PSA: Exchange Online Admin API (EWS replacement subset) now available (preview). REST-like alternative for some EWS scenarios, but not full REST replacement; cmdlets still recommended for full functionality https://techcommunity.microsoft.com/blog/exchange/announcing-public-preview-exchange-online-admin-api/4470562?WT.mc_id=M365-MVP-5000284 #MSExchange #EWS

Endlich mal konkrete Infos, von #Outlook zu #Thunderbird und von #MSExchange zu #OpenExchange 👍 https://winfuture.de/news,154283.html

We’ve just released security updates for #MSExchange Server 2016-SE. These updates are the last publicly available SUs for Exchange Server 2016 and 2019.

Learn more: https://techcommunity.microsoft.com/blog/exchange/released-october-2025-exchange-server-security-updates/4461276

Hybrid Exchange issues with Free/Busy? It's planned nudge day 3 of 3. Test-OAuthConnectivity likely shows 403 error, eg running (mix with) Exchange with pre-April patch levels. Affected? Act soon, permanent after EoM! https://bit.ly/ETOSecChanges #MSExchange

MS Exchange gibt es seit 1996. SMTP gibt es seit 1982. Microsoft adaptierte die Technologie und zwang Firmen ihre Server auf. Im Internet spielt #MSExchange kaum eine Rolle. Fast 90% sind Open Source. Exchange kennt man primär daher, wenn mal Probleme mit Mailservern auftreten. Und dann bekommt man kryptische Fehlermeldungen, die nicht-standard SMTP sind. Das Krisenmanagement der Landesregierung ist aber schlecht. Der Weg aber richtig. Weg vom Monopol hin zu Standards .

BTW: from October 1st new Accepted Domains will automatically use the new MX infrastructure, which will maken enabling DANE a little less of a hassle as there should be no change in your MX record. See MC1048624 or https://mc.merill.net/message/MC1048624

#Security #SMTP #MSExchange #Microsoft365 #DANE

You must enable DANE on your domain as this change is currently only present on the new https://mx.microsoft infrastructure. Currently for existing accepted domains this is the way to transition to the new infrastructure, although eventually new accepted domains will use this automatically (you do still need to enable DNSSEC & DANE). See more on DANE here https://learn.microsoft.com/en-us/purview/how-smtp-dane-works?wt.mc_id=M365-MVP-5000976

#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate

Although for hosted services you do not have control over their certificate management, however I would find it reassuring if such a service would implement CAA. And: Since a few days #MSExchange Online now has CAA records!

#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate

With upcoming changes in the maximum validity period of certificates (max 200 days in 2026, 100 in 2027, 47 in 2029) the use of ACME (Automated Certificate Management Environment) will certainly increase. The addition of CAA and combination with ACME is another layer in your security stack. It's recommended for Dutch governments.

#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate

You all know I like to use the https://internet.nl internet standards test. Recently they added the Certificate Authority Authorization or CAA DNS record check. This record signals which Certificate Authority is allowed during the certificate request process and CA's should honor this record and only issue a certificate when it's listed.

#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate

PSA: Hotfixes arrived for Exchange 2016-SE to fix a cross-prem issue for the Move to Archive retention tag using dedicated Hybrid app https://eightwone.com/2025/09/08/hotfix-updates-exchange-2016-se-sep2025/ #MSExchange

We’ve just released a Hotfix Update for #MSExchange Server 2016 - SE. Please check the blog post for more details: https://techcommunity.microsoft.com/blog/exchange/released-september-2025-exchange-server-hotfix-updates/4448721

The biggest gain is achieved by changing your default domain and checking existing objects. In addition, the default DKIM signing domain is often the MOERA domain. Take a moment to properly configure each custom domain as well, enhancing #security.

Read more here for a more detailed explanation and how to monitor the use of MOERA domains: https://techcommunity.microsoft.com/blog/exchange/limiting-onmicrosoft-domain-usage-for-sending-emails/4446167?WT.mc_id=M365-MVP-5000976

#WeekITtip #MSExchange #Microsoft365

Last week #Microsoft announced an important change throttling #MSExchange Online outbound mail using *.onmicrosoft.com, or MOERA (Microsoft Online Exchange Routing Address). This is done to limit malicious\unsolicited mails from trail tenants, which is indeed a problem.

The impact for organizations using custom domains is limited. However, orgs might not be aware that some non-user objects use MOERA domains per default (i.e. Booking app, notifications etc.).

#WeekITtip #Microsoft365 #Security

There are more similar changes already in preview and on the roadmap, but this is indeed a very big step in ending the era of maintaining an Exchange server “just because we sync our AD" and providing more flexibility in identity provisioning and governance.

Read more: https://techcommunity.microsoft.com/blog/exchange/introducing-cloud-managed-remote-mailboxes-a-step-to-last-exchange-server-retire/4446042?wt.mc_id=M365-MVP-5000976

#IAM #MSExchange #EntraID #Microsoft365

This is big #MSExchange news! Today #Microsoft posted an article introducing the preview of the IsExchangeCloudManaged parameter in which you can shift the start-of-authority of Exchange attributes on hybrid identities from on-prem to cloud.

When enabled on a mailbox, you can manage synced identities mail properties directly in Exchange Online. Previously this was not possible and the reason you required an on-prem Exchange Server for management (or serverless with Management Tools).

In addition to Group SOA Preview, Remote Mailbox SOA Preview also arrived today https://techcommunity.microsoft.com/blog/exchange/introducing-cloud-managed-remote-mailboxes-a-step-to-last-exchange-server-retire/4446042?WT.mc_id=M365-MVP-5000284 #MSExchange #Hybrid #LES

ICYMI: Happy Patch Tuesday! Security Updates Exchange 2016-2019 & SE (Aug2025) are here https://eightwone.com/2025/08/12/security-updates-exchange-2016-2019-se-aug2025/ #MSExchange

New August 2025 #security update for #MSExchange! There are some vulnerabilities fixed, as of now not active in the wild but no reason to procrastinate. Small note: now AMSI HTTP Message body scanning will be enabled per default. Read more and find #Microsoft download links here: https://techcommunity.microsoft.com/blog/exchange/released-august-2025-exchange-server-security-updates/4441596?wt.mc_id=M365-MVP-5000976

Direct Send is defined as your organization sending mail to #MSExchange Online using a sender domain that is an accepted domain AND which is not send via any authentication (user or via Connectors). In some cases you might require this functionality, however this obviously can open your organization up to receive spoofed mails. Those should be filtered, but depending on the complexity the ability to disable Direct Send is a welcome option.

#WeekITtip #Security #SMTP #Mail #Microsoft365