banner
LightNews
davestork.nl
Dave Stork
@davestork.nl
330 followers 400 following 200 posts
Cloud Architect @ Rubicon | MVP | MCT | MSc | Atheist | NL&EN | co-author practicalpowershell,com | Opinions = mine | He/Him | Socials: https://about.me/dmstork
about.me
Posts Media Videos Starter Packs
davestork.nl
Dave Stork @davestork.nl · 1d
Schimanski!
davestork.nl
Dave Stork @davestork.nl · 17d
BTW: from October 1st new Accepted Domains will automatically use the new MX infrastructure, which will maken enabling DANE a little less of a hassle as there should be no change in your MX record. See MC1048624 or mc.merill.net/message/MC10...

#Security #SMTP #MSExchange #Microsoft365 #DANE
MC1048624 - DNS Provisioning Change | Microsoft 365 Message Center Archive
Starting October 1, 2025, A records for new Accepted Domains will be provisioned under mx.microsoft to support DNSSEC adoption. Automation relying on mail.protection.outlook.com must update to use…
mc.merill.net
davestork.nl
Dave Stork @davestork.nl · 17d
You must enable DNSSEC as this change is currently only present on the new mx,microsoft infrastructure. For existing accepted domains this is the way to transition to the new infra. More on DANE: learn.microsoft.com/en-us/purvie...

#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate
How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications
Learn how SMTP DNS-based Authentication of Named Entities (DANE) works to secure email communications between mail servers.
learn.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · 17d
Although for hosted services you do not have control over their certificate management, however I would find it reassuring if such a service would implement CAA. And: Since a few days #MSExchange Online now has CAA records!
How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications
Learn how SMTP DNS-based Authentication of Named Entities (DANE) works to secure email communications between mail servers.
learn.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · 17d
With upcoming changes in the max certificate validity period (max 200 days in 2026, 100 in 2027, 47 in 2029) the use of ACME (Automated Certificate Management Environment) will certainly increase. The addition of CAA with ACME is another security layer. CAA is recommended for Dutch governments.
How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications
Learn how SMTP DNS-based Authentication of Named Entities (DANE) works to secure email communications between mail servers.
learn.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · 17d
You all know I like to use the internet.nl internet standards test. Recently they added the Certificate Authority Authorization or CAA DNS record check. This record signals which CA is allowed during the certificate request process and CA's should only issue a certificate when it's listed.
Internet.nl adds CAA test and announces TLS test changes
Test for modern Internet Standards IPv6, DNSSEC, HTTPS, HSTS, DMARC, DKIM, SPF, STARTTLS, DANE, RPKI and security.txt
internet.nl
1
davestork.nl
Dave Stork @davestork.nl · 27d
I was so #excited that I misspelled the hashtag 🤣
davestork.nl
Dave Stork @davestork.nl · 27d
New PLA filament just came in! Translucent Soft Yellow and Glow Blue. For two different 3D prints that are part of a bigger (sci-fi) project. #Exited
Photo of two spools with filament, label shows PLA Translucent on its head on the left side, on the right PLA Glow. Both from BambuLabs.
1
davestork.nl
Dave Stork @davestork.nl · Aug 29
Read more here for a more detailed explanation and how to monitor the use of MOERA domains: techcommunity.microsoft.com/blog/exchang...

#WeekITtip #MSExchange #Microsoft365 #Security
Limiting Onmicrosoft Domain Usage for Sending Emails | Microsoft Community Hub
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
techcommunity.microsoft.com
davestork.nl
Dave Stork @davestork.nl · Aug 29
The biggest gain is achieved by changing your default domain and checking existing objects In addition, the default DKIM signing domain is often the MOERA domain. Take a moment to properly configure each custom domain as well, enhancing #security.

#WeekITtip #MSExchange #Microsoft365
Limiting Onmicrosoft Domain Usage for Sending Emails | Microsoft Community Hub
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
techcommunity.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · Aug 29
The impact for organizations using custom domains is limited. However, orgs might not be aware that some non-user objects use MOERA domains per default (i.e. Booking app, notifications etc.).

