Tag Archives: email

Fancy Bears hackers target International Olympic Committee

The International Olympic Committee has had its email stolen again, this time in a response to its ban on Russia from the 2018 Winter Olympics.

A hacking group that calls itself Fancy Bears posted email messages allegedly from officials at the International Olympic Committee (IOC), the U.S. Olympic Committee (USOC) and other associated groups, like the World Anti-Doping Agency (WADA). There’s no confirmation yet that the email messages are authentic, but Fancy Bears focuses on anti-doping efforts that got Russia banned from this year’s Olympic Games.

“The national anti-doping agencies of the USA, Great Britain, Canada, Australia, New Zealand and other countries joined WADA and the USOC under the guidance of iNADO [Institute of National Anti-Doping Organisations],” Fancy Bears said on its website. “However, the genuine intentions of the coalition headed by the Anglo-Saxons are much less noble than a war against doping. It is apparent that the Americans and the Canadians are eager to remove the Europeans from the leadership in the Olympic movement and to achieve political dominance of the English-speaking nations.”

Fancy Bears is believed to be the same hacking group known as Fancy Bear that claimed responsibility for the 2016 hack on the U.S. Democratic National Committee, which interfered in the 2016 presidential election. Fancy Bear hackers have been linked to Russia’s military intelligence unit, the GRU, by American intelligence officials.

The batch of email messages Fancy Bears posted is from 2016 through 2017 and mainly focuses on discrediting Canadian lawyer Richard McLaren, who led the investigation into Russia’s widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.

The IOC declined to comment on the “alleged leaked documents” and whether or not they are legitimate.

It’s not clear how Fancy Bears allegedly breached the IOC email. However, in 2016, the same group targeted WADA with a phishing scheme and released documents that focused on previous anti-doping efforts following the 2016 Summer Olympics. In that case, the hacking group released the medical records for U.S. Olympic athletes Simone Biles, Serena and Venus Williams and Elena Delle Donne. The medical records showed that these athletes were taking prohibited medications, though they all obtained permission to use them and, thus, were not violating the rules. This release happened in the midst of McLaren’s investigation into the widespread misconduct by Russian athletes.

In one email released in this week’s dump, IOC lawyer Howard Stupp complained that the findings from McLaren’s investigation were “intended to lead to the complete expulsion of the Russian team” from the 2016 Summer Games in Rio de Janeiro and now from the 2018 Pyeongchang Games.

The 2018 Winter Olympic Games are set to start on Feb. 9, 2018, in South Korea.

In other news:

  • A former contractor at the U.S. National Security Agency has agreed to plead guilty to stealing classified information. Harold Martin is scheduled to plead guilty to one count of willful retention of nation defense information at a federal court in Baltimore on Jan. 22. Martin, who was indicted in February 2017, is accused of stealing highly sensitive government information — including national defense data — from the NSA and other agencies for 20 years. Martin could serve up to 10 years in prison and have to pay a fine of up to $250,000. Martin was employed by several private companies and worked as a contractor for various U.S. government agencies from 2003 to 2016, during which time he maintained top-secret security clearance. With his top-secret clearance, Martin was able to access highly sensitive government data, and he collected both physical and digital documents, which he stored in his home and car, according to the documents released by the court. There is no indication yet about what, if anything, Martin did with the information he stole.
  • Facebook now offers an encrypted group chat tool, despite the widespread government criticism of encrypted messaging systems. The tool, called Asynchronous Ratcheting Tree, or ART, was developed by Oxford University’s Katriel Cohn-Gordon, Cas Cremers, Luke Garratt and Kevin Milner, as well as Facebook’s Jon Millican. In their paper about ART, “On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees,” the group noted that the communication app for only two users is secure, but group messaging is not. “An adversary who compromises a single group member can intercept communications indefinitely,” the group said about group messaging. “One reason for this discrepancy in security guarantees, despite the large body of work on group key agreement, is that most existing protocol designs are fundamentally synchronous, and thus cannot be used in the asynchronous world of mobile communications.” With the ART protocol, a user can participate in a group message securely, even after one participating user is compromised. The ability comes from the use of different asymmetric keys. Technical details on the protocol can be found in the group’s proof of concept.
  • Cisco introduced a technology called Encrypted Traffic Analytics (ETA), which identifies malware in encrypted traffic without intercepting and decrypting the data. According to Cisco’s white paper, ETA is “derived by using new types of data elements or telemetry that are independent of protocol details, such as the lengths and arrival times of messages within a flow. These data elements have the attractive property of applying equally well to both encrypted and unencrypted flows.” The product has been in trials since the summer of 2017 and is now being rolled out to enterprise routing platforms. Cisco estimated that, by 2020, 80% of all traffic will be encrypted, and ETA aims to solve the problem of security scanners not being able to sift through that traffic for malware. Cisco said ETA uses “multilayer machine learning,” advanced statistical modeling and enhanced telemetry to detect malware.

