News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Office 365 rant

    Home Forums Outside the box Rants Office 365 rant

    Viewing 9 reply threads
    • Author
      Posts
      • #2314025
        doriel
        AskWoody Lounger

        Hello everyone. So part of the company made a step and moved to Office 365. Microsoft 365. Junk 356.

        Immediatelly after migration last week, mail spoofing and phishing attacks increased by hundreds of percents. This product IS SO AWESOME AND SAFE!!!

        Now our management came with the idea, that emails from external addresses are attached as .MSG files.
        So we cant search through these messages.

        I knew that this will happen, no matter what Microsoft PR department is trying to sell us, I simply do not buy it because IT IS NOT TRUE, ITS JUST MARKETING! 365 junk.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        5 users thanked author for this post.
      • #2314264
        Paul T
        AskWoody MVP

        How does changing your software cause other people to send you phishing emails? Is it not just a coincidence?

        cheers, Paul

        • #2314267
          doriel
          AskWoody Lounger

          Thanks for the question, but changing SW is not all it takes. There is Office Admin Center in the cloud. Administration is not dne locally but its a service as a cloud (imagine something like MS Azure) and you can access your email via web interface. Thats the weak spot. By my opinion the cloud solution is to blame. Better to have administration within own (protected) domain instead of cloud solution.
          I really doubt its a coincidece, but I may be mistaken. Thats why I put this into rants forum.
          PS – people send phishing emails? Arent those done by some PHPmailer or something like that? Just asking, I am curious and I want to know more.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          • #2314298
            mn–
            AskWoody Lounger

            Actually… it’s quite possible to detect service moves.

            There’s a little security implication in RFC1912 in that it recommends a way of constructing the zone “serial number” that contains the date of last change.

            Therefore, recent SOA record of mail domain + MX in 365 + recent RFC1912-type serial means higher probability of a new tenant, so a good target…

            Even more so if you also have an invalid or weird-looking SPF record, means probably transition in progress.

            And transition probably means confused users who therefore are easier targets than usual.

            And if someone’s planning on doing targeted or semi-targeted attacks, well, it’s sort of cheap to script DNS lookups say once or twice per day on a list of target candidates, and flag when there’s a change… even without a date of change embedded in the zone serial.

            3 users thanked author for this post.
          • #2315941
            Susan Bradley
            Manager

            The issue is not the cloud, the issue is how it’s set up and possibly the license you got.

            1. you want to go through this checklist – The Exchange Online Best Practices Checklist.docx (sharepoint.com) to lock down older protocols
            2. You want to turn on mfa
            3. You want to ensure Advanced threat protection is properly enabled – which includes enabling DKIM and all that

            The idea that you can do an on premise mail server cheaper – between the cost of licenses, and servers, and with the demise of Small Business Server, I’d beg to differ.

            Susan Bradley Patch Lady

            1 user thanked author for this post.
            • #2315969
              mn–
              AskWoody Lounger

              The idea that you can do an on premise mail server cheaper – between the cost of licenses, and servers, and with the demise of Small Business Server, I’d beg to differ.

              Depends on what you count for that.

              There’s a bit of a difference between “an on-premise mail server”, and a full-function “groupware” server (mail and calendar, contacts, etc) like Exchange.

              Bare email is feasible with all free software and quite minimal hardware these days. (Would of course need a backup MX or two, storage for the mailboxes and…)

              Now, all-free open source groupware server software with calendaring and all that does exist, but I can’t imagine anyone having to count working hours actually deciding to not get the support subscriptions at least for production use… so…

              You’d probably need to have hundreds of users (and multiple sites) before on-premises solutions would have a chance of breaking even, currently.

              So, yes. From way over here, Microsoft’s 365 pricing is cheap enough to look suspicious. And the various reported data breach and compliance hassles really don’t help that part.

              • #2316009
                Susan Bradley
                Manager

                It’s all in the configuration.  number 1 thing to make you more secure:  USE TWO FACTOR. (yes I’m shouting)  it really does make a huge difference.  Next turn off legacy protocols like imap, pop, etc.  These two things are HUGE.  When I talk about a mail server I mean an application like Outlook that works with Word and Excel and QuickBooks.  Something that allows you to set default mail clients, works and doesn’t depend on me trying to search forums for how to get it all working.  Open source works if you know how to code.  I don’t.

                Susan Bradley Patch Lady

              • #2316212
                doriel
                AskWoody Lounger

                More about this O365. I dont know if you want to answer this, nothing persnal here. I thank you for all your effort you do for us. We really appreciate. But for me its all about angle of view. I simply do not agree with Cloud being safer than on promise.
                Thank you once again – for the checklist and for those three points, they look like fundaments, that need to be met to ensure best security. Good advices.

