Security

Swiss Domain Security Report Q3 2022

Swiss Domain Security Report Q3 2022

Andres Bohren
Hi All, In 2015 i wanted to know how many SMTP Servers used STARTTLS, SPF, DKIM, DMARC. I’ve programmed a Webspider with PowerShell and collected about 100'000 Domains. Then made another Script that queried those domains and made SMTP Connect to find out if STARTTLS was in the ELHO Response. The Result was a Report of about 100'000 Domains from the .ch Top Level Domain. The Results from 2015: About 90% of the Domains used MX About 75% of the SMTP Servers offered STARTTLS About 28% of the Domains with MX had an SPF Record About 1% or less DKIM and DMARC was barely present In 2022 i have extracted the Open Data of Switch DNS Zone Data for the .
Windows Hello for Business - Hybrid Cloud Kerberos trust

Windows Hello for Business - Hybrid Cloud Kerberos trust

Andres Bohren
Hi All, In this Blog Article i show you how you can enable Hybrid Cloud Kerberos Trust. So you can use Windows Hello for Business (WHfB) to authenticate with Kerberos to your OnPremise Active Directory Resources. Overview An Architectual Overview can be found Here Enable passwordless security key sign-in to on-premises resources by using Azure AD Enable Cloud Kerberos Trust How SSO to on-premises resources works on Azure AD joined devices
HTTP Security Headers

HTTP Security Headers

Andres Bohren
Hi All, Recently my Colleque Tobias Asböck made me aware of the HTTP Security Headers. You can test the Security Headers with the Online Scan from Scott Helme. Ouch - that did not look good for my Website hosted on Azure App Service. So how do i add these Headers? It’s in the web.config File of the Project right afer the system.web configuration <system.webServer> <security> <requestFiltering removeServerHeader="true" /> <!-- Removes Server header in IIS10 or later and also in Azure Web Apps --> </security> <httpProtocol> <customHeaders> <clear /> <!
Azure Information Protection Unified Labeling (AIP UL) 2.16.73

Azure Information Protection Unified Labeling (AIP UL) 2.16.73

Andres Bohren
Hi All, A few days ago, Microsoft has released a new Version of the Microsoft Azure Information Protection labeling client. Download Microsoft Azure Information Protection 2.16.73.0 Running the Installation with the *.msi File The Installer removes the old version and installs the new Version on the Client. You can find “Azure Information Protection Viewer” in the Startmenu Here you go. The new Version is installed Regards Andres Bohren Azure Logo
Azure AD Conditional Access Token protection (Preview)

Azure AD Conditional Access Token protection (Preview)

Andres Bohren
Hi All, Recently Microsoft has anounced Conditional Access Token Protection Preview. Token protection (also known as token binding) attempts to reduce attacks using token theft by ensuring a token is usable only from the intended device. When an attacker is able to steal a token, by hijacking or replay, they can impersonate their victim until the token expires or is revoked. Token theft is thought to be a relatively rare event, but the damage from it can be significant.
Passkey with Google

Passkey with Google

Andres Bohren
Hi All, A year ago, Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins. Read more about the Passkey on the Website from FIDO Alliance What are Passkeys? Passkeys are a password replacement that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are resistant to phishing, are always strong, and are designed so that there are no shared secrets.
Purview DLP in Exchange Online now detects password protected PDF

Purview DLP in Exchange Online now detects password protected PDF

Andres Bohren
Hi All, Back in January, Microsoft has annouced that the Exchange Online Transport Rule (ETR) Condition “Attachment ist Password protected” will now also support PDF Files. You can read the Documentation: Use mail flow rules to inspect message attachments in Exchange Online If you look at a PDF (File > Properties) Security > Show details Note: Files with “Permissions Password” (Print, Edit and Copy Blocks with Password) are not affected by the Condition “Attachment ist Password protected”

AIPService PowerShell Module 2.0.0.3 released

Andres Bohren
Hi All, Just a few Hours ago, Microsoft has release a new Version of the AIPService PowerShell Module to the PowerShell Gallery. AIPService 2.0.0.3 https://www.powershellgallery.com/packages/AIPService/2.0.0.3 AIPService on Microsoft Learn https://learn.microsoft.com/en-us/powershell/module/aipservice/?view=azureipps Let's check the installed Version and what's available on the PowerShell Gallery Get-InstalledModule AIPService Find-Module AIPService Uninstall the old PowerShell Module and install the newest one Uninstall-Module AIPService Install-Module AIPService Get-Installed Module AIPService To connect use this Command Connect-AadrmService Let's check if it is enabled

Microsoft 365 Defender Advanced Hunting with PowerShell

Andres Bohren
Hi All, You might already know, that i am a big Fan of Defender for Office 365 Advanced Hunting. It's easy and fast to analyze the last 30 Days of your Messaging Logs. Defender for Office 365 Advanced Hunting https://blog.icewolf.ch/archive/2021/08/23/defender-for-office-365-advanced-hunting.aspx I've published some of the KQL Querys in my GitHub Rpo https://github.com/BohrenAn/GitHub_PowerShellScripts/blob/main/ExchangeOnline/EOPAdvancedHunting/AdvancedHunting.kql You can find Advanced Hunting it in de Microsoft 365 Defender Portal https://security.microsoft.com/v2/advanced-hunting To Access these Querys with PowerShell we need to have an Azure Active Directory Application

Exchange Online sends now DMARC Aggregate Reports

Andres Bohren
Hi All, As a Messaging Engineer / Architect i am well familiar with all the Messaging Standards that help to improve the Security of your Domain. Check out my Get-Mailprotection.ps1 Script SPF / DKIM / DMARC https://blog.icewolf.ch/archive/2015/02/28/spf-dkim-dmarc.aspx DMARC Advisor - so far the best DMARC Reporting Tool https://blog.icewolf.ch/archive/2021/11/29/dmarc-advisor.aspx Lately there has been an Anoucement that Exchange Online will also send DMARC Aggregate Reports (RUA) if the MX Points directly to Exchange Online.