#WeekITtip #MSExchange #Microsoft365 #Security
Limiting Onmicrosoft Domain Usage for Sending Emails | Microsoft Community Hub
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
techcommunity.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · Aug 29
Last week #Microsoft announced an important change throttling #MSExchange Online outbound mail using *.onmicrosoft.com, or MOERA (Microsoft Online Exchange Routing Address). This limits malicious\unsolicited mails from trail tenants, which is indeed a problem.

#WeekITtip #Microsoft365 #Security
Limiting Onmicrosoft Domain Usage for Sending Emails | Microsoft Community Hub
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
techcommunity.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · Aug 20
Read more: techcommunity.microsoft.com/blog/exchang...

#IAM #Exchange #EntraID #Microsoft365
Introducing Cloud-Managed Remote Mailboxes: a Step to Last Exchange Server Retirement | Microsoft Community Hub
We are excited to announced a feature that enables cloud management of email properties for users with remote mailboxes.
techcommunity.microsoft.com
davestork.nl
Dave Stork @davestork.nl · Aug 20
There are more similar changes already in preview and on the roadmap, but this is indeed a very big step in ending the era of maintaining an Exchange server “just because we sync our AD" and providing more flexibility in identity provisioning and governance.
Introducing Cloud-Managed Remote Mailboxes: a Step to Last Exchange Server Retirement | Microsoft Community Hub
We are excited to announced a feature that enables cloud management of email properties for users with remote mailboxes.
techcommunity.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · Aug 20
When enabled on a mailbox, you can manage synced identities mail properties directly in Exchange Online. Previously this was not possible and the reason you required an on-prem Exchange Server for management (or serverless with Management Tools).
Introducing Cloud-Managed Remote Mailboxes: a Step to Last Exchange Server Retirement | Microsoft Community Hub
We are excited to announced a feature that enables cloud management of email properties for users with remote mailboxes.
techcommunity.microsoft.com
1
davestork.nl
Dave Stork @davestork.nl · Aug 20
This is big #MSExchange news! Today #Microsoft posted an article introducing the preview of the IsExchangeCloudManaged parameter in which you can shift the start-of-authority of Exchange attributes on hybrid identities from on-prem to cloud.
Introducing Cloud-Managed Remote Mailboxes: a Step to Last Exchange Server Retirement | Microsoft Community Hub
We are excited to announced a feature that enables cloud management of email properties for users with remote mailboxes.
techcommunity.microsoft.com
1 1
Reposted by Dave Stork
christrekkin.bsky.social
ChrisTrekkin 💜🖖 @christrekkin.bsky.social · Aug 16
@bsky.app, reinstate Jessie's account and do not stand with those who would do harm like JKR and her ilk

🏳️‍⚧️🏳️‍⚧️🏳️‍⚧️
clairewillett.bsky.social
Claire Willett @clairewillett.bsky.social · Aug 16
it appears that @bsky.app have suspended the account of @jessiegender because a trans person saying "I wish ill on JK Rowling" is against the rules, so let me say with my loud cis voice that I too wish ill on all perpetrators of hate speech against trans people

reinstate Jessie, this is ridiculous
1 23 82
Reposted by Dave Stork
jamesamey.bsky.social
James Amey @jamesamey.bsky.social · Aug 16
What the fuck @bsky.app

You’re meant to be better than the other place.

Do better. Reinstate @jessiegender.
clairewillett.bsky.social
Claire Willett @clairewillett.bsky.social · Aug 16
it appears that @bsky.app have suspended the account of @jessiegender because a trans person saying "I wish ill on JK Rowling" is against the rules, so let me say with my loud cis voice that I too wish ill on all perpetrators of hate speech against trans people

reinstate Jessie, this is ridiculous
3 53 170
Reposted by Dave Stork
clairewillett.bsky.social
Claire Willett @clairewillett.bsky.social · Aug 16
it appears that @bsky.app have suspended the account of @jessiegender because a trans person saying "I wish ill on JK Rowling" is against the rules, so let me say with my loud cis voice that I too wish ill on all perpetrators of hate speech against trans people

reinstate Jessie, this is ridiculous
260 6.2K 17K
Reposted by Dave Stork
seanferrick.bsky.social
Seán Ferrick @seanferrick.bsky.social · Aug 16
To whom it may concern at @bsky.app

@jessiegender has received more hatred and vitriol in her career simply for being a trans person daring to exist in a public space.

