![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Office 365 rant
Home › Forums › Outside the box › Rants › Office 365 rant
- This topic has 29 replies, 11 voices, and was last updated 3 weeks, 6 days ago.
Viewing 9 reply threads-
AuthorPosts
-
-
November 24, 2020 at 3:00 am #2314025
doriel
AskWoody LoungerHello everyone. So part of the company made a step and moved to Office 365. Microsoft 365. Junk 356.
Immediatelly after migration last week, mail spoofing and phishing attacks increased by hundreds of percents. This product IS SO AWESOME AND SAFE!!!
Now our management came with the idea, that emails from external addresses are attached as .MSG files.
So we cant search through these messages.I knew that this will happen, no matter what Microsoft PR department is trying to sell us, I simply do not buy it because IT IS NOT TRUE, ITS JUST MARKETING! 365 junk.
Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
5 users thanked author for this post.
-
November 25, 2020 at 2:00 am #2314264
Paul T
AskWoody MVP-
November 25, 2020 at 2:34 am #2314267
doriel
AskWoody LoungerThanks for the question, but changing SW is not all it takes. There is Office Admin Center in the cloud. Administration is not dne locally but its a service as a cloud (imagine something like MS Azure) and you can access your email via web interface. Thats the weak spot. By my opinion the cloud solution is to blame. Better to have administration within own (protected) domain instead of cloud solution.
I really doubt its a coincidece, but I may be mistaken. Thats why I put this into rants forum.
PS – people send phishing emails? Arent those done by some PHPmailer or something like that? Just asking, I am curious and I want to know more.Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
-
November 25, 2020 at 6:08 am #2314298
mn–
AskWoody LoungerActually… it’s quite possible to detect service moves.
There’s a little security implication in RFC1912 in that it recommends a way of constructing the zone “serial number” that contains the date of last change.
Therefore, recent SOA record of mail domain + MX in 365 + recent RFC1912-type serial means higher probability of a new tenant, so a good target…
Even more so if you also have an invalid or weird-looking SPF record, means probably transition in progress.
And transition probably means confused users who therefore are easier targets than usual.
And if someone’s planning on doing targeted or semi-targeted attacks, well, it’s sort of cheap to script DNS lookups say once or twice per day on a list of target candidates, and flag when there’s a change… even without a date of change embedded in the zone serial.
-
November 30, 2020 at 1:31 pm #2315941
Susan Bradley
ManagerThe issue is not the cloud, the issue is how it’s set up and possibly the license you got.
- you want to go through this checklist – The Exchange Online Best Practices Checklist.docx (sharepoint.com) to lock down older protocols
- You want to turn on mfa
- You want to ensure Advanced threat protection is properly enabled – which includes enabling DKIM and all that
The idea that you can do an on premise mail server cheaper – between the cost of licenses, and servers, and with the demise of Small Business Server, I’d beg to differ.
Susan Bradley Patch Lady
1 user thanked author for this post.
-
November 30, 2020 at 4:24 pm #2315969
mn–
AskWoody LoungerThe idea that you can do an on premise mail server cheaper – between the cost of licenses, and servers, and with the demise of Small Business Server, I’d beg to differ.
Depends on what you count for that.
There’s a bit of a difference between “an on-premise mail server”, and a full-function “groupware” server (mail and calendar, contacts, etc) like Exchange.
Bare email is feasible with all free software and quite minimal hardware these days. (Would of course need a backup MX or two, storage for the mailboxes and…)
Now, all-free open source groupware server software with calendaring and all that does exist, but I can’t imagine anyone having to count working hours actually deciding to not get the support subscriptions at least for production use… so…
You’d probably need to have hundreds of users (and multiple sites) before on-premises solutions would have a chance of breaking even, currently.
So, yes. From way over here, Microsoft’s 365 pricing is cheap enough to look suspicious. And the various reported data breach and compliance hassles really don’t help that part.
-
November 30, 2020 at 6:24 pm #2316009
Susan Bradley
ManagerIt’s all in the configuration. number 1 thing to make you more secure: USE TWO FACTOR. (yes I’m shouting) it really does make a huge difference. Next turn off legacy protocols like imap, pop, etc. These two things are HUGE. When I talk about a mail server I mean an application like Outlook that works with Word and Excel and QuickBooks. Something that allows you to set default mail clients, works and doesn’t depend on me trying to search forums for how to get it all working. Open source works if you know how to code. I don’t.
