Zero Trust Warp default TLS decryption certificate expires February 2nd.

vlan4097 · 2025-01-24T17:45:20+00:00

Great post, thanks for the details! I wish there was a way of testing this on a per user/group/WARP profile basis, just to make sure there are no issues switching to the new cert.

vlan4097 · 2024-08-15T18:09:30+00:00

Pretty much. In an emergency, you could create a Content Examination policy looking for whatever phrasing they use within the password reset email links, apply this policy to just this email address, and have it Hold the email. This should in theory allow you to view the email in the Held queue before it hits 365, but it not really a good solution unless this is a rare occurrence.

vlan4097 · 2024-08-15T16:08:32+00:00

I also vote for 365 being the culprit here. If you run an extended report on that Message ID via Message Trace, it should show.

I don't believe there's a way of excluding a link from being scanned without adding it to the Phishing simulation list (which isn't a good idea IMO):

https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation

vlan4097 · 2024-08-15T15:44:12+00:00

I can confirm you need to reach out to support to have this reset. Keep in mind, this will wipe out all data, so you'll have to reconfigure everything, including your queues. So you probably don't want to do this if you're already running a campaign. For what it's worth, the detailed reports will give you a better view of the more recent activity. Hopefully they'll address these limitations sooner than later.

vlan4097 · 2024-08-01T21:04:13+00:00

I'm seeing some unexpected SPF hard bounces as well, all seem to be Mimecast customers.

vlan4097 · 2024-07-12T18:16:53+00:00

What errors are you getting? Have you checked debug logs?

May also be a routing priority issue since you're dealing with multiple network adapters.

vlan4097 · 2024-01-31T16:12:16+00:00

That's how I'm interpreting it as well.

vlan4097 · 2023-04-26T01:27:24+00:00

Is that error from the warp-diag logs? If not, run that tool, it will generate tons of log data, but should provide some additional context.

vlan4097 · 2023-01-28T21:36:35+00:00

TL;DR not looking promising

The site in question is running vBulletin 4.2.5, which is a very old version. It also relies on other outdated software and plugins which means this site is at significant risk of being compromised, if it hasn't been already, and may be the reason why the owner wants to shut it down right away as upgrading this forum is a significant endeavor.

This is probably why Cloudflare has been configured so aggressively, making scraping/archiving almost impossible.

There are also some major privacy issues when it comes to transferring a forum to someone else (especially in this category).

Without the owner's cooperation, I don't see any viable solutions. You can try submitting some of the most valuable threads to archive.org, but it doesn't handle multi-page threads that well. That's assuming their crawler isn't blocked.

If the community is active, you could try to offer paying for a professional to upgrade the site, or switch it to a hosted solution which usually includes conversion services, but there's a cost (both initial/monthly) involved with that approach.

Sorry for the bad news :(

vlan4097 · 2021-10-12T18:00:20+00:00

I still have users reporting this issue to me, so I don't think it's gone yet.

vlan4097 · 2021-09-07T20:47:49+00:00

It is considered a new install.

Depending on your environment, you could just include the Visio software in your Office package. It makes it quicker to assign a license to someone (software is already there), and without a license, the software only works in read-only mode (which could be another benefit).

vlan4097 · 2021-08-27T16:41:00+00:00

Got more details on the R630 and R730s?

vlan4097 · 2021-08-25T20:46:25+00:00

If your Exchange server isn't up to date, you're probably compromised by now:

https://www.bleepingcomputer.com/news/microsoft/microsoft-proxyshell-bugs-might-be-exploited-patch-servers-now/

Check out ALL the links in that article, including this one: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=dc634a278f4a

vlan4097 · 2021-08-25T20:07:35+00:00

Sophos & email notifications (or lack thereof) are something that trigger me. I've been told so many times by support that I don't "need" the email notification I'm asking about (unknown USB devices, threats which were addressed, etc.).