                I read that checklist and I dont want to post off-context quotes here, but few things came to my mind. The complexity of this is great.
                – Its nothing easy and it has lot to learn, I see very lot of functions and adons on the description of Exchange Online. Including integration into Outlook client.
                – Thats good, cause according to the check list there is no more the option to “Remember my credentials” and I cant imagine people going through MFA multiple times when accessing their mail. that would be suicidal.
                – Also I should download some .ps1 scripts from gitHub and run them on my server? Checksums are mighty weapon, but.. I would be very carefull on a server.
                I could continue, but there is no need, because I dont have as much knowledge as needed.

                I know that I should move forward and stay in touch with latest technology. I want to and I try. I did try Azure (it was free for some time, so I created one). And I quite liked it! But I relly disagree with all statements how Cloud soulutions are more secure. They are if you set them so. Same with on-premise. Something stored on multiple dataceters cannot be more safe, that something stored locally and backed up on tapes.

                This does not have one solution. Its not black and white, there are at least 50 shades of gray 🙂

                Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

                HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      • #2314279
        Paul T
        AskWoody MVP

        Looks like coincidence to me. And yes, bots send the mail – it’s people behind the bots so as a generalisation it’s fine (subtleties of English).

        cheers, Paul

        1 user thanked author for this post.
      • #2314281
        Alex5723
        AskWoody Plus

        So part of the company made a step and moved to Office 365. Microsoft 365. Junk 356.

        Your are probably aware that Microsoft monitors all Office 365/Microsoft 365 data and has a direct access to it, and transfers data to the FBI, NSA.. even for non-US users ?

        Microsoft shares banking data of Indian customers with US Intelligence agencies

        • This reply was modified 1 month, 3 weeks ago by Alex5723.
        3 users thanked author for this post.
        • #2314286
          doriel
          AskWoody Lounger

          I am not not aware, maybe you have more accurate information. And I have no possibility to know, what is happening “behind the scenes”. I can only interpret what big players are saying (MSFT, Google, Apple, Samsung, ..)

          And I think that nobody publicly admits he has problems/sells data these days. Its a pity, because honesty is part of good manners. Without honesty, civilisation is just bunch of savages, that tries to trick each other.

          And last note: since our email accounts are exposed somewhere in the cloud, I would bet my half year sallary, that some malware can snoop these accounts/data/addresses from the server. In our own infrastructure, I consider all data safe behind firewall. In the cloud not. Thats why I do not agree with angle of view of @Paul_T. Nothing personal here.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          2 users thanked author for this post.
          • #2314380
            bbearren
            AskWoody MVP

            In our own infrastructure, I consider all data safe behind firewall. In the cloud not.

            If you have an email server within your own infrastructure to handle all intranet email, yes, it is secure behind your firewall.

            However, any email exchanges outside your own infrastructure (clients/contractors/suppliers) via the internet is going through “the cloud”, and is not protected by your firewall.

            Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
            "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
            "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

            • #2315018
              doriel
              AskWoody Lounger

              That is correct, in the past we used exchange server only. And there was also communication with people outside organisation. But we added some emails to our address pool by creating 0365 accounts.
              Apart of Office365, you cannot access our emails outside domain, unless you are on a VPN, we do not use web interface (like OWA) to connect to our emails, thus I considered that as safe. You can access our email whenever we want in your smart phones, if we need it.
              Usually, FW blocked 10-100 a day messsages with unwanted links in it. When we created these online accounts, statistic looks more like 100 – 1000 per day.
              I say: someone can register with our email to some e-shop and it can cause this peak, but this looks like too much coincidence. Or maybe number of attacks/spam/whatever increased in the whole world. I dont know.
              Thank you for your opinion.

              Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

              HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        • #2314366
          b
          AskWoody Plus

          Your are probably aware that Microsoft monitors all Office 365/Microsoft 365 data and has a direct access to it, and transfers data to the FBI, NSA.. even for non-US users ?

          Microsoft shares banking data of Indian customers with US Intelligence agencies

          “We never provide customer data unless we receive a legally valid warrant, order or subpoena about specific accounts or individual identifiers that we have reviewed and considered legally appropriate and consistent with the rule of law and our Microsoft principles.”

          Which similar services do not comply with legally valid warrants?

      • #2314381
        Alex5723
        AskWoody Plus

        “We never provide customer data unless we receive a legally valid warrant, order or subpoena about specific accounts or individual

        No US judge or FBI.. have any authority regarding data of non-US banks, accounts…

        • #2314404
          b
          AskWoody Plus

          No US judge or FBI.. have any authority regarding data of non-US banks, accounts…

          Unless the data is stored within the US?

          (I’ll assume you agree that all similar services comply with legally valid warrants.)

          • #2314440
            mn–
            AskWoody Lounger

            Yes, that’s exactly the problem here.

            Microsoft was earlier found to illegally transfer certain non-US data to US servers. They said it was by honest mistake though…

            Not that Microsoft is alone in that either.

            Really waiting for someone to actually bother enough to build up a high-profile court case.

