Posts by
Jaap is a Microsoft MVP for Office Apps and Services. Jaap is an independent consultant, primarily focusing on Exchange server, Skype for Business and Office 365.
Recently I had to upgrade my Azure AD Connect server from version 1.x to version 2.x, and I blogged about in my December 2021 blog article "Upgrade Azure AD Connect from 1.x to 2.x". After the upgrade I had to upgrade my Azure Active Directory Password Protection services as well since I installed a new server and decommissioned the old one.
The last couple of years we have seen several security breaches in IT, leading to serious impact and financial losses. Not only in the United States, but also in the rest of the world. Last year here in Holland we have seen two respected companies in a lawsuit, where one company was compromised, leading to a financial loss of a 7-digit number of the other company. The first company was running their environment in Office 365, but because of a weak password, the mailbox of a financial controller was compromised.
Previously, MVP Nicolas Blank wrote an interesting article "Having an Identity Crisis" and it talked about all kinds of attacks on your environment. One such attack is on user email. Users tend to choose a password that is easy for them to remember and this makes the password weak and easy to guess by others. Even with some social engineering, user passwords are easy to retrieve, as can be seen on this YouTube clip What is your password?
Almost a year ago, in March 2020, I wrote an article called Microsoft stops basic authentication, now what on this site about Microsoft’s plan to decommission Basic Authentication in Office 365. The Covid-19 pandemic took over the world and a lot of projects were postponed. This was also the case of the Basic Authentication project at Microsoft, but the decommissioning is still planned although there are some serious changes in Microsoft’s planning. Time for an update.
In Part 1, I discussed the implication of CFO fraud and how it can affect your company. It can cost a lost of money when transferred to the wrong accounts, CEOs and CFOs get fired and I won’t mention the reputational damage, which can also be substantial. I also discussed the technical part to fight this (i.e. implementing SPF, DKIM and DMARC). This can help you prevent external mail servers trying to spoof your domain and trying to impersonate your users.
