. If your domain sends 5000+ emails per day, make sure your SPF, DKIM and DMARC are configured and aligned correctly!
techcommunity.microsoft.com/blog/microso...
This is fantastic news - email entity, threat explorer and policy pages have been notably slow in some tenants in recent months. Nice to see it is getting attention. m365admin.handsontek.net/microsoft-de...
hah - came to see your take. Less than 10 years ago, Obama was "finally allowed" to get an iPhone. That Tim Apple cannot be trusted. www.theverge.com/2016/6/11/11...
Its been less than 10 years since Obama was "allowed" to use an iPhone and today our government accidentally sent war plans to a reporter over Signal. We've come so far!! www.theverge.com/2016/6/11/11...
Bravo - Allowing admins to add allows to their allow list. Finally.
Ditching that Felon
Any recommendations aside from this one? Sort of abandoning some media and looking for advice.
Peron on a bike in a BIKE LOUD t-shirt, surrounded by other people on bikes.
There are 2 good reasons to join #BikeLoud
1οΈβ£By giving, you show you value safe streets. In the very contested arena of street use, our leaders take note. We want to be a formidable force for streets that function well for all of us
2οΈβ£We sponsor lots of fun events
secure.lglforms.com/form_engine/...
If you are an IT Pro or in InfoSec check out the #kql queries from this book at github.com/KQLMSPress/d.... Pick yourself up a copy with that extra Santa money. Thanks for the shout out @k0grad.bsky.social.
Love everything about this!
See the top domains your Microsoft 365 users send email to. #KQL
EmailEvents
| where EmailDirection == "Outbound"
| extend recipientdomain = split(RecipientEmailAddress, '@')[1]
| project recipientdomain
| summarize count()by tostring(recipientdomain)
I'd love to buy like a bunch of sweepers and hire out a team of riders but have no idea how to make that happen. The up front costs on the sweepers is pretty high but I've pulled one, they are amazing. I wish BikeLoud campaigned more that theirs is FREE FOR MEMBERS TO USE, yet it sits mostly idle
Neat - using a custom domain name here was pretty simple to set up. @chrislehr.com to tag me now.
My first blog post of 2024 - implementing DANE in Microsoft 365 using DNSSEC #DANE #ExchangeOnline #Microsoft365 #EXO #Defender musings365.com/2024/11/21/e...
Why does MSFT not use DANE?