            1 user thanked author for this post.
      • #2314427
        Elly
        AskWoody MVP

        Just a non-technical observation- different e-mail clients use different spam filters, which usually need some ‘training’ when initially implemented.

        I’d be checking what was filtered out into spam/trash to see if you are losing any legit communications, as well.

        As people correctly label the received mail, the spam filter will become more accurate, and you will see less unwanted mail…

        Non-techy Win 10 Pro and Linux Mint experimenter

        • #2314452
          OscarCP
          AskWoody Plus

          Ellis: “I’d be checking what was filtered out into spam/trash to see if you are losing any legit communications, as well.

          From my own experience, this definitely can happen, so one should always check the Junk folder contents before deleting them. In my case, this seems to happen mainly with messages from correspondents overseas. But it also, now and then, happens in reverse, with my messages sometimes ending in the Junk mail of my foreign correspondents.

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          1 user thanked author for this post.
      • #2315026
        Alex5723
        AskWoody Plus

        Unless the data is stored within the US?

        The data in the Indian banks hasn’t been stored in the US.

      • #2315872
        niv.dolgin
        AskWoody Plus

        Sounds like you need to configure EOP properly.

        Microsoft recommendations for EOP and Defender for Office 365 security settings, recommendations

        There’s even a config analyzer you should use to see what you’re missing:
        Configuration analyzer for security policies – Office 365 | Microsoft Docs

        2 users thanked author for this post.
        • #2315876
          doriel
          AskWoody Lounger

          Thank you, its evident, that you are more experienced than me, to be honest I have no clue what are talking about. And according to that link its quite complicated procedure, that non experienced user has no chance to set up properly while attempting for the first time.
          Maybe its not obvious to MSFT team, but other people have more things to do, than try to reapair Microsoft non-funtional products every sigle day.

          I dont want to spend another another two weeks configuring O365. I like O2010 and I will stay as long as possible, I strogly recommended our management to stay on O2010. Seems like our German management has some spare money, that they do not need and they want to give them away to Microsoft. Thats pity.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          1 user thanked author for this post.
      • #2315882
        anonymous
        Guest

        There are a lot of angry cloud fearful people on this post. I’m sorry to have found that. The cloud can be more secure than anything on-premises but it all depends on how you configure it. The tools are many but if you chose not to use them, then yes, you’ll not be surprised when you get loaded up with phishing, spam and all manner of garbage from the unwashed Internet.

        Here are a couple of articles to get you started. Microsoft 365 administration: Email rules for security and privacy (techgenix.com) and Microsoft 365 administration: Email security policies (techgenix.com)

        Hope this helps you in securing your new cloud environment.

        Moderator note: Edit for content. Please follow the –Lounge Rules 11. No advertising, except by explicit prior arrangement.

        • #2315915
          mn–
          AskWoody Lounger

          The cloud can be more secure than anything on-premises but it all depends on how you configure it.

          That part I really disagree with. Among other things, cloud security depends on trusting the cloud infrastructure provider, and Microsoft isn’t considered quite trustworthy enough by a lot of people.

          It’s fairly cheap to build an Office 365 cloud system that has better availability especially regarding local physical damage than anything single-site on-premises, but credible and proven prevention of unauthorized access is another thing. (Especially if you’re worried about actual international espionage…)

          I mean, just the other year, Microsoft was caught sending fragments of documents from European users direct to one of their teams in the US, unauthorized. As in “unknown” words from spelling check being sent to the spelling check team… and everyone knows that happens a lot with multilanguage documents.

          • #2316191
            doriel
            AskWoody Lounger

            I was thinking exactly about the same sentence since yesterday.

            The cloud can be more secure than anything on-premises but it all depends on how you configure it.

            I say: maybe those functions that are protecting cloud are more sophisticated. But it seems as logical to me as buying new Dodge Ram to save some space in your garage. And the more complex program is, the more holes are there. Nearly everyday some vulnerability is dicovered. Dont tell me, that data stored on multiple locations are safer. Encrypted maybe 🤷‍♂️

            I still wonder.. Nearly everyday we see information abou ransomeware attacks and so on the bleepingcomputer.com for example. And my question is: do these hacked companies rely purely on On-Premise or do they use cloud solutions?
            Cloud I say. And once again that is just too much coincidence to me. Of course I can be mistaken, of course I can.

            Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

            HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      • #2316302
        anonymous
        Guest

        I’ve never purchase Office 365 as I don’t believe in subscription products and, as a privacy buff, distrust Microsoft, the Cloud, etc.

        I’m decidedly low tech-  no cellphone- and am laughing at all of those who are upset that I don’t conform.  They’re the ones that are having all the privacy and data breach issues.

        Not that I don’t have the occasional issue- but that’s the price for I pay for being part of a database over which I have no control.

         

    Viewing 9 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Office 365 rant

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

?
This website collects data via Google Analytics. Click here to opt in. Click here to opt out.
×