Anyone feel like MSFT is missing the mark lately. All of these were in JMF with low level detections. On user submission, threats found and brand impersonation found.

admin.microsoft.com/Adminportal/...

This will speed up a LOT of investigative efforts, I imagine. Awesome stuff to see from MSFT!

An improved approach to blocking Direct Send Abuse Guest post By Chris Lehr Executive Summary If you are a Microsoft 365 customer and you are seeing an uptick of spam and phish emails sent to your domain, but also from your domain that seem to be g…

Little late on posting this out, but I wrote a blog on auditing and blocking Direct Send in Exchange Online using MDO tools to audit and EXO ETRs to block. Enjoy and let me know any changes you'd recommend! thecloudtechnologist.com/2025/08/09/a...

It looks like the cat thinks he is wearing the hat.

I need one of these birbs

EXO ETR to quarantine DirectSend emails (sample, use with care/caution/and lighter handed actions than the picture!

bsky.app/profile/chri...

bsky.app/profile/chri...

KQL to review #DirectSend abuse

EmailEvents​
| where SenderMailFromDomain == RecipientDomain​
| where isempty(Connectors)​
| where DeliveryAction !in ("Junked", "Blocked")​
| extend AuthenticationDetails = parse_json(AuthenticationDetails)​
| where AuthenticationDetails.DMARC == "fail"​

Hey Brian - haven't written since I left twitter. Cannot believe this is happening. Heartfelt gratitude from us to you and all in the Colbert family. I hope yall take the kid gloves off + let the lawyers deal with whatever yall do the next few months. Also, avoid tall buildings and open windows.

Holy shit. Lumen is down so bad you cannot get to their web site. Wonder if this has to do with the at&t purchase and transition?

FYI XE, XJ and XS are no longer valid ISO country codes for MSFT Antispam inbound policies. If you chose to use these at some point in the future, you will find your antispam policy is no longer editable. To fix:

set-hostedcontentfilterpolicy -regionblocklist {@remove="XJ","XS","XE"}

@xsalazar.bsky.social love the elevator tracker. Please consider a “is the 17th underpass usable” tracker!

Introducing Exchange Online Tenant Outbound Email Limits | Microsoft Community Hub We’re introducing new tenant-level outbound email limits (also known as the Tenant External Recipient Rate Limit or TERRL).  

New EXO Tenant limits coming soon. techcommunity.microsoft.com/blog/exchang...

TIL - those times when it says block but the message inboxed is answered right here.

Strengthening Email Ecosystem: Outlook’s New Requirements for High‐Volume Senders | Microsoft Community Hub Introduction In an era where email remains one of the most widely used tools for personal and business communications, Outlook is stepping up its commitment...

May 5th MSFT will Junk messages not meeting these requirements - generally aligning with the Google/Yahoo requirements here. If your domain sends 5000+ emails per day, make sure your SPF, DKIM and DMARC are configured and aligned correctly!

techcommunity.microsoft.com/blog/microso...

Microsoft Defender for Office 365: Enhancing page load performance - M365 Admin Microsoft Defender for Office 365 is enhancing page load performance to address user feedback on latency. Phase 1, starting in late March 2025 and ending by late June 2025, targets improvements in Sub...

This is fantastic news - email entity, threat explorer and policy pages have been notably slow in some tenants in recent months. Nice to see it is getting attention. m365admin.handsontek.net/microsoft-de...

Obama finally upgraded from his BlackBerry But he still wants something better

hah - came to see your take. Less than 10 years ago, Obama was "finally allowed" to get an iPhone. That Tim Apple cannot be trusted. www.theverge.com/2016/6/11/11...

Obama finally upgraded from his BlackBerry But he still wants something better

Its been less than 10 years since Obama was "allowed" to use an iPhone and today our government accidentally sent war plans to a reporter over Signal. We've come so far!! www.theverge.com/2016/6/11/11...

Bravo - Allowing admins to add allows to their allow list. Finally.

Ditching that Felon

Any recommendations aside from this one? Sort of abandoning some media and looking for advice.

Peron on a bike in a BIKE LOUD t-shirt, surrounded by other people on bikes.

There are 2 good reasons to join #BikeLoud

1️⃣By giving, you show you value safe streets. In the very contested arena of street use, our leaders take note. We want to be a formidable force for streets that function well for all of us

2️⃣We sponsor lots of fun events
secure.lglforms.com/form_engine/...

If you are an IT Pro or in InfoSec check out the #kql queries from this book at github.com/KQLMSPress/d.... Pick yourself up a copy with that extra Santa money. Thanks for the shout out @k0grad.bsky.social.

Love everything about this!

See the top domains your Microsoft 365 users send email to. #KQL
EmailEvents
| where EmailDirection == "Outbound"
| extend recipientdomain = split(RecipientEmailAddress, '@')[1]
| project recipientdomain
| summarize count()by tostring(recipientdomain)

I'd love to buy like a bunch of sweepers and hire out a team of riders but have no idea how to make that happen. The up front costs on the sweepers is pretty high but I've pulled one, they are amazing. I wish BikeLoud campaigned more that theirs is FREE FOR MEMBERS TO USE, yet it sits mostly idle

Neat - using a custom domain name here was pretty simple to set up. @chrislehr.com to tag me now.

Enabling DANE in Microsoft 365 Exchange Online Microsoft announced support for DANE this year, and there isn’t really much reason to NOT implement this, but there are a few requirements that might be difficult for organizations to meet. T…

My first blog post of 2024 - implementing DANE in Microsoft 365 using DNSSEC #DANE #ExchangeOnline #Microsoft365 #EXO #Defender musings365.com/2024/11/21/e...