Susan Bradley Patch Lady
-
December 1, 2020 at 4:05 am #2316212
doriel
AskWoody LoungerMore about this O365. I dont know if you want to answer this, nothing persnal here. I thank you for all your effort you do for us. We really appreciate. But for me its all about angle of view. I simply do not agree with Cloud being safer than on promise.
Thank you once again – for the checklist and for those three points, they look like fundaments, that need to be met to ensure best security. Good advices.I read that checklist and I dont want to post off-context quotes here, but few things came to my mind. The complexity of this is great.
– Its nothing easy and it has lot to learn, I see very lot of functions and adons on the description of Exchange Online. Including integration into Outlook client.
– Thats good, cause according to the check list there is no more the option to “Remember my credentials” and I cant imagine people going through MFA multiple times when accessing their mail. that would be suicidal.
– Also I should download some .ps1 scripts from gitHub and run them on my server? Checksums are mighty weapon, but.. I would be very carefull on a server.
I could continue, but there is no need, because I dont have as much knowledge as needed.I know that I should move forward and stay in touch with latest technology. I want to and I try. I did try Azure (it was free for some time, so I created one). And I quite liked it! But I relly disagree with all statements how Cloud soulutions are more secure. They are if you set them so. Same with on-premise. Something stored on multiple dataceters cannot be more safe, that something stored locally and backed up on tapes.
This does not have one solution. Its not black and white, there are at least 50 shades of gray 🙂
Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
-
-
-
-
November 25, 2020 at 4:17 am #2314279
-
November 25, 2020 at 4:47 am #2314281
Alex5723
AskWoody PlusSo part of the company made a step and moved to Office 365. Microsoft 365. Junk 356.
Your are probably aware that Microsoft monitors all Office 365/Microsoft 365 data and has a direct access to it, and transfers data to the FBI, NSA.. even for non-US users ?
Microsoft shares banking data of Indian customers with US Intelligence agencies
-
This reply was modified 1 month, 3 weeks ago by
Alex5723.
3 users thanked author for this post.
-
November 25, 2020 at 5:06 am #2314286
doriel
AskWoody LoungerI am not not aware, maybe you have more accurate information. And I have no possibility to know, what is happening “behind the scenes”. I can only interpret what big players are saying (MSFT, Google, Apple, Samsung, ..)
And I think that nobody publicly admits he has problems/sells data these days. Its a pity, because honesty is part of good manners. Without honesty, civilisation is just bunch of savages, that tries to trick each other.
And last note: since our email accounts are exposed somewhere in the cloud, I would bet my half year sallary, that some malware can snoop these accounts/data/addresses from the server. In our own infrastructure, I consider all data safe behind firewall. In the cloud not. Thats why I do not agree with angle of view of @Paul_T. Nothing personal here.
Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
-
November 25, 2020 at 12:58 pm #2314380
bbearren
AskWoody MVPIn our own infrastructure, I consider all data safe behind firewall. In the cloud not.
If you have an email server within your own infrastructure to handle all intranet email, yes, it is secure behind your firewall.
However, any email exchanges outside your own infrastructure (clients/contractors/suppliers) via the internet is going through “the cloud”, and is not protected by your firewall.
Create a fresh drive image before making system changes/Windows updates, in case you need to start over!"When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns"Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware-
November 26, 2020 at 1:11 am #2315018
doriel
AskWoody LoungerThat is correct, in the past we used exchange server only. And there was also communication with people outside organisation. But we added some emails to our address pool by creating 0365 accounts.
Apart of Office365, you cannot access our emails outside domain, unless you are on a VPN, we do not use web interface (like OWA) to connect to our emails, thus I considered that as safe. You can access our email whenever we want in your smart phones, if we need it.
Usually, FW blocked 10-100 a day messsages with unwanted links in it. When we created these online accounts, statistic looks more like 100 – 1000 per day.
I say: someone can register with our email to some e-shop and it can cause this peak, but this looks like too much coincidence. Or maybe number of attacks/spam/whatever increased in the whole world. I dont know.
Thank you for your opinion.Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
-
-
-
November 25, 2020 at 12:06 pm #2314366
b
AskWoody PlusYour are probably aware that Microsoft monitors all Office 365/Microsoft 365 data and has a direct access to it, and transfers data to the FBI, NSA.. even for non-US users ?
Microsoft shares banking data of Indian customers with US Intelligence agencies
“We never provide customer data unless we receive a legally valid warrant, order or subpoena about specific accounts or individual identifiers that we have reviewed and considered legally appropriate and consistent with the rule of law and our Microsoft principles.”
Which similar services do not comply with legally valid warrants?
