Since world is moving towards Cloud and away from Basic authentication, I also have to address this in my scripts. With the latest announcement on The Microsoft Exchange Team Blog about the Upcoming changes to Exchange Web Services (EWS) API for Office 365, I get a lot of questions from people about this.
First of all: This change is ONLY for Office 365!
Besides this I appreciate this change and believe it or not with the latest Exchange versions you can use OAuth already on your on-premises environment.
In this post I describe how get your tokens using ADAL, which can be used for accessing a mailbox via EWS. Most of you might already used a tool, which supports OAuth, but weren’t aware of: EWS Editor
When you read the headline, you’re might thinking “Oh no! Another post about this topic!”. But I think this post is worth reading as I’ll go deep into details.
Over the last months I have seen an increase of questions from various teammates and other teams in regards of the Exchange Online Remote PowerShell Module. The questions where mostly related to connectivity issue and prompts for re-authentication as PSSessions got into a broken state.
Also the fact that in some areas a proxy needs to be used, might be confusing as well as the question what to do if you have a service account or want to use the module in ISE.
There are many ways to block applications based on User Agent. You can use ActiveSyncDeviceAccessRules for EAS or EWSAllowList/EWSBlockList.
Besides this you can block those User Agnets already on a load balancer. The main difference is that then the workload is moved away from you Exchange server to the load balancer. In this post I’m going to describe the steps of one possible way to do so taken a F5 load balancer.
As part of hardening of servers, which publish services and in times of Poodle, you might want to disable SSL (if not already done). You can test your client here and your server/service endpoint here.
Most likely you already disabled SSL on your server, but if not:
Can you do it right away?
Of course you can do it right away. Is there a caveat? It depends….