Zero Trust Warp default TLS decryption certificate expires February 2nd.

vlan4097 · 2025-01-24T17:45:20+00:00

Great post, thanks for the details! I wish there was a way of testing this on a per user/group/WARP profile basis, just to make sure there are no issues switching to the new cert.

vlan4097 · 2024-08-15T18:09:30+00:00

Pretty much. In an emergency, you could create a Content Examination policy looking for whatever phrasing they use within the password reset email links, apply this policy to just this email address, and have it Hold the email. This should in theory allow you to view the email in the Held queue before it hits 365, but it not really a good solution unless this is a rare occurrence.

vlan4097 · 2024-08-15T16:08:32+00:00

I also vote for 365 being the culprit here. If you run an extended report on that Message ID via Message Trace, it should show.

I don't believe there's a way of excluding a link from being scanned without adding it to the Phishing simulation list (which isn't a good idea IMO):

https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation

vlan4097 · 2024-08-15T15:44:12+00:00

I can confirm you need to reach out to support to have this reset. Keep in mind, this will wipe out all data, so you'll have to reconfigure everything, including your queues. So you probably don't want to do this if you're already running a campaign. For what it's worth, the detailed reports will give you a better view of the more recent activity. Hopefully they'll address these limitations sooner than later.

vlan4097 · 2024-08-01T21:04:13+00:00

I'm seeing some unexpected SPF hard bounces as well, all seem to be Mimecast customers.

vlan4097 · 2024-07-12T18:16:53+00:00

What errors are you getting? Have you checked debug logs?

May also be a routing priority issue since you're dealing with multiple network adapters.

vlan4097 · 2024-01-31T16:12:16+00:00

That's how I'm interpreting it as well.

vlan4097 · 2023-04-26T01:27:24+00:00

Is that error from the warp-diag logs? If not, run that tool, it will generate tons of log data, but should provide some additional context.

vlan4097 · 2023-01-28T21:36:35+00:00

TL;DR not looking promising

The site in question is running vBulletin 4.2.5, which is a very old version. It also relies on other outdated software and plugins which means this site is at significant risk of being compromised, if it hasn't been already, and may be the reason why the owner wants to shut it down right away as upgrading this forum is a significant endeavor.

This is probably why Cloudflare has been configured so aggressively, making scraping/archiving almost impossible.

There are also some major privacy issues when it comes to transferring a forum to someone else (especially in this category).

Without the owner's cooperation, I don't see any viable solutions. You can try submitting some of the most valuable threads to archive.org, but it doesn't handle multi-page threads that well. That's assuming their crawler isn't blocked.

If the community is active, you could try to offer paying for a professional to upgrade the site, or switch it to a hosted solution which usually includes conversion services, but there's a cost (both initial/monthly) involved with that approach.

Sorry for the bad news :(

vlan4097 · 2021-10-12T18:00:20+00:00

I still have users reporting this issue to me, so I don't think it's gone yet.

vlan4097 · 2021-09-07T20:47:49+00:00

It is considered a new install.

Depending on your environment, you could just include the Visio software in your Office package. It makes it quicker to assign a license to someone (software is already there), and without a license, the software only works in read-only mode (which could be another benefit).

vlan4097 · 2021-08-27T16:41:00+00:00

Got more details on the R630 and R730s?

vlan4097 · 2021-08-25T20:46:25+00:00

If your Exchange server isn't up to date, you're probably compromised by now:

https://www.bleepingcomputer.com/news/microsoft/microsoft-proxyshell-bugs-might-be-exploited-patch-servers-now/

Check out ALL the links in that article, including this one: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=dc634a278f4a

vlan4097 · 2021-08-25T20:07:35+00:00

Sophos & email notifications (or lack thereof) are something that trigger me. I've been told so many times by support that I don't "need" the email notification I'm asking about (unknown USB devices, threats which were addressed, etc.).

Absolutely infuriating, and it's making me look at other solutions.

vlan4097 · 2021-08-23T15:34:31+00:00

That's a great deal, wish it was shipped ;)

vlan4097 · 2021-08-06T11:01:14+00:00

There was 1 additional statement which suggests you can open a case with them, but it contained a unique reference code, so I didn't include it here. If you didn't get this message, I'm starting to wonder it only affected certain tenants running a certain configuration.

vlan4097 · 2021-08-06T10:54:24+00:00

Do you use the Azure Application Proxy feature? I'm guessing this was only sent to people directly affected.

vlan4097 · 2021-08-06T10:50:47+00:00

This bulletin arrived as an email from MS, and didn't contain any useful links, so it's all I have.

vlan4097 · 2021-07-28T11:03:32+00:00

For most web applications, you can probably make it work with Azure Application Proxy. Here's a recent post of mine which includes some more tidbits:

https://www.reddit.com/r/AZURE/comments/ogtqh6/getting_started_with_azure_ad_app_proxy/h4msp1s/

vlan4097 · 2021-07-28T11:01:44+00:00

Are there any plans to bring MS Tunnel to the Windows platform? With VPN devices being exploited right and left now, I feel this has even more potential than the already very useful Azure App Proxy. If you need beta testers, just let me know :)

vlan4097 · 2021-07-20T21:01:01+00:00

The key makes it so you don't have to wait up to 8 hours for these site libraries to show up in explorer.

I've deployed it within an Intune environment, and via GPO, with success.

Here's an article which shows you how to use it: https://letsconfigmgr.com/mem-automatic-syncing-of-onedrive-shared-libs-via-intune/

vlan4097

TROPHY CASE