The top Exchange and Office 365 tutorials of 2017

Even in the era of Slack and Skype, email remains the key communication linchpin for business. But where companies use email is changing.

In July 2017, Microsoft said, for the first time, its cloud-based Office 365 collaboration platform brought in more revenue than traditional Office licensing. In October 2017, Microsoft said it had 120 million commercial subscribers using its cloud service.

This trend toward the cloud is reflected by the heavy presence of Office 365 tutorials in this compilation of the most popular tips of 2017 on SearchExchange. More businesses are interested in moving from a legacy on-premises server system to the cloud — or at least a new version of Exchange.

The following top-rated Office 365 tutorials range from why a business would use an Office 365 hybrid setup to why a backup policy is essential in Office 365.

5. Don’t wait to make an Office 365 backup policy

Microsoft does not have a built-in backup offering for Office 365, so admins have to create a policy to make sure the business doesn’t lose its data.

Admins should work down a checklist to ensure email is protected if problems arise:

  • Create specific plans for retention and archives.
  • See if there are regulations for data retention.
  • Test backup procedures in Office 365 backup providers, such as Veeam and Backupify.
  • Add alerts for Office 365 backups.

4. What it takes to convert distribution groups into Office 365 Groups

Before the business moves from its on-premises email system to Office 365, admins must look at what’s involved to turn distribution groups into Office 365 Groups. The latter is a collaborative service that gives access to shared resources, such as a mailbox, calendar, document library, team site and planner.

Microsoft provides conversion scripts to ease the switch, but they might not work in every instance. Many of our Office 365 tutorials cover these types of migration issues. This tip explains some of the other obstacles administrators encounter with Office 365 Groups and ways around them.

3. Considerations before a switch to Office 365

While Office 365 has the perk of lifting some work off IT’s shoulders, it does have some downsides. A move to the cloud means the business will lose some control over the service. For example, if Office 365 goes down, there isn’t much an admin can do if it’s a problem on Microsoft’s end.

Businesses also need to keep a careful eye on what exactly they need from licensing, or they could end up paying far more than they should. And while it’s tempting to immediately adopt every new feature that rolls out of Redmond, Wash., the organization should plan ahead to determine training for both the end user and IT department to be sure the company gets the most out of the platform.

2. When a hybrid deployment is the right choice

A clean break from a legacy on-premises version of Exchange Server to the cloud sounds ideal, but it’s not always possible due to regulations and technical issues. In those instances, a hybrid deployment can offer some benefits of the cloud, while some mailboxes remain in the data center. Many of our Office 365 tutorials assist businesses that require a hybrid model to contend with certain requirements, such as the need to keep certain applications on premises.

1. A closer look at Exchange 2016 hardware

While Microsoft gives hardware requirements for Exchange Server 2016, its guidelines don’t always mesh with reality. For example, Microsoft says companies can install Exchange Server 2016 on a 30 GB system partition. But to support the OS and updates, businesses need at least 100 GB for the system partition.

A change from an older version of Exchange to Exchange 2016 might ease the burden on the storage system, but increase demands on the CPU. This tip explains some of the adjustments that might be required before an upgrade.

Prevent Exchange Server virtualization deployment woes

are other measures administrators should take to keep the email flowing.

In my work as a consultant, I find many customers get a lot of incorrect information about virtualizing Exchange. These organizations often deploy Exchange on virtual hardware in ways that Microsoft does not support or recommend, which results in major performance issues. This tip will explain the proper way to deploy Exchange Server on virtual hardware and why it’s better to avoid cutting-edge hypervisor features.

When is Exchange Server virtualization the right choice?

The decision to virtualize a new Exchange deployment would be easy if the only concerns were technical. This choice gets difficult when politics enter the equation.

Email is one of the more visible services provided by an IT department. Apart from accounting systems, companies rely on email services more than other information technology. Problems with email availability can affect budgets, jobs — even careers.  

Some organizations spend a sizable portion of the IT department budget on the storage systems that run under the virtual platform. It may be a political necessity to use those expensive resources for high-visibility services such as messaging even when it is less expensive and overall a better technical answer to deploy Exchange on dedicated hardware. While I believe that the best Exchange deployment is almost always done on physical hardware — in accordance with the Preferred Architecture guidelines published by the Exchange engineering team — a customer’s requirements might steer the deployment to virtualized infrastructure.

How do I size my virtual Exchange servers?

Microsoft recommends sizing virtual Exchange servers the same way as physical Exchange servers. My recommendations for this procedure are:

  • Use the Exchange Server Role Requirements Calculator as if the intent was to build physical servers.
  • Take the results, and create virtual servers that are as close as possible to the results from the calculator.
  • Turn off any advanced virtualization features in the hypervisor.

Why should I adjust the hypervisor settings?

