Last day of #ITAdvent! I made it! The last tip is more of a summarized strategy for 2025 when you are responsible for #Microsoft #MSExchange & #Outlook. There are a lot of (breaking) changes on the way you need to prepare & plan ahead.
Obviously #MSExchange Server 2016 & 2019 End of support in October 2025. Prepare by getting all servers to 2019 CU15 (eventually) & then in-place upgrade to Subscription Edition. Do note that the OS can be #Windows2022 with 2019CU15, but not #Windows2025
Day 22 of #ITAdvent. There is no #Microsoft #MSExchange specific #certification available. Which unfortunately also means that there is less training offered, as they are based on Microsoft Official Courseware or #MOC. So, I sometimes see the question what options there are.
Obviously, #MicrosoftLearn sites were already a replacement for any books used during those MOCs. However, there is no Learning Path/Modules available that covers everything. https://learn.microsoft.com/en-us/training/browse/?expanded=m365&products=office-exchange-server%2Coffice-exchange-online
Day 22 of #ITAdvent. There is no #Microsoft #MSExchange specific #certification available. Which unfortunately also means that there is less training offered, as they are based on Microsoft Official Courseware or #MOC. So, I sometimes see the question what options there are.
Obviously, #MicrosoftLearn sites were already a replacement for any books used during those MOCs. However, there is no Learning Path/Modules available that covers everything. https://learn.microsoft.com/en-us/training/browse/?expanded=m365&products=office-exchange-server%2Coffice-exchange-online
Day 21 of #ITAdvent. A reminder that #Microsoft will remove the #MSExchange Online RBAC ApplicationImpersonation role. It means that applications that rely on this role will stop working starting February 2025.
You might have had a #Microsoft365 Message Center post #MC724116 if your tenant uses that role, but it can mis things so check your environment and change to keep your apps operational.
Day 20 of #ITAdvent. This week #Microsoft announced changes in the #MSExchange Online Message Trace capabilities. This is the tool you use to verify mail flow events; i.e. what happened to incoming or outgoing mail.
Previously you couldn't go further back then 10 days without the need of a downloadable report (which took time to process). Now you still have a max range of 10, but within the last 90 days. This is a very welcome change as this can speed up troubleshooting!
Day 19 of #ITAdvent. The Dutch Forum Standarisatie is a Dutch Advisory commity on IT open standards in order to easily and safeliy exchange data between government bodies, companies, non-profits and citizens. They maintain lists of mandatory and recommended protocols for at least governmental bodies. But IMHO every organization should adopt these.
Day 18 of #ITAdvent. And after #SPF, #DKIM it's time for #DMARC. I often call this the holy trinity of mail authentication as they complement each other and should be configured correctly, specifically SPF and DKIM. For DMARC you only need to publish a TXT DNS Record, but I've seen:
- While DMARC offers automatic inheritance to subdomains, it only works from the organizational domain downwards, not from subdomains to subsubdomains.
Day 17 of #ITAdvent. A quick look to #DKIM. This protocol adds a hash signatures in your mail based on specific headers & the email body. Recipients can verify this with a DNS record with the public key & conclude 2 things:
Whether your org has sent it (based on the DNS record info) and whether it has been changed in transit or not. If the signature is verified, it's probably authentic mail & not changed. While DKIM has a significant role in #SMTP #authentication, I do see these issue a lot:
Day 16 of #ITAdvent. Let's talk about #SPF or Sender Policy Framework! Especially the most common mistakes I see happening, be sure to check those periodically (but during the holiday period you also might have time to do this):
- Forgotten sub domains: SPF does not inherit to subdomains
- Not having a correct syntax: typos or linefeeds where they shouldn't.
Day 15 of #ITAdvent. In many orgs #MicrosoftTeams is the digital meeting solution used to attend meetings. Ad-hoc meetings but also recurring meetings such as stand-up/dailies. It can be helpful to have a #recording or #transcript, but you might forget the manual action.
You can enable automatic recording of your meeting via the Meeting Options in #Microsoft Teams. There are diverse ways to get to that, in the Meeting request there is a link. Or in #Teams go to calendar: https://support.microsoft.com/en-us/office/meeting-options-in-microsoft-teams-53261366-dbd5-45f9-aae9-a70e6354f88e#bkmk_change_meeting_options
Day 14 of #ITAdvent. In 2024 #Microsoft reported in their Digital Defense Report 2024 that #Phishing is still the greatest threat from #mail. So, it's good to periodically review your orgs #security preparedness on this.
Day 13 of #ITADvent. Administrating #Microsoft365 comes with a lot of #PowerShell work, requiring to install and update lots of different modules. The ones I have to use frequently I know by heart. Others, not so much...
Day 12 of #ITAdvent. Be sure to check whether you have apps/devices that send #mail with multiple FROM: headers (or P2) without a SENDER: header. To comply with RFC5322 #Microsoft365 will reject those mails.
Why? "Most of the traffic exhibiting multiple P2 From Addresses without a Sender Address will be inbound spam destined for your tenant sent by malicious spammers on the internet." as stated in #MC886603. However, you could have valid mail that does this.
Day 11 of #ITAdvent. Well, there are strong opinions on New #Outlook! Especially about changing the default #Microsoft365 client this January for Business & in 2026 for Enterprise which I posted earlier. See: https://mastodon.social/@dmstork/113623577593929255
While I also think that New #Outlook might not be ready for most orgs, there are also some misconceptions surrounding this switch. First: #Microsoft will support Classic until at least 2029. See https://techcommunity.microsoft.com/blog/outlook/new-outlook-for-windows-a-guide-to-product-availability/4078895
Day 10 of #ITAdvent. There are several tools to check your #mail compliance stance on #SPF, #DKIM, #DMARC and other capabilities. One is my own PowerShell script, but in most cases a online tool is preferable. https://github.com/dmstork/Show-AntiSpoof
Day 9 of #ITAdvent. With Message Center post MC949965 #Microsoft announced that #Microsoft365 Enterprise users will get the New #Outlook per default from April 2026. But if you are a Bussines user, this will happen this January 2025!
There are a lot of reasons to stay on Classic #Outlook and you can still can. #Microsoft has stated that support will continue up to at least 2029. This is only a change on which is default. Need to stay on Classic? Check https://learn.microsoft.com/en-us/microsoft-365-apps/outlook/get-started/control-install?WT.mc_id=M365-MVP-5000284#opt-out-of-new-outlook-migration
Day 7 of #ITADvent. While I do not work with #Microsoft365 #eDiscovery often, the fact that you needed to use a click-once app in order to #export data was a major drawback of the whole experience. Especially in heavily controlled environments this was challenge to explain & implement.
Day 6 of #ITAdvent. If you have a lot of #MicrosoftTeams meetings and sharing audio/video via BYOD, you know that especially transcripts attribute what has said to the account that was connected to those devices. You then need to check recordings to verify who said what. But for #Copilot cant' do that.
There are devices with Intelligent Speakers, that can identify the speaker in the room which requires specific hardware.
