Cheat sheet with all Ports and rules needed for a Exchange Hybrid Infrastructure

Exchange Hybrid Ports Cheat Sheet

When working with Exchange I sometimes come to clients who already have a hybrid exchange configured environment. In many cases this is when the hybrid configuration does not work. To make things easier for myself, I created an overview that eliminates the pain of firewalls and networks.

To help you guys out in these situations i share my ports overview document with you, The document is mentions as a cheat sheet this means that you can adjust it and present it to the customers network team.

Overview

There are always some requirements for a Exchange hybrid environment

  • External IP for a seperate Hybrid flow that resolves to hybrid.domain.nl
  • You need to be sure that the hybrid server is part of the mail environment
  • Make sure autodiscover is set the right way
  • The Exchange server which is used for the Hybrid configuration needs to be in the LAN
  • Do NOT forget the Exchange online and Exchange online protection URL’s
  • If you do not have an external IP use the external IP of the autodiscover.
hybrid exchange ports cheat sheet
hybrid exchange ports cheat sheet

 

Click here to read other posts for more Exchange related posts.

 

Please follow and like us:

Revoke Access from compromised office 365 account

Revoke access

When you have aaccount in your organization that has been hacked or compromised you need to take immediate action to prevent a security dilemma inside of your organization.

For instance when the credentials of a account are compromised. This account can be used for sending out bad emails with malware  and even worse skimming. This will result in a bad Image for your company.

Actions against compromised account

When a account is compromised you need to revoke access to this account. You can perform this with a password reset. What most admin do not know is that this change does not kick in straight away. To speed this process up, the best thing to do is run a “Revoke-AzureADUserAllRefreshToken” on the user’s account. (make sure you are using the connect-azuread module)

Now you are sure that this account has a new password and logging in is impossible.

There is a scenario that the account can still send emails to others. In this case the best thing to do is to create a transport rule. The Transport rule can prevent the user to send out malicious emails.

There is also a way to prevent most of these dangers with the implementation of Azure AD identity protection.

 

 

Please follow and like us:

The Power of Enterprise Mobility Suite (EMS)

Microsoft Enterprise Mobility Suite (EMS) is set of tools including Microsoft Intune, Azure AD and Azure RMS to help you manage your mobile devices to control the mobilityof your users and customers. But where do you start?

Trying new technology is hard, particularly in Enterprise Mobility. Microsoft is the exception. With Enterprise Mobility Suite (EMS) you are up and running and trying mobility management in just a few minutes if you’re doing it right!

Enterprise Mobility Suite is a kind of group of mobility tools. As the name suggests Microsoft’s new and improved offering is a suite of often leading components, that come together.

“Where do I start with these tools?”

You’ll be set up in about 5 steps.

  1. Get a 30 day trial for Office 365(see below)
  2. Get a 30 day trial for EMS suite
  3. Synchronize an on-premises AD to Azure AD
  4. Configure mobile device authorities most of the time with a certificate
  5. Enroll a device
  6. And there you are

Microsoft has one place for user accounts: Active Directory.

One of the big benefits of EMS is that it doesn’t harm your identity strategy. You need Active Directory and with Enterprise Mobility Suite Microsoft safely extend your on-prem AD DS to the modern architecture  of Azure AD (you don’t need an on-prem AD as the solution is cloud stand-alone too).

The idea, of extending your on-prem AD to the internet, might sound daunting, but it really is a good idea. Because you are able to use your identities on lots of more places.

Office 365, Microsoft Intune and ANY apps you want can share your Azure AD. lots are built-in, out of the box (like Salesforce, Facebook, Box and Nomadesk)!

Manage Devices and Apps with Microsoft Intune

If identity is the fundamental of enterprise mobility management then device management is the first floor and application management is the second floor. Mobility management technology has evolved to deal with the newer challenges that mobility in today’s world faces.

You probably know of MDM – Mobile Device Management. MDM manages things like remote wipe, applying company policy I suppose an old school admin would see MDM as the Group Policy of the modern device world.

This type is the need to control what you need on a device. It’s an essential layer in today’s world. If you use Office 365 and or Azure, you want Microsoft Intune, no matter what device platform (Windows, iOS, Android).

Protecting Data with Azure Rights Management

Azure RMS will protect your data and only allow the people intended to have access to it under the right conditions. Protection has become much more important and easier to deliver.

Example: You install a Azure RMS Connector servers on-prem and your Exchange, SharePoint, and File Servers can be protected by Azure RMS. Besides that you can bring your own key and Azure will store your keys in a safe vault.

The Power of Tools

With the above you can do some amazing things. You can protect all your data on your OneDrive  and allow enrolled devices with MDM (Intune) to have access to the information where you have access to from any device.

In some situations EMS can help you out in the most worst case scenarios:

  • The user loses their device: You know that it protects the data at rest, even if you can’t remote wipe it.
  • If the user leaves the company: You can remove the apps and the data that the user was accessing and know they have no access to further data.
  • when the user sells their device without wiping it: You can block the devices access while leaving their access intact.

Quick Start trials

  1. Do you have an Office 365 trial? If not get one. If you do, make sure it’s still valid and then return to click Sign in.

Office 365 proberen

  1. Go get an Azure trial, or if you already have one you can just use that.
  2. Now go get a Microsoft EMS Trial, be sure to click the Sign in button and be signed in with your Office 365 trial. You can add EMS to your free Office365 Subscription.
Please follow and like us: