Back in April I wrote a post on Practical 365 how you can create in Azure AD apps and make OAuth for authentication available to your Exchange on-premises environment without the need of having Hybrid Modern Authentication (HMA) enabled. If you’re interested, you can find the article here.
When you read the headline, you’re might thinking “Oh no! Another post about this topic!”. But I think this post is worth reading as I’ll go deep into details.
Over the last months I have seen an increase of questions from various teammates and other teams in regards of the Exchange Online Remote PowerShell Module. The questions where mostly related to connectivity issue and prompts for re-authentication as PSSessions got into a broken state.
Also the fact that in some areas a proxy needs to be used, might be confusing as well as the question what to do if you have a service account or want to use the module in ISE.
There are many ways to block applications based on User Agent. You can use ActiveSyncDeviceAccessRules for EAS or EWSAllowList/EWSBlockList.
Besides this you can block those User Agnets already on a load balancer. The main difference is that then the workload is moved away from you Exchange server to the load balancer. In this post I’m going to describe the steps of one possible way to do so taken a F5 load balancer.
As part of hardening of servers, which publish services and in times of Poodle, you might want to disable SSL (if not already done). You can test your client here and your server/service endpoint here.
Most likely you already disabled SSL on your server, but if not:
Can you do it right away?
Of course you can do it right away. Is there a caveat? It depends….