Audit All Mailbox Activity

Note: Updated 11/12/2021 to include SearchQueryInitiated Ever wanted to make sure you are auditing all available activities in Exchange Online? Me too! So I wrote a PowerShell to turn on logging for every possible item EXO can audit. Adjust to your liking and license level! So why would you want this? Isn’t logging enabled by ... Read More

Find EOP – MDO Misconfig with KQL

One of the biggest/most common misconfigurations I have seen with EOP/MDO is an overuse of IP or domain allow lists. MSFT has updated its guidelines to no longer recommend customers use those features. However, the hard thing is determining how many emails are coming into your environment without scanning due to those settings. I needed ... Read More

Blog Update

Had a lot of life updates since Covid, New Job, New Home all the Covid stuff. As life is starting to normalize again I am again thinking blogging would be fun! And maybe just maybe some of the stuff I post helps someone else. So my goal is to start publishing more on this blog ... Read More

Powershell admin tool launcher

I Often find my self needing to open tools such as AD or DNS as a different user account. This is because as a security best practices I usually recommend organizations run dual account security. Where an IT team member uses a separate account for admin activity vs their day to day account that has ... Read More