Stay informed with the latest news, tips, and innovations for Office 365 and Exchange Server management. Priasoft delivers insights for IT success.

How To Tackle eDiscovery, Compliance, and Outlook PST Headaches with ease

, , , , , , ,
How To Tackle eDiscovery, Compliance, and Outlook PST

In the fast-paced world of legal proceedings, where time is critical and precision is a must, the challenges of eDiscovery have never been more important. Legal professionals often find themselves overwhelmed by mountains of email data, desperately searching for that crucial piece of evidence that could turn the tide in their favor.

Enter Super-ExMerge, your comprehensive solution for simplifying eDiscovery. In this excerpt, we explore how Super-ExMerge can transform your eDiscovery process, saving you time, preserving data integrity, and keeping your legal team ahead of the game.

Read more

Shhh…It’s a Secret: How Office 365 Secret Cloud Provides Top-Level Security

, , ,
Office365 Secret Cloud

Microsoft Office 365 is now available for US National Security Missions.

The Office 365 Secret Cloud provides a secure and compliant cloud environment for classified communications and collaboration. This capability is critical for national security agencies that need to protect sensitive information from cyber threats and foreign adversaries.

The Office 365 Secret Cloud is built on Microsoft’s Government Community Cloud (GCC) High infrastructure, which has been authorized by the Department of Defense (DoD) for Impact Level 5 (IL5) workloads. The IL5 designation means that the cloud environment is suitable for the most sensitive unclassified and classified information, including national security data.

One of the key benefits of the Office 365 Secret Cloud is that it enables collaboration and communication between different national security agencies. With traditional communication methods, it can be difficult to share information between agencies due to security concerns and restrictions. The Office 365 Secret Cloud allows authorized personnel from different agencies to securely collaborate and communicate in real-time, making it easier to share information and coordinate efforts.

The Office 365 Secret Cloud also provides a range of security features to protect classified information. These include multi-factor authentication, encryption at rest and in transit, and threat detection and response capabilities. In addition, Microsoft employs a dedicated team of security experts who monitor the environment 24/7 and respond to any security incidents that may occur.

The availability of the Office 365 Secret Cloud for US National Security Missions is a significant milestone for Microsoft and for the national security community. It demonstrates Microsoft’s commitment to providing secure and compliant cloud solutions for the most sensitive workloads, and it enables national security agencies to work more efficiently and effectively by providing a secure environment for collaboration and communication.

In conclusion, the Office 365 Secret Cloud is a game-changer for US National Security Missions. It provides a secure and compliant cloud environment for classified communications and collaboration, enabling national security agencies to work more efficiently and effectively. With the Office 365 Secret Cloud, authorized personnel from different agencies can securely collaborate and communicate in real-time, making it easier to share information and coordinate efforts. This capability is critical for protecting national security data from cyber threats and foreign adversaries.

Speak to an Engineer

To learn more or to start a project discussion – Request to speak to an Engineer.

Stay Ahead of the Game: Protecting Yourself from the Latest Outlook Security Threat

, , ,
_55b86715-32be-4623-924a-a83749dcac33

Microsoft Outlook is one of the most popular email clients used by millions of individuals and businesses worldwide and is the target of the latest Outlook Security Threat. It provides a user-friendly interface and advanced features for managing emails, calendars, tasks, and contacts. However, like any other software, Outlook is not immune to security vulnerabilities, and cybercriminals often target it to exploit such vulnerabilities for their nefarious activities.

Recently, Microsoft released a security advisory about a critical vulnerability that affects various versions of Microsoft Outlook on Windows and Mac operating systems. This vulnerability, tracked as CVE-2021-28482, is a remote code execution flaw that can enable an attacker to execute malicious code on the victim’s system by sending a specially crafted email to their Outlook account.

The vulnerability can be exploited when the user opens an email containing a specially crafted file that triggers the execution of the malicious code. Once executed, the attacker can take over the victim’s system, steal sensitive data, install malware, and carry out other cyber attacks.

To protect yourself from this vulnerability, it is essential to take the following steps:

  • Update your Outlook software immediately: Microsoft has released security patches for all affected versions of Outlook. Users should install the latest updates as soon as possible to prevent exploitation of the vulnerability. If you have enabled automatic updates, you may already have received the update. If not, check for updates and install them immediately.
  • Be cautious when opening emails from unknown senders or suspicious emails: To prevent exploitation of the vulnerability, it is crucial to be wary of any unsolicited emails or emails from unknown senders. If you receive an email from an unknown sender, do not open it and delete it immediately. If you receive an email with suspicious attachments, do not open the attachments or click on any links within the email.
  • Use antivirus software: Antivirus software can help prevent malicious code from executing on your system. It can detect and block malware and other cyber threats, including those that exploit vulnerabilities in Outlook.
  • Keep your operating system and other software up-to-date: Outdated software, including your operating system and other applications, can create security vulnerabilities that can be exploited by cybercriminals. Make sure to install updates regularly to keep your system secure.

In conclusion, the latest critical vulnerability in Microsoft Outlook highlights the importance of taking proactive steps to secure your system. By updating your software, being cautious when opening emails, using antivirus software, and keeping your operating system and other software up-to-date, you can help protect yourself and your data from cyber threats.

FBI warns of new email auto-forwarding scam targeting vulnerabilities in web based email clients amongst Covid19 Pandemic

,
_55b86715-32be-4623-924a-a83749dcac33

Scammers are exploiting auto-forwarding rules to boost the success rate of so-called Business Email Compromise (BEC) attacks, the FBI said in a statement.

BEC is a sophisticated scam targeting businesses that perform electronic payments such as wire or automated clearing house transfers. A cyber criminal initially compromises a business email account through social engineering or computer intrusion techniques. Following the initial intrusion, the cyber criminal uses the system access to conduct reconnaissance on the victim’s email communications. Using information gathered from the compromised accounts and reconnaissance efforts created by system access following the initial intrusion, the cyber criminal then impersonates an employee over email communications to redirect pending or future payments to fraudulent bank accounts. BEC actors create auto-forwarding rules within email accounts after they obtain employee credentials to decrease the victims’ ability to observe fraudulent communications. This allows cyber-criminals to better conceal their scamming activities, the FBI said, adding that scammers are doing this as the COVID-19 pandemic necessitates more teleworking, another factor increasing the likelihood of success. To learn more, see the FBI statement located here.

Department of Homeland Security Warns About DNS Hijacking

, ,
_55b86715-32be-4623-924a-a83749dcac33

On January 22, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a Emergency Directive – 19-01 – outlining steps you can take to mitigate a new threat discovered of DNS tampering / hijacking.

Hackers capturing user credentials that have the authority to make changes to the Domain Name System (DNS), through fishing or other means, have been redirecting web, email, and potentially other traffic to systems they control. In some instances they intercept data and can even store and forward the received data to further hide the malicious activity to avoid or prolong detection by the targeted entity.

At Priasoft, we understand that security is a top concern for IT and are working hard on new security technologies that we are bringing to market in Q3 2019 that can mitigate this type of threat. We have several security products we are bringing to market to combat the security vectors we see as under severed and unprotected, including DNS and email phishing. If you would like to receive early notification as we complete the testing, development, and release cycles please contact us here.

We have outlined the background in the directive below and encourage administrators that have credentials to manage DNS to review key DNS records, change their passwords, and fully read the DHS directive to avoid being compromised by this latest attack technique.

Background from the DHS Directive

Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.

  1. The attacker begins by compromising user credentials, or obtaining them through alternate means, of an account that can make changes to DNS records.
  2. Next, the attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls. This enables them to direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection.
  3. Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the certificate is valid for the domain, end users receive no error warnings.

In closing, attackers are becoming more and more creative in the types of attacks and this DNS attack is just one of the many new threat vectors IT needs to monitor and secure. More than ever,  IT needs to remain diligent to avoid being the victims of attacks.

Exchange 2010 End of Support – Time to migrate to Office 365 or Exchange 2016

,
Exchnage 2010 Logo

Exchange Server 2010 will reach end of support on January 14, 2020. If you haven’t already started thinking about your migration from Exchange 2010 to Office 365 or Exchange 2016 now’s the time.


What Does End Of Support Mean For My Organization?

All Microsoft products have a support lifecycle during which Microsoft will provide new features, bug fixes, and security fixes. The typical Microsoft product lifecycle is 10 years from the date the product was RTM (released to manufacturing). Therefore, when Exchange 2010 reaches its end of support on January 14, 2020, Microsoft will no longer provide:

  • Bug fixes for issues that may impact the stability, usability, or performance of the server
  • Security updates for vulnerabilities that will make the server vulnerable to possible security breaches
  • Time zone updates
  • Technical support for critical issues that may occur

You can continue to run Exchange 2010 after January 10, 2020, however, we strongly recommend that you migrate from Exchange 2010 as soon as possible and Priasoft can help make the transition smooth and painless regardless if you’re moving to Office 365, Exchange 2016, or Exchange 2019.

