EOP Field Notes

Exchange Online Protection: Notes from the field

All good things eventually come to an end

If you follow @MSDNService on Twitter you may have seen that MSDN & TechNet blogs will be...

Author: Andrew Stobart Date: 06/12/2019

Determine which Exchange Online connector an inbound message was attributed to

This is a quick tip for something that I'm asked quite often. The scenario is that you have created...

Author: Andrew Stobart Date: 02/22/2019

Use headers to determine which Exchange Online tenant a message was attributed to

Consider the following mail flow. On-premises environment --> Your Exchange Online tenant -->...

Author: Andrew Stobart Date: 01/03/2019

Did I get zapped by ZAP?

ZAP, also known as Zero-hour Auto Purge, is a protection feature in Exchange Online that can move...

Author: Andrew Stobart Date: 12/13/2018

Figure out which spam filter marked a message as spam

It has been quiet around these parts as of late. Much too quiet. To put that to an end, I have a...

Author: Andrew Stobart Date: 10/29/2018

Cleaning up a full recoverable items folder

I recently worked with an organization where one of their users had a full Recoverable Items folder....

Author: Andrew Stobart Date: 03/26/2018

Combating Display Name Spoofing

My lack of updates around these parts can be attributed to the craziness of work over the last few...

Author: Andrew Stobart Date: 02/09/2018

Expert Office 365 – Notes from the Field… The Book

Microsoft Canada recently published a book on Office 365 titled Expert Office 365 – Notes from the...

Author: Andrew Stobart Date: 11/27/2017

Troubleshooting Transport Rules that are set to “Do not audit”

When creating a transport rule, please…. PLEASE, do not disable auditing. Your rule auditing setting...

Author: Andrew Stobart Date: 10/23/2017

Don’t forget about the security and compliance center

For those of you that are Exchange Online Protection veterans, it may be second nature to always...

Author: Andrew Stobart Date: 07/05/2017

EOP resources for malware prevention

In light of the recent malware news, a couple of my colleagues put together a list of Exchange...

Author: Andrew Stobart Date: 05/25/2017

Find AD Objects with an Incorrect TargetAddress

When you have a hybrid environment setup with Exchange Online, you’ll notice a new Accepted Domain...

Author: Andrew Stobart Date: 05/19/2017

Keep headers intact when forwarding a message

In my line of work, I am constantly requesting message samples from organizations so that I can...

Author: Andrew Stobart Date: 04/17/2017

Custom RBAC role to allow access to only the Action Center

May 2019 Update: We recommend that you use the Security & Compliance Center to remove users that...

Author: Andrew Stobart Date: 03/14/2017

When a certificated based connector is not working

I recently worked with an organization that had an Exchange Online inbound connector which accepted...

Author: Andrew Stobart Date: 02/23/2017

Upcoming Exchange Online connector changes pushed back

Today we announced that the connector changes that were planned for Exchange Online have now been...

Author: Andrew Stobart Date: 01/30/2017

Convincing phishing message and how ATP helped the remediation

Phishing messages are continuing to evolve and look ever more convincing. It’s scary to see just how...

Author: Andrew Stobart Date: 01/26/2017

Microsoft Canada is celebrating Azure today

Update: The Julia White tweetchat has been postponed to January 19. This article has been updated to...

Author: Andrew Stobart Date: 01/17/2017

Top ten posts of 2016

It’s a new year, and that means it’s time to look back at the top posts on this blog for last year....

Author: Andrew Stobart Date: 01/13/2017

Happy Holidays!

With my move to special projects this year, I wasn’t able to post as many articles as I would have...

Author: Andrew Stobart Date: 12/23/2016

Release from quarantine and safe list the sender in one click

I recently found a new option you can select when releasing a message from the quarantine. While...

Author: Andrew Stobart Date: 11/21/2016

Disclaimers and calendar invites

Rather than tease you with a witty, or even humorous opening paragraph, I’m going to instead jump...

Author: Andrew Stobart Date: 10/28/2016

The Common Attachment Types Filter

The Common Attachment Types Filter is a feature that was rolled out to Exchange Online earlier this...

Author: Andrew Stobart Date: 10/13/2016

Create a Custom Management Role for Granular Permissions in Exchange Online

Creating custom management roles can be very powerful, and they not nearly as complicated as one...

Author: Andrew Stobart Date: 10/05/2016

Take Action Yourself on Blocked IPs and Banned Senders in Office 365

I have recently found that many organizations are unaware that they can take action on their own...

