Microsoft

SMTP to Exchange Online

Posted on by Adam Fowler

SMTP is still needed by certain applications and devices, such as printers, which don’t support Modern Authentication and instead require legacy authentication to talk to a SMTP server.

You are able to use Exchange Online as an SMTP server, but this can be tricky to set up if you’ve hardened your environment by requiring Multi-factor authentication through Security Defaults or Conditional Access.

Microsoft have good documentation on “How to set up a multifunction device or application to send email using Microsoft 365 or Office 365” with the recommended approach to use SMTP, but you may need to poke some security holes through your environment.

Assuming you can get out through your firewalls on port 587 or 25 for SMTP, you’ll need to turn off Azure AD Security Defaults if you have them on. If you do this, understand what you’re turning off and rebuild those same settings in Conditional Access. If you have them off, then you should have Conditional Access policies already.

Personally, I have a ‘Block Legacy Authentication’ conditional access policy which as it says, blocks legacy authentication. For an account I want to send emails from via SMTP, I add it as an exception to this policy.

I then have a second policy ‘Allow Legacy Authentication Internal Only’ which I then target this user at, which still blocks legacy auth unless it’s coming from a trusted IP address. These two rules together then block all users from legacy auth, except the ones on the second policy, and then only if they’re coming from inside my network. The goal of this is to prevent anyone externally using spray attacks against accounts to gain a username and password – although they couldn’t log in anywhere beyond SMTP due to MFA policies, they could still start sending emails that would be from a legitimate email address.

If you have IPs restricted on Exchange Online connectors, that does not appear to affect SMTP auth and you shouldn’t need to add your internal IPs there.

The account you want to use for SMTP sending must have a mailbox license, I use ‘Exchange Online Plan 1’ for one of the cheaper options that is pure mailbox. The SMTP settings are listed here.

You also need to allow SMTP auth across your organisation (not ideal), or on a per account basis (much better security wise, plus it overrides the org default – so you can disable at org level and allow at account level). Microsoft Docs covers this in detail but the command (which requires connecting to Exchange Online via PowerShell first) to allow on a single mailbox is:

Set-CASMailbox -Identity [email protected] -SmtpClientAuthenticationDisabled $false

Once these policies and licenses is in place, you can test. The easiest way I found was a 1 liner PowerShell command. You must use the source mailbox’s account as the from address:

Send-MailMessage –From [email protected] –To [email protected] –Subject "Test Email" –Body "Test SMTP Service from Powershell on Port 587" -SmtpServer smtp.office365.com -UseSsl -Port 587 -credential $madeupvariable

When testing, I found that after changing the Conditional Access rules to let a specific account go through as legacy auth took several minutes. Azure AD logs also take several minutes to show auth attempts, so don’t rush and change too many things at once trying to do this.

Ideally, nobody would be using SMTP – but in the real world we still have to, so the above will at least keep login records in Azure AD, and limit it to trusted IPs, certain accounts, or any other Conditional Access rules you can come up with to reduce the risk of allowing this.

PowerShell Slow to Load and AutoFill

Posted on by Adam Fowler

I had this problem on a server for a while – when first launching PowerShell, it would take ~20 seconds or so to accept input. Also, when pressing tab to auto-complete a command, it would again take ~20 seconds to start, like it was freezing. These were one time problems when launching PowerShell, after that it would work fine until a new session was launched.

A lot of searching didn’t help me work it out, so I logged a Microsoft case. After a few task manager executable dumps, they worked out the delay was on a path I had in an environment variable. Somehow in my account’s user variable, I had a github desktop path that was mapping to a network share, using a PC name that was decommissioned (e.g. ;\\pcname\c$\Users\AdamFowler\AppData\Local\GitHubDesktop\bin.

I expect that this name was timing out, and PowerShell was waiting a while before giving up. In case you have the same symptoms as me, check the environment variables – user variables paths if it’s only your account affected, or the system variables if it’s all users. Click on the path value, then click edit, and remove anything that shoudn’t be there (take a backup of the text if you aren’t sure, it’s easy to put back in if you keep a copy).

To get to Environment Variables, depending on the OS version, get to System Properties, the Advanced tab, and then the Environment Variables button:

Hope that helps someone else with the same problem!

How to (really) factory reset a Poly CCX 500

Posted on by Adam Fowler

Hi,

Quick one here, I was testing a few Poly CCX 500 devices for Teams Calling, and wanted to do a factory reset.

The official documentation says:

Procedure

  1. Disconnect the power, then power on the Poly phone.
  2. As soon as the Poly logo shows on the screen, press and hold the four corners of the LCD display. Note: It may take several tries to get the timing right or to find the correct spots to press on the LCD display.
  3. Release the LCD display when the Mute indicator on the lower-right corner of the phone begins flashing red, amber, and green.

However, I tried this many times without success. Doing large crab claw fingers to cover the 4 corners of the screen was doing nothing beyond hurting my fingers.

I ended up working out it was a timing thing, and the Poly logo shows twice. It will first show, then go to a black screen for a second or two, then re-show the Poly logo. If you press the 4 corners before the Poly logo comes up for the second time – nothing happens. You have to press the 4 corners of the touch screen straight away AFTER the Poly logo has come up for the second time. It won’t register if you do it earlier, and leave your fingers in the right place.

They actually have a video showing this correctly:

https://community.polycom.com/t5/video/gallerypage/video-id/6198164788001

Hope this saves someone time! I assume this is the same for CCX 400, CCX 600, Poly Trio C60 etc but haven’t tested those.

Note the default admin password for these phones is ‘456’ and you should be changing this, which is easily done automatically via a Teams Configuration Profile

Organization Branding for Safe Link Warnings

Posted on by Adam Fowler

Two new little features have turned up for Safe Links as part of the Microsoft 365 Security & Compliance suite.