Some hypervisor vendors say that the X or Y feature in their product will help the performance or stability of virtualized Exchange. But keep in mind these companies want to sell a product. Some of those add-on offerings are beneficial, some are not. I have seen some of these vaunted features cause terrible problems in Exchange. In my experience, most stable Exchange Server deployments do not require any fancy virtualization features.

What virtualization features does Microsoft support?

Microsoft’s support statement for virtualization of Exchange 2016 is lengthy, but the essence is to make the Exchange VMs as close to physical servers as possible.

Microsoft does not support features that move a VM from one host to another unless the failover event results in cold boot of the Exchange Server. The company does not support features that allow resource sharing among multiple VMs of virtualized Exchange.

Where are the difficulties with Exchange Server virtualization?

The biggest problem with deploying Exchange on virtual servers is it’s often impossible to follow the proper deployment procedures, specifically with the validation of storage IOPS of a new Exchange Server with Jetstress. This tool checks that the storage hardware delivers enough IOPS to Exchange for a smooth experience.

Generally, a virtual host will use shared storage for the VMs it hosts. Running Jetstress on a new Exchange VM on that storage setup will cause an outage for other servers and applications. Due to this shared arrangement, it is difficult to gauge whether the storage equipment for a virtualized Exchange Server will provide sufficient performance.  

While it’s an acceptable practice to run Exchange Server on virtual hardware, I find it often costs more money and performs worse than a physical deployment. That said, there are often circumstances outside of the control of an Exchange administrator that require the use of virtualization.

To avoid trouble, try not to veer too far from Microsoft’s guidelines. The farther you stray from the company’s recommendations, the more likely you are to have problems.

Determine if an Exchange Online migration makes sense

it just concerns moving email to the cloud. But there is a whole product suite to consider as part of this process.

The decision to shift from an on-premises email platform is not easy. Before the organization commits to this move, look at the transition from both a strategic and a technical perspective. There are a series of questions that should be answered before making the decision to switch to Exchange Online.

Is Exchange Online right for this organization?

Remember that Exchange Online is part of the Office 365 suite and is more than just email. The platform’s services address many business needs, such as file shares, document sharing, collaboration tools and simple word processing. And with certain licenses, if you buy Exchange Online, you own many of these other tools as well.

With that in mind, review the business issues below to see if an Exchange Online migration makes sense for the company:

  • The employees work in silos and require a tool to tear down these walls.
  • While emails don’t include client information, the system should automatically check that sensitive information is not sent.
  • Security is a priority. A lot of effort is made to keep that technology up to date.
  • Some employees get 250 email messages a day and must work collaboratively with other teams.
  • Company data sits in many different places, including email. Data management must be simplified.

While email is definitely part of the challenge, it’s not the only tool that runs teams and organizations. These hurdles should not hold up an Exchange Online migration. If email is a priority, consider making this phase one of the project, and then, deploy the additional tools your organization needs in different phases of the project at a later date.

Work out a path to a solid migration

Once the business works out the strategic approach, dive into the technical considerations for a smooth Exchange Online migration. First, find answers to the following questions because they will influence the user experience (UX), design and amount of time to deploy.

Should the UX be seamless, or will users log in with different credentials for Office 365 email?

Answer: I find larger organizations do not want users to log in separately, whereas smaller ones are more flexible in this area. That said, most businesses want a seamless UX. A business that wants to give users more streamlined access to resources should discuss how to implement Azure Active Directory Connect to set up password sync and single sign-on. Federation is not required, but organizations that already have it implemented find it is a good option for them. If federation is not in your environment, then look at other options.

Does the business need a failback plan?

Answer: Organizations often see a migration to the cloud as one way, but a failback plan should be included in the planning process. Ask yourself this: Would your organization migrate its on-premises Exchange deployment to a new server without a failback plan? For most companies, the answer is typically no. The only exception tends to be the very small business that just wants to be in the cloud and not maintain costly on-site infrastructure. With a failback option, the migration will be done in hybrid mode with the Hybrid Configuration Wizard. The ability to fail back mailboxes or migrated components if an unexpected issue arises provides a measure of stability for the business.

Does the business need to back up email data in Exchange Online?

Answer: This question seems straightforward, but the answer is complicated. If the business is OK without the ability to restore a mailbox, then this might work. The Deleted Item Recovery feature keeps messages for 30 days, and the retention hold options can be used to retain messages beyond 30 days. Does the organization need a way to restore a mailbox when it’s gone or recover individual items beyond 30 days? With answers to those questions, the company can then work to produce the correct technical implementation that best supports its email requirements.

Consider what the business uses in its on-premises deployment and whether that should apply in the cloud. Each organization is different from a technical perspective, so there is more to think about. These questions will help prepare the groundwork when the time comes to make a decision about an Exchange Online migration.

Scarab ransomware joins with Necurs botnet for faster spread

Researchers saw a surge of activity as the Scarab ransomware spread quickly to millions of victims via an email campaign run by botnet, but updates since that initial wave have been lacking.

