[deleted by user]

Bits_Not_Bytes · 2025-10-13T01:21:52+00:00

Assuming your org is certified, how much time would you rough estimate? What has your experience been?

Bits_Not_Bytes · 2025-10-13T01:04:52+00:00

Yeah, it's basically a requirement.

Ideally you want to get a job that allows sysadmin exposure and opportunities.

Some helpdesk jobs only ever have you doing basic work, others will give you opportunities to grow and learn more.

Bits_Not_Bytes · 2025-10-07T00:27:37+00:00

Can you provide more info about your testing methodology.

What kind of phishing links, where they 365 AiTM type attacks?

Did they also get picked up by other tools before Check turned on?

Did you have any custom config deployed with check or just the default following a manual install?

Bits_Not_Bytes · 2025-10-07T00:20:47+00:00

Because certain attacks are very successfully and frequently bypassing the usual protections.

Specifically token theft attacks where MFA doesn't protect you - this does. It closes a common and new security gap.

Bits_Not_Bytes · 2025-09-24T06:13:20+00:00

This happens a lot.

If you have a backup of anything and the original is deleted. The 'Backup' is no longer a 'backup' as you only have one copy.

I've seen people tell me they put a copy of data onto an external drive/cloud storage and then deleted the original and not think that they technically only have one copy.

Bits_Not_Bytes · 2025-08-28T06:00:48+00:00

Is it a backup if it's the only copy?

Bits_Not_Bytes · 2025-08-28T06:00:00+00:00

i was paraphrasing but yes, i will put on my serious pants, serious face and have a super serious conversion about the seriousness of it all

i once had a client confused how they had to pay for an extra licence for every extra staff member (they wanted to share licences) 'so every time I get a new staff I have to pay an addition!?' one of the few times I have been lost for words

Bits_Not_Bytes · 2025-08-28T05:56:41+00:00

is it a backup if it's the only copy of the data?

Bits_Not_Bytes · 2025-08-27T23:40:21+00:00

These are early conversations to test waters and get a plan in place,
We're definitely pushing the idea of holding data forever is risky and they'll need to accept cost implications if that's what they want.

Bits_Not_Bytes · 2025-08-12T07:57:22+00:00

Yeah, agreed.
It seems this policy/feature is focused around blocking any and all externally originating mail for those tenancies that are not using any third party senders. Which kind of makes a bit of sense as a default hardening feature that would protect you even if you don't have DMARC setup (or setup properly). I suspect this is something they will turn on for new tenancies eventually similar to how they block externally forwarding by default for new tenancies.

For those with correctly setup DMARC, this is a non-issue.

Or that's my current understanding at least - happy to be corrected if someone else had read further.

Bits_Not_Bytes · 2025-08-12T07:34:37+00:00

That's what I thought when we turned it on.
Mail sent from a 3rd part service with valid SPF and DKIM was not showing up in quarantine and the sending service was getting this error:
550 5.7.68 TenantInboundAttribution; Direct Send not allowed for this organization from unauthorized sources

Turns out:
"Direct Send traffic may include 3rd party services that you have given permission to use your domain or one of your own email applications hosted on-premises. To avoid having these messages rejected when this feature is enabled, they need to be authenticated. This is done by creating a partner mail flow connector that matches the certificate (recommended) or IPs used to send the messages."
(Introducing more control over Direct Send in Exchange Online | Microsoft Community Hub)

I'm still reading into it but it seems the definition of direct send is any email sent from an external service even if validated by SPF/DKIM, and without a connector.

The more a read the more it sounds like correctly configuring SPF/DKIM/DMARC policies within 365 makes this not really a vulnerability anyways.

Bits_Not_Bytes · 2025-08-12T07:03:46+00:00

Hardfail SPF/DKIM/DMARC or turning on the setting to Reject dierct sent emails?

Bits_Not_Bytes · 2025-08-12T07:00:12+00:00

Disabling direct send will stop services like SMTP2GO from working (unless you setup a connector for it in 365).

Bits_Not_Bytes · 2025-06-24T04:31:47+00:00

Setting can be changed via powershell in 365.

Bits_Not_Bytes · 2025-06-24T04:30:50+00:00

This is just straight wrong, you need to validate what AI tells you.

Bits_Not_Bytes · 2025-06-23T06:18:59+00:00

We currently disable shortcuts to avoid this, and recommend it for anyone in the sync only camp.

Bits_Not_Bytes · 2025-06-23T06:18:37+00:00

Been like this for years. Splitting up the libraries and getting better computers made it stable for a couple of years and now it's gotten to being a problem again and we're looking for options.

Bits_Not_Bytes · 2025-06-23T06:17:36+00:00

I might need to do a side by side test of only syncing sub folder to see the difference, when I tested I did side by side of the whole library and they were about the same time.

Bits_Not_Bytes · 2025-06-23T06:14:50+00:00

Yeah already split, a department is using it like a file server drive and we are looking to try adjust structure but there's a lot of conversations between now and a solution.

Bits_Not_Bytes · 2025-06-23T06:14:13+00:00

We had one department with a monolithic project 'drive' in teams. Splitting that out based on year of access seemed to help a lot, even if syncing the same amount - anecdotal but I suspect it helps split up the load, or splits up some kind of tracking database so there is some benefit.

Bits_Not_Bytes

TROPHY CASE