People like J.K.Rowling and her cronies have organised dog piles to ruin her life - please dont be part of that

Reinstate her.
clairewillett.bsky.social
Claire Willett @clairewillett.bsky.social · Aug 16
it appears that @bsky.app have suspended the account of @jessiegender because a trans person saying "I wish ill on JK Rowling" is against the rules, so let me say with my loud cis voice that I too wish ill on all perpetrators of hate speech against trans people

reinstate Jessie, this is ridiculous
13 400 950
davestork.nl
Dave Stork @davestork.nl · Aug 13
In any case, if you still have or use Lens: time to look for alternatives that suit your needs. I think there are better options than the M365 Copilot.

Read more here: mc.merill.net/message/MC11...
Admin M365 MC: admin.microsoft.com/ref=MessageC...

#WeekITtip #Microsoft365
MC1131064 - Microsoft Lens app will retire | Microsoft 365 Message Center Archive
Microsoft Lens mobile app will retire starting September 15, 2025, with new installs disabled by mid-October and removal by mid-November. After December 15, 2025, new scans can't be created. Users…
mc.merill.net
davestork.nl
Dave Stork @davestork.nl · Aug 13
It makes me sad as a was a avid user during conferences to get photos of projected slides unskewed & suitable for posting. To be fair, I haven't used Lens since 2019. After that a lot of hybrid confs & (pre-)shared slidedecks limited the need for photos or live tweeting.
#WeekITtip #Microsoft365
MC1131064 - Microsoft Lens app will retire | Microsoft 365 Message Center Archive
Microsoft Lens mobile app will retire starting September 15, 2025, with new installs disabled by mid-October and removal by mid-November. After December 15, 2025, new scans can't be created. Users…
mc.merill.net
1
davestork.nl
Dave Stork @davestork.nl · Aug 13
This #Microsoft365 Message Center #MC1131064 hurt a little: Microsoft Lens app will retire. Starting this September in phases and concluding on 15 December 2025. The replacement app is the Microsoft365 Copilot app, although it certainly does not have feature parity with Lens
#WeekITtip #Microsoft365
Screenshot of Message Center ID MC1123830. Title: Microsoft Lens app will retire Summary: Microsoft Lens mobile app will retire starting September 15, 2025, with new installs disabled by mid-October and removal by mid-November. After December 15, 2025, new scans can't be created. Users should switch to Microsoft 365 Copilot app for scanning; no admin action is required.
1
davestork.nl
Dave Stork @davestork.nl · Aug 12
New August 2025 #security update for #MSExchange! There are some vulnerabilities fixed, as of now not active in the wild. Small note: now AMSI HTTP Message body scanning will be enabled per default. Read more & find #Microsoft download links here: techcommunity.microsoft.com/blog/exchang...
Released: August 2025 Exchange Server Security Updates | Microsoft Community Hub
We have released Security Updates for Exchange Server SE, Exchange Server 2019 and Exchange Server 2016.
techcommunity.microsoft.com
davestork.nl
Dave Stork @davestork.nl · Aug 8
If you are responsible for your orgs mail infrastructure, definitely read this post and evaluate the impact of disabling Direct Send: techcommunity.microsoft.com/blog/exchang...
#WeekITtip #Security #SMTP #Mail
Direct Send vs sending directly to an Exchange Online tenant | Microsoft Community Hub
This post discusses what Direct Send is, is not, and how to help control email sent directly to your tenant.
techcommunity.microsoft.com