Category: Exchange


 

Hybrid modern authentication and prerequisites:

https://docs.microsoft.com/en-us/office365/enterprise/hybrid-modern-auth-overview

 

How to configure Exchange server to use HMA:

https://docs.microsoft.com/en-us/office365/enterprise/configure-exchange-server-for-hybrid-modern-authentication

 

 

 

Advertisements

Resources materials:

AD Security:

Preventing mimikatz attacks: https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5

https://adsecurity.org/?p=1684

https://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory

Mimikatz and Active Directory Kerberos Attacks:

https://adsecurity.org/?p=556

https://www.nsa.gov/ia/_files/app/Reducing_the_Effectiveness_of_Pass-the-Hash.pdf

https://www.nsa.gov/ia/_files/app/Spotting_the_Adversary_with_Windows_Event_Log_Monitoring.pdf

http://www.gentilkiwi.com/mimikatz    /   http://blog.gentilkiwi.com/

Scripts:

https://github.com/iadgov/Pass-the-Hash-Guidance
https://github.com/iadgov/Event-Forwarding-Guidance

Domain lockdown: https://github.com/curi0usJack/activedirectory

Microsoft resources:

http://www.microsoft.com/pth

http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf

http://blogs.technet.com/b/security/archive/2014/07/08/new-strategies-and-features-to-help-organizations-better-protect-against-pass-the-hash-attacks.aspx

 

Pass the Hash – isolation technique:

passTheHash

 

Message Header analyzer

How to troubleshoot email message:

https://testconnectivity.microsoft.com/MHA/Pages/mha.aspx

plug-in for outlook: https://appsource.microsoft.com/en-us/product/office/WA104005406

 

 

 

In the context of Exchange Hybrid and distribution groups:

http://info.adaptivedge.com/blog/2017/04/30/how-to-enable-office-365-group-writeback-for-a-hybrid-coexistence-environment

Configure Office 365 Groups with on-premises Exchange Hybrid:
https://technet.microsoft.com/en-us/library/mt668829(v=exchg.150).aspx

 

There is no way by default; only after O365 groups creation using this powershell script:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

#Get all Office 365 Groups that have have the Welcome Message enabled

$O365Groups = Get-UnifiedGroup | Where-Object{$_.WelcomeMessageEnabled -eq $true}

#Iterate through the Groups, disabling the Welcome Message

foreach ($group in $O365Groups) {

Write-Host “Disabling Welcome Message on O365 Group: ” -NoNewline;

Write-Host $group.DisplayName -ForegroundColor Cyan

Set-UnifiedGroup $group.Identity -UnifiedGroupWelcomeMessageEnabled:$false

}

#Close the Session

Remove-PSSession $Session

How to display Room mailbox settings with PowerShell:

 

References:

https://o365info.com/room-mailbox-powershell-commands/

How to install the Exchange management tools and PowerShell cmdlets:

For Exchange 2016:

https://technet.microsoft.com/en-us/library/bb232090(v=exchg.160).aspx

in short: Setup.exe /Role:ManagementTools /IAcceptExchangeServerLicenseTerms

Best practices:

Connecting to Exchange on-premises using PowerShell remoting is a simple task, and means that you do not need to go the trouble of installing the Exchange management tools on your computer just to perform day to day administrative tasks.

There are three steps to establishing a remote PowerShell session to your Exchange server:

  • Capture admin credentials
  • Create a new PSSession
  • Import the PSSession

https://practical365.com/exchange-server/powershell-function-to-connect-to-exchange-on-premises/

Usage: Connect-Exchange -URL exchange2.mydomain.local

 

Scripts repository for Exchange:

https://github.com/cunninghamp/Powershell-Exchange

 

 

 

Web resources:

https://practical365.com/exchange-server/hybrid-exchange-office-365/

 

How to move Mailbox to Exchange online:

https://technet.microsoft.com/en-us/library/o365e_hrcmoverequest_fl312271(v=exchg.150).aspx

About Office 365 message encryption:

New Office 365 Message Encryption capabilities built on top of Azure Information Protection, your organization can use protected email communication with people inside and outside your organization. The new OME capabilities work with other Office 365 organizations, Outlook.com, Gmail, and other email services

OME How to:

https://support.office.com/en-us/article/office-365-message-encryption-ome-f87cb016-7876-4317-ae3c-9169b311ff8a