The biggest gain is achieved by changing your default domain and checking existing objects. In addition, the default DKIM signing domain is often the MOERA domain. Take a moment to properly configure each custom domain as well, enhancing #security.
Read more here for a more detailed explanation and how to monitor the use of MOERA domains: https://techcommunity.microsoft.com/blog/exchange/limiting-onmicrosoft-domain-usage-for-sending-emails/4446167?WT.mc_id=M365-MVP-5000976
Last week #Microsoft announced an important change throttling #MSExchange Online outbound mail using *.onmicrosoft.com, or MOERA (Microsoft Online Exchange Routing Address). This is done to limit malicious\unsolicited mails from trail tenants, which is indeed a problem.
The impact for organizations using custom domains is limited. However, orgs might not be aware that some non-user objects use MOERA domains per default (i.e. Booking app, notifications etc.).
In any case, if you still have or use Lens: time to look for alternatives that suit your needs. I think there are better options than the M365 Copilot, for me native iPhone is adequate. Especially with OCR built-in.
Read more here: https://mc.merill.net/message/MC1131064
Admin M365 MC: https://admin.microsoft.com/ref=MessageCenter/:/messages/MC1131064
#WeekITtip #Microsoft365
It makes me sad as a was a avid user during conferences to get photos of projected slides unskewed and suitable for social media. To be fair, I haven't used Lens probably since 2019, the last year I went to a lot of conferences. After that a lot of hybrid conferences and (pre-)shared slidedecks limited the need for photos or live tweeting for that matter.
#WeekITtip #Microsoft365
This #Microsoft365 Message Center #MC1131064 hurt a little: Microsoft Lens app will retire. Starting this September in phases and concluding on 15 December 2025. The replacement app is the Microsoft365 Copilot app, although it certainly does not have feature parity with Lens.
If you are responsible for your orgs mail infrastructure, definitely read this post and evaluate the impact of disabling Direct Send: https://techcommunity.microsoft.com/blog/exchange/direct-send-vs-sending-directly-to-an-exchange-online-tenant/4439865?wt.mc_id=M365-MVP-5000976
Direct Send is defined as your organization sending mail to #MSExchange Online using a sender domain that is an accepted domain AND which is not send via any authentication (user or via Connectors). In some cases you might require this functionality, however this obviously can open your organization up to receive spoofed mails. Those should be filtered, but depending on the complexity the ability to disable Direct Send is a welcome option.
Recently the #MSExchange product group posted an article on disabling #SMTP Direct Send and after feedback reposted it with some additional clarifications because there were some misconceptions on the definition. I have had similar discussions with organizations. It depends on your configuration what the impact might be, but IMHO it is a welcome option to reduce your attack surface but you obviously need to understand it correctly.
Spent some useful time digging into an IETF #RFC regarding Certificate Authority Authorization or #CAA (RFC6844 https://www.rfc-editor.org/rfc/rfc6844 ) *and* checking security guidelines on the use of specific cipher suites because the Dutch National Cyber Security Center (#NCSC) recently released new TLS guidelines. https://www.ncsc.nl/wat-kun-je-zelf-doen/documenten/publicaties/2025/juni/01/ict-beveiligingsrichtlijnen-voor-transport-layer-security-2025-05
#Security is never dull 😀
Reading #WeekITtip for the weekend. I am currently involved in a case in which mail (auto)forwarding is used but that is causing the forwarded mail to be rejected. When #SPF, #DKIM and #DMARC are implemented properly, this can break legitimate mail forwarding.
So, I've started a new blog site. Consider this a soft launch, I still need to quite a lot of customizations. But I wanted to get this out in the world. I'll probably post a lot about #Microsoft #Exchange #SMTP #Microsoft365 and related topics. Bookmark https://davestork.nl !
PSA: There seem to be networking issues in the #Microsoft #Network in North & West-Europe region. It's affecting #Azure and #Microsoft365 services. See for status:
https://azure.microsoft.com/en-us/status/ and MO842351 in the M365 Admin portal.
Starting to implement Inbound #DANE in my #MSExchange #Microsoft365 tenant. First, lowering TTLs & setting #MTA-STS to Test. Now wait!
See the blog from #Microsoft here: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/bc-p/4194057#M39364
Read my thought about this here: https://www.linkedin.com/posts/dmstork_microsoft-dane-exchange-activity-7219386721304547328-87P1
And with every big #Microsoft event such as #MSBuild, there is a Book of News or #BoN that summarizes the biggest announcements which aren't only for developers. Ideal if you don't have the time to attend any sessions. You can find it here: https://news.microsoft.com/build-2024-book-of-news/
In this week's #WeekITtip I share my thoughts about why I am excited about #MicrosoftPlaces and its Public Preview. Read more on my #LinkedIn profile page https://www.linkedin.com/in/dmstork/
#WeekITtip #SimplifyNow #Microsoft365 #MicrosoftTeams #MSExchange
Well, I can now finally talk about the near future of #Exchange as #Microsoft just published their product roadmap for #Exchange Server! And Exchange Server "vNext" now has a name: Exchange Server Subscription Edition or SE.
Read more details here: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/4132742
I talk a bit more in-depth about #MSExchange Subscription Edition on my #LinkedIn profile page: https://www.linkedin.com/in/dmstork/
There's been a new #WeekITtip, this time it's about some misconceptions surrounding the state of New #Outlook. Read more here: https://www.linkedin.com/posts/dmstork_mvpsummit-weekittip-outlook-activity-7179515790725939200-APtE?utm_source=share&utm_medium=member_desktop
Check for more helpful tips the LinkedIn tag #WeekITtip and/or #SimplifyNow: https://www.linkedin.com/feed/hashtag/?keywords=weekittip and https://www.linkedin.com/feed/hashtag/?keywords=simplifynow
#Microsoft365
Sending a mail you shouldn't have sent or used the Reply-All button by mistake.. It happens to the best of us. Yes, that includes me 🤫. Read my post on #LinkedIn on a #MSExchange feature you might have missed! Check https://www.linkedin.com/in/dmstork/ and tags #WeekITtip #SimplifyNow
New year, new #WeekITtip (with a bit of a delay)!
Did you know Google and Yahoo are going to be stricter with unauthenticated mails from 1 februari?
Google: https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Yahoo: https://senders.yahooinc.com/best-practices/
Especially tend to 3rd-party services you might use. In recent days I've seen a lot of requests to implement DNS changes. Sadly, often the bare minimum.
So, again a little help on the fundamentals of mail authentication: https://www.youtube.com/watch?v=gc58wubizx0&t=70s
Hey, instead of doing a weekly #WeekITtip I'm currently doing an #ITadvent tip every day until Christmass! I'm posting those on #LinkedIn. Today's tip is about Outlook COM going away in favor of web add-ins. Check out: https://www.linkedin.com/in/dmstork/recent-activity/all/
