Tony Redmond

Exchange Online transport (mail flow) rules are a powerful way to ensure that email from Office 365 tenants to specific recipients are encrypted in a consistent manner. Using rules relieves the need for users to become involved and makes sure that email is protected in a way that recipients can read messages. It’s a good way to use the protection features built into Office 365.

Office 365 serves a wide spectrum of organizations. Many are very small, some belong to government agencies, and some are used by large enterprises. And in the enterprise space, mergers, acquisitions, and divestitures are common events.

No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.

A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that’s tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.

The signs are that Office 365 will store more encrypted content as time goes by. But ISV products might not be able to process that content because they cannot decrypt it. All of which creates the prospect that you might archive or move data somewhere only to discover later that it is inaccessible. And that’s a bad thing.

Most Office 365 users might be unaware of SharePoint’s Document ID service, which generates unique document identifiers for documents in a site. That’s OK, because records management is not the kind of subject that turns everyone on. But business situations do occur when document IDs might be useful, which is why I went looking at how this SharePoint feature works.

Exchange 2010 will become unsupported on January 14, 2020. It’s time to decide whether to move to Office 365 or Exchange 2016/2019. Exchange 2010 was a really big and important release in the 23-year history of the product, so it’s sad to see it heading to the software scrapyard.

Azure Conditional Access policies are pretty powerful, especially when applications accommodate their controls. OWA and SharePoint Online can co-operate with conditional access policies to block the ability of Office 365 users to download email attachments and documents. Although not a perfect solution, it’s a good start.

Microsoft is still building out the new OWA (for Exchange Online) interface. One new feature is the ability to make categories into Outlook favorites. This seems like a small thing, but it’s really quite useful if you make an effort to use categories. Some people will love it. Some will say “blah.”

Microsoft plans to create an automatic policy to encrypt outbound email containing sensitive data for all Office 365 tenants. It sounds like a good idea until you begin looking at the operational consequences of such an action. For instance, how to insert a new transport rule into a complex set of existing rules. All in all, this is not a good plan.