Ben Gibney and Roland Dela Paz, security researcher and senior security researcher for Forcepoint Security Labs LLC, based in Dublin, reported a surge in volume of Scarab ransomware emails being blocked by security systems on Nov. 23rd. According to the researchers, more than 12.5 million emails were captured between 07:00 and 12:00 UTC, and the current campaign of Scarab ransomware used emails that looked like scanned documents, similar to “Locky ransomware campaigns distributed via Necurs.”

The Scarab ransomware was first seen in the wild in June, but the recent resurgence has been credited to the malware being spread via the Necurs botnet. Necurs was first discovered by cybersecurity vendors in 2012, and the botnet has grown steadily since that time. The Necurs botnet was previously used to spread the Dridex banking malware and Locky ransomware, though the botnet’s activity decreased sharply following a series of raids and arrests of suspect hackers in Russia last year.

“By employing the services of larger botnets such as Necurs, smaller ransomware players such as the actors behind Scarab are able to run a massive campaign with a global reach,” Gibney and Dela Paz wrote in a blog post. “It remains a question whether this is a temporary campaign, as was the case with Jaff, or if we will see Scarab increase in prominence through Necurs-driven campaigns.”

It is still unclear if the campaign was temporary or not as Forcepoint has not released any updates to its initial figures since the post on the 23rd and the company has not responded to requests for more data as of the time of this article.

Andy Norton, director of threat intelligence at Lastline, said the Necurs botnet can be a dangerous delivery system, but as yet it has only been seen propagating ransomware.

“Necurs is so popular to push malware and ransomware because it contains lots of concealment technology like the use of packers to evade static analysis, and lots of evasion technology to avoid being discovered by behavioral malware analysis platforms,” Norton told SearchSecurity. “It is able to survive inside an enterprise security environment, making it successful as a platform for delivering other subsequent malicious payloads.”

New public preview: Azure AD Domain Services support for Azure Resource Manager virtual networks

Howdy folks,

The #1 reason customers email (and tweet and in-message) me is to ask us to add support for Azure Resource Manager based virtual networks to Azure AD Domain Services.

So I’m excited to announce the public preview of Azure AD Domain Services support for virtual networks created using the Azure Resource Manager deployment model. You can now create new managed AD domains in virtual networks that were provisioned using Azure Resource Manager. This public preview release makes deployment of Azure AD Domain Services much easier for you!

If you follow the blog, you already know that Azure AD Domain Services is pretty cool. It provides managed AD domain services like domain join, group policy, LDAP, and Kerberos/NTLM authentication, and all those services are fully compatible with Windows Server Active Directory.

Azure Resource Manager provides a consistent management layer for the tasks you perform through Azure PowerShell, Azure CLI, Azure portal, REST API, and development tools. Learn more about Azure Resource Manager. The resource manager deployment model is widely used across Azure and is now the preferred way to deploy new Azure workloads.

This new public preview lets you create a managed AD domain in a resource manager virtual network from the Azure portal. To do this, you’ll use the brand-new wizard experience we previewed recently.

Getting Started

Here’s how to get started with the preview:

  1. If Azure AD Domain Services is not enabled for your Azure directory – Create a new managed AD domain using the Azure portal. Be sure to select ‘Resource Manager’ as the virtual network type.
  2. If you’ve already enabled Azure AD Domain Services for your Azure directory – You have an existing managed AD domain enabled in a classic virtual network.
    1. If the existing managed AD domain is a production instance, you won’t be able to use this preview. We are working on a migration feature that allows you to migrate your managed AD domain from the classic virtual network to a Resource Manager virtual network, without deleting the managed AD domain. We will make that available in public preview before the end of December 2017.
    2. If the existing managed AD domain is a test instance, you can disable Azure AD Domain services for the directory. You can then create a new instance and select a Resource Manager-based virtual network.

Note: If you are using Azure AD Domain Services in a classic virtual network for production purposes, do not disable Azure AD Domain Services. You will lose state within the managed AD domain, such as domain joined computers, any custom OUs you’ve created, and objects within them. We will be supporting the migration process of existing managed AD domains from classic virtual networks to resource manager virtual networks later this year.

The Road to GA

We have quite a bit of work still to go before we can GA this feature. The two biggest remaining are:

  1. We’re going all in on resource manager virtual networks: This public preview release defaults to using resource manager-type virtual networks when you create a new managed AD domain. During the public preview, you’ll be able to choose classic virtual networks while creating a new managed AD domain. But, when support for resource manager virtual networks becomes generally available, you won’t be able to create new managed AD domains in classic virtual networks anymore. Resource manager-based virtual networks will be the only supported deployment model for newly created managed AD domains.
  2. Migration process for existing managed AD domains: We do plan to support a migration process for existing managed AD domains, so you can easily switch from a classic virtual network to a resource manager-based virtual network. We’ll have more details on that process in the coming weeks.