-
This reply was modified 1 month, 3 weeks ago by
-
November 25, 2020 at 1:00 pm #2314381
Alex5723
AskWoody Plus-
November 25, 2020 at 2:57 pm #2314404
b
AskWoody PlusNo US judge or FBI.. have any authority regarding data of non-US banks, accounts…
Unless the data is stored within the US?
(I’ll assume you agree that all similar services comply with legally valid warrants.)
-
November 25, 2020 at 6:07 pm #2314440
mn–
AskWoody LoungerYes, that’s exactly the problem here.
Microsoft was earlier found to illegally transfer certain non-US data to US servers. They said it was by honest mistake though…
Not that Microsoft is alone in that either.
Really waiting for someone to actually bother enough to build up a high-profile court case.
1 user thanked author for this post.
-
-
-
November 25, 2020 at 3:54 pm #2314427
Elly
AskWoody MVPJust a non-technical observation- different e-mail clients use different spam filters, which usually need some ‘training’ when initially implemented.
I’d be checking what was filtered out into spam/trash to see if you are losing any legit communications, as well.
As people correctly label the received mail, the spam filter will become more accurate, and you will see less unwanted mail…
Non-techy Win 10 Pro and Linux Mint experimenter
-
November 25, 2020 at 7:10 pm #2314452
OscarCP
AskWoody PlusEllis: “I’d be checking what was filtered out into spam/trash to see if you are losing any legit communications, as well. ”
From my own experience, this definitely can happen, so one should always check the Junk folder contents before deleting them. In my case, this seems to happen mainly with messages from correspondents overseas. But it also, now and then, happens in reverse, with my messages sometimes ending in the Junk mail of my foreign correspondents.
Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)
1 user thanked author for this post.
-
-
November 26, 2020 at 1:32 am #2315026
-
November 30, 2020 at 7:55 am #2315872
niv.dolgin
AskWoody PlusSounds like you need to configure EOP properly.
Microsoft recommendations for EOP and Defender for Office 365 security settings, recommendations
There’s even a config analyzer you should use to see what you’re missing:
Configuration analyzer for security policies – Office 365 | Microsoft Docs-
November 30, 2020 at 8:06 am #2315876
doriel
AskWoody LoungerThank you, its evident, that you are more experienced than me, to be honest I have no clue what are talking about. And according to that link its quite complicated procedure, that non experienced user has no chance to set up properly while attempting for the first time.
Maybe its not obvious to MSFT team, but other people have more things to do, than try to reapair Microsoft non-funtional products every sigle day.I dont want to spend another another two weeks configuring O365. I like O2010 and I will stay as long as possible, I strogly recommended our management to stay on O2010. Seems like our German management has some spare money, that they do not need and they want to give them away to Microsoft. Thats pity.
Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
1 user thanked author for this post.
-
-
November 30, 2020 at 8:58 am #2315882
anonymous
GuestThere are a lot of angry cloud fearful people on this post. I’m sorry to have found that. The cloud can be more secure than anything on-premises but it all depends on how you configure it. The tools are many but if you chose not to use them, then yes, you’ll not be surprised when you get loaded up with phishing, spam and all manner of garbage from the unwashed Internet.
Here are a couple of articles to get you started. Microsoft 365 administration: Email rules for security and privacy (techgenix.com) and Microsoft 365 administration: Email security policies (techgenix.com)
Hope this helps you in securing your new cloud environment.
Moderator note: Edit for content. Please follow the –Lounge Rules 11. No advertising, except by explicit prior arrangement.
-
November 30, 2020 at 11:52 am #2315915
mn–
AskWoody LoungerThe cloud can be more secure than anything on-premises but it all depends on how you configure it.
That part I really disagree with. Among other things, cloud security depends on trusting the cloud infrastructure provider, and Microsoft isn’t considered quite trustworthy enough by a lot of people.
It’s fairly cheap to build an Office 365 cloud system that has better availability especially regarding local physical damage than anything single-site on-premises, but credible and proven prevention of unauthorized access is another thing. (Especially if you’re worried about actual international espionage…)
I mean, just the other year, Microsoft was caught sending fragments of documents from European users direct to one of their teams in the US, unauthorized. As in “unknown” words from spelling check being sent to the spelling check team… and everyone knows that happens a lot with multilanguage documents.
-
December 1, 2020 at 1:55 am #2316191
doriel
AskWoody LoungerI was thinking exactly about the same sentence since yesterday.
The cloud can be more secure than anything on-premises but it all depends on how you configure it.
