Dave Stork
@davestork.nl
Cloud Architect @ Rubicon | MVP | MCT | MSc | Atheist | NL&EN | co-author practicalpowershell,com | Opinions = mine | He/Him | Socials: https://about.me/dmstork
Have an appointment this afternoon 💉
November 27, 2025 at 9:49 AM
Have an appointment this afternoon 💉
BTW: from October 1st new Accepted Domains will automatically use the new MX infrastructure, which will maken enabling DANE a little less of a hassle as there should be no change in your MX record. See MC1048624 or mc.merill.net/message/MC10...
#Security #SMTP #MSExchange #Microsoft365 #DANE
#Security #SMTP #MSExchange #Microsoft365 #DANE
MC1048624 - DNS Provisioning Change | Microsoft 365 Message Center Archive
Starting October 1, 2025, A records for new Accepted Domains will be provisioned under mx.microsoft to support DNSSEC adoption. Automation relying on mail.protection.outlook.com must update to use…
mc.merill.net
September 23, 2025 at 8:30 AM
BTW: from October 1st new Accepted Domains will automatically use the new MX infrastructure, which will maken enabling DANE a little less of a hassle as there should be no change in your MX record. See MC1048624 or mc.merill.net/message/MC10...
#Security #SMTP #MSExchange #Microsoft365 #DANE
#Security #SMTP #MSExchange #Microsoft365 #DANE
You must enable DNSSEC as this change is currently only present on the new mx,microsoft infrastructure. For existing accepted domains this is the way to transition to the new infra. More on DANE: learn.microsoft.com/en-us/purvie...
#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate
#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate
How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications
Learn how SMTP DNS-based Authentication of Named Entities (DANE) works to secure email communications between mail servers.
learn.microsoft.com
September 23, 2025 at 8:30 AM
You must enable DNSSEC as this change is currently only present on the new mx,microsoft infrastructure. For existing accepted domains this is the way to transition to the new infra. More on DANE: learn.microsoft.com/en-us/purvie...
#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate
#Security #SMTP #MSExchange #Microsoft365 #CAA #Certificate
Although for hosted services you do not have control over their certificate management, however I would find it reassuring if such a service would implement CAA. And: Since a few days #MSExchange Online now has CAA records!
How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications
Learn how SMTP DNS-based Authentication of Named Entities (DANE) works to secure email communications between mail servers.
learn.microsoft.com
September 23, 2025 at 8:30 AM
Although for hosted services you do not have control over their certificate management, however I would find it reassuring if such a service would implement CAA. And: Since a few days #MSExchange Online now has CAA records!
With upcoming changes in the max certificate validity period (max 200 days in 2026, 100 in 2027, 47 in 2029) the use of ACME (Automated Certificate Management Environment) will certainly increase. The addition of CAA with ACME is another security layer. CAA is recommended for Dutch governments.
How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications
Learn how SMTP DNS-based Authentication of Named Entities (DANE) works to secure email communications between mail servers.
learn.microsoft.com
September 23, 2025 at 8:30 AM
With upcoming changes in the max certificate validity period (max 200 days in 2026, 100 in 2027, 47 in 2029) the use of ACME (Automated Certificate Management Environment) will certainly increase. The addition of CAA with ACME is another security layer. CAA is recommended for Dutch governments.
Read more here for a more detailed explanation and how to monitor the use of MOERA domains: techcommunity.microsoft.com/blog/exchang...
#WeekITtip #MSExchange #Microsoft365 #Security
#WeekITtip #MSExchange #Microsoft365 #Security
Limiting Onmicrosoft Domain Usage for Sending Emails | Microsoft Community Hub
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
techcommunity.microsoft.com
August 29, 2025 at 8:30 AM
Read more here for a more detailed explanation and how to monitor the use of MOERA domains: techcommunity.microsoft.com/blog/exchang...
#WeekITtip #MSExchange #Microsoft365 #Security
#WeekITtip #MSExchange #Microsoft365 #Security
The biggest gain is achieved by changing your default domain and checking existing objects In addition, the default DKIM signing domain is often the MOERA domain. Take a moment to properly configure each custom domain as well, enhancing #security.
#WeekITtip #MSExchange #Microsoft365
#WeekITtip #MSExchange #Microsoft365
Limiting Onmicrosoft Domain Usage for Sending Emails | Microsoft Community Hub
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
techcommunity.microsoft.com
August 29, 2025 at 8:30 AM
The biggest gain is achieved by changing your default domain and checking existing objects In addition, the default DKIM signing domain is often the MOERA domain. Take a moment to properly configure each custom domain as well, enhancing #security.
#WeekITtip #MSExchange #Microsoft365
#WeekITtip #MSExchange #Microsoft365
The impact for organizations using custom domains is limited. However, orgs might not be aware that some non-user objects use MOERA domains per default (i.e. Booking app, notifications etc.).
#WeekITtip #MSExchange #Microsoft365 #Security
#WeekITtip #MSExchange #Microsoft365 #Security
Limiting Onmicrosoft Domain Usage for Sending Emails | Microsoft Community Hub
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
techcommunity.microsoft.com
August 29, 2025 at 8:30 AM
The impact for organizations using custom domains is limited. However, orgs might not be aware that some non-user objects use MOERA domains per default (i.e. Booking app, notifications etc.).
#WeekITtip #MSExchange #Microsoft365 #Security
#WeekITtip #MSExchange #Microsoft365 #Security
There are more similar changes already in preview and on the roadmap, but this is indeed a very big step in ending the era of maintaining an Exchange server “just because we sync our AD" and providing more flexibility in identity provisioning and governance.
Introducing Cloud-Managed Remote Mailboxes: a Step to Last Exchange Server Retirement | Microsoft Community Hub
We are excited to announced a feature that enables cloud management of email properties for users with remote mailboxes.
techcommunity.microsoft.com
August 20, 2025 at 8:04 PM
There are more similar changes already in preview and on the roadmap, but this is indeed a very big step in ending the era of maintaining an Exchange server “just because we sync our AD" and providing more flexibility in identity provisioning and governance.
When enabled on a mailbox, you can manage synced identities mail properties directly in Exchange Online. Previously this was not possible and the reason you required an on-prem Exchange Server for management (or serverless with Management Tools).
Introducing Cloud-Managed Remote Mailboxes: a Step to Last Exchange Server Retirement | Microsoft Community Hub
We are excited to announced a feature that enables cloud management of email properties for users with remote mailboxes.
techcommunity.microsoft.com
August 20, 2025 at 8:04 PM
When enabled on a mailbox, you can manage synced identities mail properties directly in Exchange Online. Previously this was not possible and the reason you required an on-prem Exchange Server for management (or serverless with Management Tools).