  • Display the organization branding on notification and warning pages

The first option is to show your organization’s branding on warning pages. This should help users identify that it’s a legitimate warning they’re seeing, as default Microsoft warning pages are often used by malicious actors to look legitimate themselves.

  • Use custom notification text

This lets you put a message that sounds like it’s actually from your own company when a webpage gets blocked. This means you can put in contact details or a process you want users to follow when they hit a site – which could be sending an email or calling helpdesk.

Here’s how the custom text and logo looks on a blocked page:

The custom branding will appear above this warning as a banner and a small logo for your company.

If you haven’t set up branding already, have a read on Microsoft Docs on how to do it for Azure AD and Microsoft 365 (do both!).

Is Bing Good Enough To Replace Google in Australia

Posted on by Adam Fowler

Interesting times in Australia, with a standoff between Google and the Australian Government about news revenue. Google has given mixed messages around if they’d completely pull their search engine out of the Australian market – we’ll have to wait and see what happens there.

The idea that Microsoft can fill the void with Bing has very mixed responses out there, and without any real evidence I’d say there’s much more of a negative view of Bing than positive. Ausdroid have a good summary of what’s being said so far:

https://ausdroid.net/2021/01/31/microsoft-to-scomo-we-can-fill-the-google-void-with-bing/

The last part of the article says

Personally, I am not sure Microsoft’s Bing search could fill the void. There is potential for it, but given how much Google and its services have been so entrenched into our society for decades, I think it will take time for Microsoft’s Bing to become the go-to search function Google is now, if it ever can.

https://ausdroid.net/2021/01/31/microsoft-to-scomo-we-can-fill-the-google-void-with-bing/

I agree that this is a fair take on the state of Bing. I’ve personally tried to use it a few times and had less than ideal results vs Google, but it’s been a while since I last tried. Let’s try again on some searches off the top of my head, and see what the results are (and honestly I don’t know what I’m searching for yet, none of this has been pre-planned trying to get to a particular outcome).

To be fair, I’ll use Microsoft Edge browser in InPrivate mode for Google searches, and Google Chrome in Incognito mode for Bing searches:

Search 1: ‘Adam Fowler’

Some different results on the main page, but scrolling down both have this website (yay). Google has more results on the first page that are actually me, but Google claims 53 million results, while Bing claims 4 million. That’s a huge difference – does it matter? I’m not sure…

Search 2: ‘windows search exited without properly closing your outlook data file’

I grabbed the last error I could find from a Windows PC and searched for it. Both engines came back with answers.microsoft.com then social.technet.microsoft.com as the first two hits, then the results are a bit mixed with both having reasonable results. I was expecting better results from Google based on my historical experience, so I’ll try another techie search next.

Search 3: ‘how to move user to skype for business online’

This is something I actually needed to do. The first result is the same again

Search3b: ‘move-csuser cannot find user in active directory with the following sip uri’

After following the instructions, I hit an error, so searched that on both options. The first result was different, both were correct, but the Bing result was a much clearer and better written article. Again, this wasn’t the outcome I had expected.

Search 4: ‘the good guys gepps cross

I remembered I needed a receipt for a Fridge I’d just bought – I’d normally search the store name and location in Google. The Google results nailed it, with the business info on the right hand side. Bing thought I was asking about the suburb and showed me where it was, but the first results are still useful – just not as useful as Google’s. This is the biggest area I’d like to see Bing do better in.

Search 4a: ‘mod pizzeria’

A local pizza shop that I like. Without defining anything but the name, Google again gives me all the details I want about the business. This time though, Bing did a better job. Below the irrelevant (for me based on my location) information on Mod Pizza (which is different to what I typed), the correct details were below about the business.

Search 5: ‘Google Chrome Download’

Let’s see if Google and Bing like each other. Both results fine, although the Bing ad I prefer with the actual ‘download’ button. Bing gave some encouragement to get Edge though which is a bit intrusive, but at least it’s clear it’s ‘Promoted by Microsoft’.

Search 5b: ‘Microsoft Edge Download’

Both engines giving the right link first up again which is good to see.

Search 6 – image search ‘Capybara’

This looks on par for both engines, both have the ability to filter by time/license/size etc.

Search 7 – Shopping ‘fridge’ and filtering to ‘Westinghouse

OK, here’s an area that Bing fails. All the results are from eBay AU and that’s it. Google however, shows a bunch of well known retailers in Australia. Google wins the Shopping section by a long way, and it doesn’t look like they’ve really focused on the Australian shopping market yet.

Search 8 – Videos: Lano and Woodley

An Australian comedy duo – how do the results look for a video search on them? Bing seems happy to give YouTube and Facebook results, while Google seems to prefer a few Australian websites with their clips on as well as YouTube. At a guess, Bing isn’t scraping Australian sites so well for video clips – but if you’re searching for Videos on a search engine, you’re probably wanting YouTube anyway. I think both engine results are fine here.

Overall, the results were a lot better than I expected. I’ll also still agree it’s not on par with Google yet, but with a focused effort it seems like an achievable goal.

Of course, I’ve only done a few tests, but personally I’m going to change my search engine to Bing and see if any frustrations come up – if they do, I’ll add it to this post.

Let’s see what happens!

Update 4th February 2021

Microsoft released a public statement which included this dot point:

We will invest further to ensure Bing is comparable to our competitors and we remind people that they can help, with every search Bing gets better at finding what you are looking for.

https://news.microsoft.com/en-au/2021/02/03/microsoft-supports-australian-government-proposal-addressing-news-media-and-digital-platforms/

Which to me sounds like they admit they might not be as good as Google in this space yet, but will put more effort into doing so. Let’s hope that happens.