I say: maybe those functions that are protecting cloud are more sophisticated. But it seems as logical to me as buying new Dodge Ram to save some space in your garage. And the more complex program is, the more holes are there. Nearly everyday some vulnerability is dicovered. Dont tell me, that data stored on multiple locations are safer. Encrypted maybe 🤷♂️
I still wonder.. Nearly everyday we see information abou ransomeware attacks and so on the bleepingcomputer.com for example. And my question is: do these hacked companies rely purely on On-Premise or do they use cloud solutions?
Cloud I say. And once again that is just too much coincidence to me. Of course I can be mistaken, of course I can.Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
-
-
-
December 1, 2020 at 2:00 pm #2316302
anonymous
GuestI’ve never purchase Office 365 as I don’t believe in subscription products and, as a privacy buff, distrust Microsoft, the Cloud, etc.
I’m decidedly low tech- no cellphone- and am laughing at all of those who are upset that I don’t conform. They’re the ones that are having all the privacy and data breach issues.
Not that I don’t have the occasional issue- but that’s the price for I pay for being part of a database over which I have no control.
-
December 24, 2020 at 11:52 pm #2322567
WSMRCS
AskWoody LoungerBest post yet, anonymous Guest.
This topic got awfully quiet after SolarWinds.“If it had been using Office 365 for email, it would have been game over.”
Are memories so short these days that we need the constant reminders.
-
This reply was modified 3 weeks, 6 days ago by
Susan Bradley.
-
This reply was modified 3 weeks, 6 days ago by
WSMRCS.
-
This reply was modified 3 weeks, 6 days ago by
WSMRCS.
1 user thanked author for this post.
-
December 25, 2020 at 1:28 am #2322594
Paul T
AskWoody MVP“If it had been using Office 365 for email, it would have been game over.”
You are using that quote out of context and there is not a problem with O365 mail.
The attackers gained access through a 3rd party, not via O365 mail.
cheers, Paul
-
December 25, 2020 at 2:47 am #2322612
WSMRCS
AskWoody LoungerPaul, that was old info. Follow some of the links.
SolarWinds Hack Compromised 40-plus Microsoft Customers
https://www.crn.com/news/security/solarwinds-hack-compromised-40-plus-microsoft-customers
Microsoft Breached Via SolarWinds As Scope Of Destruction Widens: Report
https://www.crn.com/news/security/microsoft-breached-via-solarwinds-as-scope-of-destruction-widens-report?itc=refresh
Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny
https://www.crn.com/news/security/microsoft-s-role-in-solarwinds-breach-comes-under-scrutiny-
December 25, 2020 at 2:55 am #2322615
-
December 25, 2020 at 3:27 am #2322621
-
December 25, 2020 at 3:36 am #2322622
-
December 25, 2020 at 4:43 am #2322628
WSMRCS
AskWoody LoungerIt goes without saying that once your system, or the system you’re a part of, is breached, you’re s******. But, I believe the upshot of the discussion became where are you better off. If you plan on not doing anything or don’t know anything about security, then I would agree that someone is better off with the cloud.
Otherwise, who is the bigger or more likely target:
1) Microsoft with thousands of clients or, like most of us, someone smaller than MS with just themselves or a comparably few clients.
2) 63% of break-ins are inside jobs (that’s an old number) and all of the security software and measures in the world is not going to help you. MS and other companies like them have thousands of employees, whereas most companies are much smaller and most of the employees are known to those responsible for the company’s security.
-
-
-
This reply was modified 3 weeks, 6 days ago by
-
-
-
AuthorPosts
Viewing 9 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
Alex5723 on Privacy : Signal, Apple’s own iMessage, WhatsApp and Facebook Messenger.
16 minutes agoFred on Aren't these the greatest performances of classical music?
19 minutes agoPKCano on How to put a picture ("Avatar") on your replies
32 minutes agoAlex5723 on User Feed Synchronization – Disable/Delete Task?
1 hour, 42 minutes agoAlex5723 on Adobe Flash Not working for School test
1 hour, 53 minutes agoRick Corbett on User Feed Synchronization – Disable/Delete Task?
2 hours, 12 minutes agoWSChrissue on Adobe Flash Not working for School test
2 hours, 16 minutes agodoriel on Windows 10X and its purpose
2 hours, 36 minutes agoanonymous on Permission on public desktop gets reset
3 hours, 23 minutes agoPaul T on Doesn’t like external FAT32 HDD
5 hours, 11 minutes agoPaul T on So I opened up an HP and where’s the hard drive?
5 hours, 41 minutes agoCarl D on So I opened up an HP and where’s the hard drive?