Author: Andrew Stobart Date: 09/14/2016

Interesting case where Exchange is not installed on-premises

I’ve recently been working on projects as opposed to cases, and so I haven’t had anything too...

Author: Andrew Stobart Date: 08/02/2016

Interesting Exchange Online articles from the year so far

After being out of the office for four months, there is a lot I need to catch up on! Over the past...

Author: Andrew Stobart Date: 05/27/2016

Introducing Spoof Mail Reports

The following article was written by Rob McCarthy who is a Business Program Manager for Readiness in...

Author: Andrew Stobart Date: 05/19/2016

I'm back!

Hi all, thank you for the kind comments on my last post where I talked about being away from work....

Author: Andrew Stobart Date: 05/18/2016

Where's Andrew?

It's been just over two months since my last story and about time I post an update here. Since early...

Author: Andrew Stobart Date: 03/15/2016

Bulk editing of Safe Sender lists

The following article was written by Richard Deprez who is a Support Escalation Engineer for...

Author: Andrew Stobart Date: 01/05/2016

Top blog posts from 2015

It’s the last day of 2015 and I thought it would be interesting to look back on the top blog posts...

Author: Andrew Stobart Date: 12/31/2015

Troubleshooting and Identifying Spoofing Attacks

Even with technologies like SPF, DMARC, and DKIM, spoofing and phishing attacks are still extremely...

Author: Andrew Stobart Date: 12/23/2015

Attack against my Exchange 2013 lab server

I recently came across an attack on my Exchange 2013 lab server and want to share I saw. While this...

Author: Andrew Stobart Date: 12/14/2015

Parsing an extended message trace

Regular message traces are sufficient for most mail flow troubleshooting, but occasionally we need...

Author: Andrew Stobart Date: 12/01/2015

Auditing transport rules

Transport rules contain an Audit setting that is often misunderstood and unchecked without realizing...

Author: Andrew Stobart Date: 11/10/2015

Outbound DKIM signing in Office 365

Every week I work with multiple customers that have experienced phishing attacks where their own...

Author: Andrew Stobart Date: 10/23/2015

EOP Mysteries Solved – Inbound messages from a particular sender arrive with no subject or body

This is an interesting case that I recently worked on and would like to share as part of this...

Author: Andrew Stobart Date: 10/09/2015

Exchange Server 2016 is now available

Exchange Server 2016 was released this morning and is now available for download. The Exchange Team...

Author: Andrew Stobart Date: 10/01/2015

Keeping up to date with Office 365 News

The following article was written by Irol Melisa Pinto who is a Technical Advisor for Exchange...

Author: Andrew Stobart Date: 09/11/2015

Useful Wireshark Filters for Mail Flow Troubleshooting

There are some problems that you just can’t solve without getting a network capture with tools...

Author: Andrew Stobart Date: 08/27/2015

Why TestConnectivity.Microsoft.com shows EOP as an open relay

The following article was written by Irol Melisa Pinto who is a Technical Advisor for Exchange...

Author: Andrew Stobart Date: 08/20/2015

Common Attachment Blocking (CAB) is coming to EOP

UPDATE: Common Attachment Blocking has been released in EOP as the Common Attachment Types Filter....

Author: Andrew Stobart Date: 08/19/2015

Find the sending client IP for messages sent from an Exchange Online mailbox

I recently worked with an organization that had a single Exchange Online mailbox become compromised....

Author: Andrew Stobart Date: 08/07/2015

New Data Loss Prevention documentation

I don't typically write about TechNet updates, but in this article I'm making an exception....

Author: Andrew Stobart Date: 07/31/2015

Learn Exchange Online PowerShell with Command Logging

When you are navigating or making changes in the Exchange Online portal, PowerShell is being...

Author: Andrew Stobart Date: 07/10/2015

EOP Mysteries Solved - Mail queuing in EOP which is destined on-premises

This is a new series of articles for this blog that were inspired by Mark Russinovich’s Case...

Author: Andrew Stobart Date: 07/08/2015

Support Hot Topics - Reducing the threat of zero-day malware

Welcome to the second episode in our Support Hot Topics for Exchange Online Protection series. I’m...

Author: Andrew Stobart Date: 06/26/2015

An Introduction to the new Spam Filter Allow and Block Lists

Rather than start this article with an appetizer, I’m going to switch things up and dive right...

Author: Andrew Stobart Date: 06/18/2015

Scheduling Mail Reports in Office 365

Obtaining reports in the past was a manual task which had to be performed every time you wanted to...

Author: Andrew Stobart Date: 06/12/2015

Next>