We want to hear from you!

As always, your feedback is very important to us! Please share your comments, questions, or concerns on our discussion forum, send us an email at aaddsfb@microsoft.com, or comment below. We’re listening!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

Office 365 compliance issues deserve your attention

It’s no longer enough to evaluate email servers on just the basic features. Cyberattacks and data leaks are on the rise, and the explosive growth of data means IT admins must reconsider security protections and compliance concerns in their email servers.

Those worries are acute for a business considering a move from an on-premises platform to Microsoft Office 365. Admins should be aware of the potential challenges that await once their company’s data migrates to the cloud, such as Office 365 compliance.

Businesses routinely accumulate vast quantities of data, and that increases regulatory pressures to protect digital assets. Exchange admins were accustomed to managing the security and compliance of just one workload on premises; in the cloud, the number of workloads mushrooms, and the list of Office 365 services that contain company data includes SharePoint, Skype and OneDrive. With Office 365, IT admins are responsible for data governance, and they need to consider new areas of security and compliance.

Microsoft invests $1 billion annually in cybersecurity research and development. The company regularly introduces new features and enhancements for Office 365 security. IT admins can use these modern accoutrements as ammunition to convince their business that it is worth the investment. But before making the move, administrators must address important questions about Office 365 compliance and security.

Navigate Office 365 compliance aspects

With Office 365, IT administrators have one common information protection layer.

Microsoft moved away from a decentralized administration model for on-premises Exchange, where each workload in the platform had its own security and compliance management console. There is now one centralized portal where admins can see all aspects of Office 365 compliance and security.

This portal offers admins a single place to set up and configure the policies related to Office 365 areas, such as SharePoint, OneDrive and email messages. Admins can also use the Office 365 Admin mobile app to access the management console and make adjustments on the go.

Make a data governance plan

As an important preliminary step, many early Office 365 adopters advise IT admins to put together a data governance plan. You’ll want all the policies needed to meet the business requirements in place before the data migrates. The Microsoft FastTrack team or third-party vendors can assist.

With on-premises Exchange, admins’ only compliance concern is with email messages. But for Office 365 compliance, admins must consider data elsewhere, such as Skype for Business, files and SharePoint content, that Microsoft’s data centers manage and store. IT administrators need to expand the scope of their compliance and security policies beyond Exchange and set policies for other workloads. Office 365 offers flexibility and enables some policies to be applied to multiple workloads; this eliminates the duplication of work when creating specific compliance policies.

IT admins are used to digging through troves of user activities and system logs to identify compliance and security issues. Office 365 eases that burden and offers incident and auditing capabilities, such as searchable audit logs, that are easy to use and navigate. IT administrators can now receive alerts on data deletions, departure of sensitive content to external users, or when a user signs in from a risky IP address.

Know what else is covered

In addition to features that protect and monitor compliance in services such as SharePoint, OneDrive and Skype for Business, Microsoft announced in 2017 it will extend that ability to some external data as well. The Advanced Data Governance feature in Office 365 enables administrators to ingest external data from places such as Facebook, Bloomberg, Twitter and LinkedIn; store it within Office 365 cloud storage; perform searches; and apply compliance policies to it.

Intelligence-infused services are nothing new to Microsoft, which seems to recognize the importance of artificial intelligence and how it enables administrators to perform smarter searches and detect abnormal activities. Advanced Threat Protection, Advanced eDiscovery, automatic data classification, and Advanced Security Management use AI to assist with early detection, discovery and prevention.

Manage security needs quickly

An on-premises environment typically requires admins to spend time managing multiple security and compliance platforms. With Office 365, IT administrators have one common information protection layer; a centralized administration portal manages all security and compliance needs for cloud workloads.

Surprisingly, these security components don’t require much from IT, as the tools and intelligence services automate, detect and remedy many issues that admins traditionally handled manually. Not only is there a more comprehensive security layer, but IT admins have more time to efficiently adapt to external threats.

The base Office 365 packages do not include every security and compliance feature. Determine which features your business needs and whether they require licenses to enable advanced capabilities. While Office 365 E5 includes several advanced security and compliance features, there are others — such as advanced threat analytics and Azure Active Directory premium services — that Microsoft considers add-ons, which will cost extra.

As more businesses move their email servers to the cloud and adopt cloud-based workloads within Office 365, there is demand for better visibility and improved security. IT administrators recognize they must adjust their security and compliance practices. But that brings the challenge of relying on one vendor and trusting it with the data. So far Microsoft has taken appropriate steps to invest in its Office 365 compliance and security capabilities, and all IT administrators can do is implement the recommended services based on best practices and recommendations.

Lost and found: Use an Exchange recovery database to restore data

deleted an important email or to satisfy a request from a lawyer or regulator.