To learn more about migrating Exchange 2010 to Exchange 2016 have a look at our article here.

If you would like to speak to one of our migration experts about migrating Exchange 2010 to Office 365 or Exchange 2016 please contact us. You can also request a free trial of our Priasoft Migration Suite for Exchange to begin testing migrations and estimating migration timing using our Dry-Run feature that lets you simulate the migration without disrupting end users.

What’s new in Exchange Server 2019

,
Exchange 2019 Logo

Upgrade to Exchange server to benefit from new features such as support for Windows Server Core and EAI address support, reducing the attack surface and freeing up server resources. Microsoft’s continued support for On-premises enterprise customers showcases their commitment to meeting diverse needs, even in the era of cloud migration.

Read more

Exchange Server 2019 Now In Public Preview

Exchange Server 2019 Logo

If You Run Exchange Server On-Premise You Can Now Evaluate Exchange Server 2019 As Of July 2018.

Exchange Server 2019 brings updated security, performance, and improved administration and management capabilities. These are the attributes our Microsoft’s largest on-premises customers told them they need from Exchange. Exchange Server 2019 also includes features end-users will love too.

Here are some of the key features in each of these areas:

Security: Microsoft included support for installing Exchange Server 2019 onto Windows Server Core. Exchange Server 2019 installed on Windows Server 2019 Core provides the most secure platform for Exchange. You also have the option of installing the Exchange 2019 Preview onto Windows Server 2016 Core or Windows Server 2016/2019 with Desktop Experience, but we have worked hard to make sure running Exchange on Windows Server Core 2019 is the best choice for Exchange 2019.

Performance: Microsoft has done extensive work to allow Exchange Server to take advantage of the larger core and memory packed systems our customers have deployed these days. You can be very successful running Exchange Server with up to 48 processor cores and 256GB of RAM.

Microsoft re-engineered search using Bing technology to make it even faster and provide better results, and in doing so have made database failovers much faster, and administration easier. The search indexes are now within the database itself. There are no more separate log files to manage. As the index data is now within the database, normal log shipping includes the database and search data in a single replication and the index is always up to date on all database copies.

End user experience: One of the most important capabilities in Exchange is calendaring. All large enterprises are heavy calendar users and those organizations rely on calendars to help people get their work done. We’re bringing a few key features such as Do Not Forward and Simplified Calendar Sharing from Office 365 to On-Premises Exchange. We’re sure a lot of end users will be very happy with those features. Administrators get some new calendaring features too, as we’re adding the ability for admins to manage events on user’s calendars and to assign delegate permissions more easily.

One thing to note is that Unified Messaging role will not be available in Exchange Server 2019. Customers who currently connect either a 3rd party PBX or Skype for Business Server to Exchange Server won’t be able to do so with Exchange Server 2019 mailboxes. Those customers considering an upgrade to Exchange Server 2019 should consider migrating to Skype for Business Server 2019 and using Cloud Voicemail, or migrating to Office 365 with Cloud Voicemail. More information on this change will be available prior to launch.

That’s a brief roundup of many of the changes Microsoft has baked into Exchange Server 2019.

You can download the Exchange 2019 preview here.

RPC over HTTP deprecated in Office 365 on 10/31/2017 – Are you Ready?

,
Effortless Exchange Migration and eDiscovery Solutions

RPC over HTTP (known as Outlook Anywhere) is being deprecated in Office 365 and you need to make sure that your Outlook clients and 3rd party MAPI based applications are updated or patched to use the new MAPI over HTTP protocol prior to the October 31st deadline.

Customers need to have the following clients and service packs on or before Oct 31st or will lose connectivity to Office 365.

Office versionUpdateBuild number
Office 2016The December 8, 2015 updateSubscription: 16.0.6568.20xx
MSI: 16.0.4312.1001
Office 2013Office 2013 Service Pack 1 (SP1) and the December 8, 2015 update15.0.4779.1002
Office 2010Office 2010 Service Pack 2 (SP2) and the December 8, 2015 update14.0.7164.5002

Want to learn more?

Read the announcement from Microsoft