5 hours, 44 minutes agoGoneToPlaid on Hard Drive at 100% usage
5 hours, 47 minutes agoanonymous on Accessing Old Laptop HD
5 hours, 55 minutes agoanonymous on Why won’t Task Scheduler launch Office product
5 hours, 56 minutes agoPaul T on So I opened up an HP and where’s the hard drive?
5 hours, 59 minutes agoMichael Austin on Which version of MS Office should we buy and where can we get it?
6 hours, 24 minutes agoMichael Austin on Need a Great Rules Add-in for Outlook 2019
6 hours, 31 minutes agotechweenie on So I opened up an HP and where’s the hard drive?
6 hours, 55 minutes agoGoneToPlaid on So I opened up an HP and where’s the hard drive?
6 hours, 57 minutes agoanonymous on So I opened up an HP and where’s the hard drive?
7 hours, 25 minutes agoDrcard:)) on Why won’t Task Scheduler launch Office product
7 hours, 33 minutes agodmitriy1980 on Hard Drive at 100% usage
7 hours, 42 minutes agoTom on So I opened up an HP and where’s the hard drive?
8 hours, 20 minutes agoSusan Bradley on Accessing Old Laptop HD
8 hours, 23 minutes agoSusan Bradley on How to STOP Outlook Hotmail config forcing signin to Office 2019
8 hours, 25 minutes agoBob99 on Hard Drive at 100% usage
8 hours, 27 minutes agoSusan Bradley on Which version of MS Office should we buy and where can we get it?
8 hours, 29 minutes agoanonymous on Susan recommending version 2004
8 hours, 33 minutes agoanonymous on So I opened up an HP and where’s the hard drive?
8 hours, 34 minutes ago
Recent Topics
-
Linux is now completely usable on the Mac mini M1
14 hours, 54 minutes ago
-
User Feed Synchronization – Disable/Delete Task?
1 hour, 43 minutes ago
-
AV Alert from JetAudio Plus
17 hours, 8 minutes ago
-
System Restore Stopped Working
18 hours, 55 minutes ago
-
Malwarebytes was targeted by SolarWinds hackers too
1 day, 3 hours ago
-
So I opened up an HP and where’s the hard drive?
5 hours, 41 minutes ago
-
Which version of MS Office should we buy and where can we get it?
6 hours, 24 minutes ago
-
Fiber optic not available; options please
11 hours, 22 minutes ago
-
Best W10-Pro updater program ?
1 day, 2 hours ago
-
Accessing Old Laptop HD
5 hours, 56 minutes ago
-
DNSpooq lets attackers poison DNS cache – A Patch
1 day, 15 hours ago
-
Nitro data breach – what does it mean to me?
1 day, 4 hours ago
-
Check Point : “FreakOut” malware exploits new Linux vulnerabilities
1 day, 16 hours ago
-
How to STOP Outlook Hotmail config forcing signin to Office 2019
8 hours, 26 minutes ago
-
Permission on public desktop gets reset
1 day, 17 hours ago
-
Surface Pro 4 & Win v2004 update fail
1 day, 16 hours ago
-
Extra USB Sound driver?
1 day, 2 hours ago
-
PNY Flash Drive Problem
13 hours, 48 minutes ago
-
Windows 10 bug crashes your PC when you access this location
2 days, 16 hours ago
-
Doesn’t like external FAT32 HDD
5 hours, 12 minutes ago
-
Why won’t Task Scheduler launch Office product
7 hours, 34 minutes ago
-
Susan recommending version 2004
8 hours, 33 minutes ago
-
Replace Images for Text in Word
2 days, 18 hours ago
-
Windows 10 internet connection freezes
2 days, 1 hour ago
-
Windows Defender In Win 10 Concern
19 hours, 33 minutes ago
-
Laptop with home and work networks
11 hours, 44 minutes ago
-
Top 40+ iOS 14 Tips and Tricks
3 days ago
-
What Linux is and why it has persisted
12 hours, 56 minutes ago
-
Find the cable modem that’s just right for your ISP
8 hours, 53 minutes ago
-
Four GB of RAM vanishes … but then reappears
12 hours, 2 minutes ago
Search for Topics
Recent blog posts
- So I opened up an HP and where’s the hard drive?
- What Linux is and why it has persisted
- Find the cable modem that’s just right for your ISP
- Four GB of RAM vanishes … but then reappears
- Wow! Even more Office updates!
- Giving you the choice
- Tasks for the weekend – January 16, 2021
- Zero day Windows 10 bug
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.