A company that runs Exchange 2016 off a single server in a branch office or lacks a database availability group can tap into the Exchange recovery database to restore information, messages and other items from mailboxes. Recovery databases are special mailbox stores that are accessible only to administrators; they exist solely to obtain deleted email or other items from a production Exchange mailbox.

Execute the email recovery process

Recovery databases are special mailbox stores that are accessible only to administrators; they exist solely to obtain deleted email or other items from a production Exchange mailbox.

The email message restoration process involves a few steps. The administrator creates a new database object on the Exchange deployment and identifies it as a recovery database. The admin then restores a production database into the recovery database, which copies the data from a backup into the new recovery space. After that, Exchange reads from the mounted database. Finally, the admin runs mailbox recovery requests to bring data from the mounted recovery database into the corresponding mailbox or mailboxes — or different mailboxes or archives — to the production side.

Build the Exchange recovery database

Create the new database to hold the content we want to retrieve with the PowerShell command below. The –Recovery flag instructs Exchange that this database should not be treated as a typical mailbox database.

New-MailboxDatabase -Server EXCHANGE2016 -Name MyRecoveryDatabase -Recovery -EdbFilePath c:exchange.edb -LogFolderPath c:logs

Next, restore the production Exchange database with software or the other backup processes. For example, administrators who use Windows Server Backup would pick the location of the backup files and the date of the backup, and then choose Files and Folders to locate the database file (EDB) and the log files associated with the database. The administrator would then restore files to the locations used in the PowerShell command above to create the Exchange recovery database.

Next, use the ESEUtil utility to put the database in a readable condition. Find the location of the recovery database, and run the following at the command prompt:

eseutil /r log_file_base_name /l c:path_to_log_files /d c:path_to_database

Run the command below from the database directory to make sure the State field says Clean Shutdown, which indicates a successful recovery.

eseutil /mh databasename.edb

Next, use the name of the database to mount it with this command:

Mount-Database MyRecoveryDatabase

Once the database mounts, choose from one of the following restore options:

  • Restore content from a mailbox on the recovery database to an identical mailbox on the production database;
  • Restore content from the recovery database to an archive database;
  • Restore content from one mailbox on the recovery side to a different mailbox on the production side; or
  • Restore specific folders from within a mailbox into a corresponding mailbox, a different mailbox or a target archive mailbox.

Here are some sample commands that illustrate the required PowerShell syntax:

New-MailboxRestoreRequest -Name “Tim Jones Restore” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Tim Jones” -TargetMailbox “Tim Jones”

New-MailboxRestoreRequest -Name “Tim Jones Restore” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Tim Jones” -TargetMailbox “Tim Jones” –TargetRootFolder “Your Restored Items”

New-MailboxRestoreRequest -Name “Susan Smith Restore” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Susan Smith” -TargetMailbox “Susan Smith” –TargetIsArchive  –TargetRootFolder “Restored Items In Your Archive”

New-MailboxRestoreRequest -Name “Susan Smith to New Info Mailbox” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Susan Smith” -TargetMailbox “General Info” -TargetRootFolder “Susan Smith Items” -AllowLegacyDNMismatch

New-MailboxRestoreRequest -Name “Tim Jones Recovery of Acme Matter Content” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Tim Jones” -TargetMailbox “Tim Jones” -IncludeFolders “Acme Litigation/*”

To restore content from the built-in folders, surround the folder names with hashtags — for example, #Inbox# or #Deleted Items#.

How to handle a conflict

When restoring a previous version of an item, the same name of the item already exists in the destination mailbox. The administrator needs to dictate which action to take and what data to keep — the item from the recovery mailbox, the item with the latest date or everything and allow duplicates. Use the –ConflictResolutionOption PowerShell parameter to set these options:

New-MailboxRestoreRequest -Name “Tim Jones Restore” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Tim Jones” -TargetMailbox “Tim Jones” –ConflictResolutionOption KeepSourceItem

New-MailboxRestoreRequest -Name “Susan Smith Restore” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Susan Smith” -TargetMailbox “Susan Smith” –TargetIsArchive  –ConflictResolutionOption KeepLatestItem

New-MailboxRestoreRequest -Name “Susan Smith to New Info Mailbox” -SourceDatabase MyRecoveryDatabase -SourceStoreMailbox “Susan Smith” -TargetMailbox “General Info” -TargetRootFolder “Susan Smith Items” –AllowLegacyDNMismatch –ConflictResolutionOption KeepAll

After the restoration process, remove the mailbox restore requests. Completed requests remain in a queue for auditing purposes, so remove them to prevent current requests from mixing with completed ones. The first line displays the current requests to ensure the administrator selects the correct ones, while the second line removes them.

Get-MailboxRestoreRequest

Get-MailboxRestoreRequest | Where Status -eq Completed | Remove-MailboxRestoreRequest

The final step is to delete the Exchange recovery database to free up the disk space using these commands:

Dismount-Database MyRecoveryDatabase

Remove-MailboxDatabase MyRecoveryDatabase

Powered by WPeMatico

Educate users to avert email phishing attacks

Cybercriminals use more sophisticated and efficient email phishing methods to attack businesses, forcing IT teams…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

to protect systems from frequent and costly data breaches and infections. But security tools aren’t enough to stop advanced threats.