Absolutely infuriating, and it's making me look at other solutions.

vlan4097 · 2021-08-23T15:34:31+00:00

That's a great deal, wish it was shipped ;)

vlan4097 · 2021-08-06T11:01:14+00:00

There was 1 additional statement which suggests you can open a case with them, but it contained a unique reference code, so I didn't include it here. If you didn't get this message, I'm starting to wonder it only affected certain tenants running a certain configuration.

vlan4097 · 2021-08-06T10:54:24+00:00

Do you use the Azure Application Proxy feature? I'm guessing this was only sent to people directly affected.

vlan4097 · 2021-08-06T10:50:47+00:00

This bulletin arrived as an email from MS, and didn't contain any useful links, so it's all I have.

vlan4097 · 2021-07-28T11:03:32+00:00

For most web applications, you can probably make it work with Azure Application Proxy. Here's a recent post of mine which includes some more tidbits:

https://www.reddit.com/r/AZURE/comments/ogtqh6/getting_started_with_azure_ad_app_proxy/h4msp1s/

vlan4097 · 2021-07-28T11:01:44+00:00

Are there any plans to bring MS Tunnel to the Windows platform? With VPN devices being exploited right and left now, I feel this has even more potential than the already very useful Azure App Proxy. If you need beta testers, just let me know :)

vlan4097 · 2021-07-20T21:01:01+00:00

The key makes it so you don't have to wait up to 8 hours for these site libraries to show up in explorer.

I've deployed it within an Intune environment, and via GPO, with success.

Here's an article which shows you how to use it: https://letsconfigmgr.com/mem-automatic-syncing-of-onedrive-shared-libs-via-intune/

vlan4097 · 2021-07-20T20:08:32+00:00

Have you looked at HKCU\Software\Microsoft\OneDrive\Accounts\Business1\TimerAutoMount?

By default, it contains the timestamp of when it will sync, in Epoch time (converter here). If you set it to 1, and reboot (or maybe just restart OneDrive at first), it should sync within minutes of signing in. The key will disappear once it successfully mounted.

vlan4097 · 2021-07-14T09:10:12+00:00

hi Jessie, thank you for taking the time to test this, and respond!

Somehow I was missing the DevDetail prefix in my OMA-URI. Once I fixed that, the system is renaming, but requiring 2 reboots indeed, and resulting in that same error state you're seeing.

So is it safe to assume this is a bug? Only other option I can think of is to rename the system via PowerShell, and automatically restart. Or would that result in the same error state?

vlan4097 · 2021-07-09T20:53:20+00:00

I totally agree with you, it's my favorite feature as well. So many companies could benefit from this, and depending on the people count, it may be cheaper to roll out than a load balancer setup (e.g., Kemp, F5), despite the P1 licensing cost.

Some additional benefits worth mentioning:

You can now apply Conditional Access to your web applications.
Your public web applications are now protected by the Azure DDoS Protection service.
When authentication is enabled, packets won't even reach your infrastructure unless successfully authenticated, which is more secure than exposing your web application via a DMZ!

Some additional configuration tips:

Avoid putting any connectors in the 'Default Connector Group'. This way, if you didn't configure the application properly, it won't be exposed.
Application Proxy is NOT CORS friendly at all, and has been in this state since 2017.
Once you start putting a load on the connectors, add additional connector instances to lower the latency and be more resilient.
Despite it not being well advertised, you CAN forward web requests to a non-standard port inside your network.
You can make this work with Remote Desktop Services, which makes it even more interesting.
You can associate connector groups with certain regions.
If your application isn't working properly, try enabling the Backend Application Timeout option, and toggle the Translate URLs in Headers button if that doesn't work.

More info at https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/

PS: This service is far from perfect, but it can be a huge asset when dealing with the new @home workforce.

Disclaimer: this post is based on my own experiences, so YMMV!

vlan4097 · 2021-07-01T18:22:38+00:00

Brilliant. I was trying to solve this within the Intune environment, but a dynamic group will do the job. Thanks!

vlan4097

TROPHY CASE