Ransomware and other malicious code often slip through the IT defensive perimeter — despite IT’s best efforts. Several recent attacks occurred when unsuspecting users clicked on a link or opened an email attachment that ran malicious code and infected the computer. IT departments use several tools to reduce these threats, but attackers shift tactics constantly and not all security components can block every threat.

Don’t rely on technology; take a more human approach to defend the business and educate users. These four critical steps will build a successful security culture and awareness within an organization.

Create a human security layer

To bolster protection, train and educate employees of lurking threats, which come in different flavors and different approaches.

Chief information security officers recognize that no single security initiative or measure will block every threat; those tactics exist to diminish the risks associated with an attack. Even with security tools, unsuspecting users could inadvertently give away credentials and cause a data breach.

To bolster protection, train and educate employees of lurking threats, which come in different flavors and different approaches. To prepare employees, must teach them what to look for in phishing attempts and what to avoid in email messages. Some organizations make it mandatory or part of a yearly review to address security.

Perform regular security audits

IT performs audits to uncover security gaps within the environment. In addition to performing a technical audit, use a third-party service, such as KnowBe4, to send a fake spear phishing attempt via email to all users. The service then reports back to IT on who responded or clicked on the links. IT can give those employees additional training.

Open up feedback to collect and document new threats

With email attacks, cybercriminals pose as an employee or encourage the end user to open a document or link. As attack strategies continuously evolve, IT must keep up to date on new methods before it can devise a strategy to defend against them. Encourage users to self-report some email messages with a designated IT resource. This helps the organization catalog attack methods.

Provide frequent security reminders

Create regular reminders and routinely schedule lessons to ensure security remains top of mind for all end users. Build different security campaigns — periodically send out newsletters and post videos that warn of recent threats and provide email security tips. This reminds users to be proactive to protect themselves from attacks.

Organizations implement security awareness to mitigate the risks of infections or data breaches that come with email attacks. No single security system will block all threats that arrive via email; end users that know what to look for are less likely to fall victim to an attack.

Cybercriminals use more sophisticated and efficient email phishing methods to attack businesses, forcing IT teams to protect systems from frequent and costly data breaches and infections. But security tools aren’t enough to stop advanced threats.

Ransomware and other malicious code often slip through the IT defensive perimeter — despite IT’s best efforts. Several recent attacks occurred when unsuspecting users clicked on a link or opened an email attachment that ran malicious code and infected the computer. IT departments use several tools to reduce these threats, but attackers shift tactics constantly and not all security components can block every threat.

Don’t rely on technology; take a more human approach to defend the business and educate users. These four critical steps will build a successful security culture and awareness within an organization.

Create a human security layer

Chief information security officers recognize that no single security initiative or measure will block every threat; those tactics exist to diminish the risks associated with an attack. Even with security tools, unsuspecting users could inadvertently give away credentials and cause a data breach.

To bolster protection, train and educate employees of lurking threats, which come in different flavors and different approaches. To prepare employees, must teach them what to look for in phishing attempts and what to avoid in email messages. Some organizations make it mandatory or part of a yearly review to address security.

Perform regular security audits

IT performs audits to uncover security gaps within the environment. In addition to performing a technical audit, use a third-party service, such as KnowBe4, to send a fake spear phishing attempt via email to all users. The service then reports back to IT on who responded or clicked on the links. IT can give those employees additional training.

Open up feedback to collect and document new threats

With email attacks, cybercriminals pose as an employee or encourage the end user to open a document or link. As attack strategies continuously evolve, IT must keep up to date on new methods before it can devise a strategy to defend against them. Encourage users to self-report some email messages with a designated IT resource. This helps the organization catalog attack methods.

Provide frequent security reminders

Create regular reminders and routinely schedule lessons to ensure security remains top of mind for all end users. Build different security campaigns — periodically send out newsletters and post videos that warn of recent threats and provide email security tips. This reminds users to be proactive to protect themselves from attacks.

Organizations implement security awareness to mitigate the risks of infections or data breaches that come with email attacks. No single security system will block all threats that arrive via email; end users that know what to look for are less likely to fall victim to an attack.

Next Steps

Train employees to ward off attacks

Test your Office 365 Advanced Threat Protection knowledge

Respond quickly to a malware attack

Powered by WPeMatico

NYC students get Office 365 for free, Microsoft welcomes Sunrise, soldiers schooled in civilian skills – Weekend Reading: Feb. 13th Edition

It was a week of honors, awards and an acquisition. It was a week in which one more group of soldiers completed training that will help them transition from military life to the world of civilian IT. And it was a week where students in the nation’s largest city learned they’re getting free access to productivity software that will help them prepare for college and the workplace.

New York City public schools announced Office 365 is being made available, for free, to its 1.1 million students, as well as to teachers. New York City’s Department of Education, in collaboration with the City Council, is providing the Office 365 ProPlus benefit, which gives students and teachers up to five downloads of the latest versions of Microsoft Word, Excel, PowerPoint, OneNote, Outlook, Access and Publisher, along with anywhere, anytime access. “With free at-home access to the same tools students use at school, classroom assignments will no longer be confined to the classroom,” says Anthony Salcito, Microsoft vice president, Worldwide Public Sector Education.

Microsoft acquired Sunrise, provider of popular next-generation calendar app for iOS and Android. The acquisition, in addition to Microsoft’s recent acquisition of Acompli and the new touch-optimized universal Office apps for Windows 10, “all exemplify Microsoft’s ambition to rethink the productivity category,” says Rajesh Jha, Outlook and Office 365 corporate vice president. “Our goal is to create more meaningful, beautiful experiences in mobile email and calendaring across all platforms.”

A fourth group of soldiers graduated from the Fort Hood Microsoft Software and Systems Academy (MSSA). The academy is a 16-week course that prepares service members to transition to civilian life. In addition to being offered at the Texas base, MSSA is available at Joint Base Lewis-McChord in Washington state and at Camp Pendleton in California. For Sgt. Cole McBride, one of this week’s grads, it was the death of a close friend in the military that drew him to serve his country in the first place. And during his service, he developed a deep interest in the field of computer science.

MSSA, military, education

Sgt. Cole McBride credits his wife as his biggest supporter as he readied himself and his family for his civilian transition. He is one of the new graduates of the Microsoft Software and Systems Academy at Fort Hood in Texas.

On another continent, we learned about a young man whose life was heading in a bad direction before he turned it around. Wanderson Skrock grew up in a slum outside Rio de Janeiro, Brazil. As a young teen, he sold drugs, and he was imprisoned twice. During his second sentence, he took a course offered through a Microsoft partner, Center for Digital Inclusion. It changed his life, and the lives of others, for the good. After he got out of prison, he became a computer instructor for the center, and now teaches children and teens from backgrounds similar to his. Microsoft recently named Skrock one of its global YouthSpark Youth Advisors, who will help the company create programs, partnerships and resources that meet the needs of youth around the world.

When Vinny Pasceri’s friend and fellow Microsoft employee went missing last fall, Pasceri was driven to try to do more than post search information online. He wanted to come up with a way help others in the same situation, especially those with special needs children, and with the assistance of his fellow coworkers, created a new kind of tracking system. The result is Lighthouse, which tracks proximity to a caregiver through Bluetooth Low Energy. With Lighthouse, a student wears a beacon in a wristband or other small device. The beacon is linked to an app on the phone of every teacher and specialist on the student’s schedule. The app registers when the student is within range of each caregiver. It sends a missing alert if the student is out of range. Lighthouse won a first-place award in the 2014 Global Startup Battle, considered the largest startup tournament in the world, with 25,000 international participants last year.

app, children, safety

The Lighthouse team includes, from left, Jeff Davis, Tanya Dastyar, Vinny Pasceri and John Griffin. Not pictured: Liang Frank Chen and Louisa Fan. Photo by Scott Eklund, Red Box Pictures.

Microsoft is among the companies that will be honored by the American Foundation for the Blind with a 2015 Access Award in April. Microsoft is receiving props for its “huge efforts to advance accessibility in computing by increasing access to the popular Window-Eyes screen reader and by supporting the needs of customers with disabilities through a dedicated technical support service,” the foundation says. Meanwhile, Microsoft researcher and Distinguished Scientist Richard Szeliski has received one of the highest honors accorded to an engineer — election to the National Academy of Engineering — “for contributions to computer visioncomputer graphics and interactive image and video rendering.”

Early happy Valentine’s Day! No matter whether the source of your affection is Fido, feline, friends or family (or all of them), there are plenty of apps to help you celebrate. The Happy Valentine’s Day collection in the Windows Phone Store has gathered 30 apps for one-stop installing, such as the free Tom’s Love Letters (also available in the Windows Store), which provides Talking Tom and Talking Angela – the cutest-virtual-kitties-ever – as your personal Cupids. It’s got 19 romantic digital cards and four catchy love songs from which to choose. Valentine turns your phone into fantasy of hearts and roses, with more than 40 wallpapers, and lots of ideas for romance and gift suggestions. You can also find good anytime entertainment with “Wheel of Fortune” for Windows Phone, PCs and tablets. Catch up on NPR news with the free NPR One app, available on Windows Phone, PCs and tablets. And be sure to check out the revamped Weather Channel app – with better search, a new user interface and upgraded video player – for Windows PCs and tablets.

apps, Valentine's Day

From left, Tom’s Love Letters, Valentine’s Texter and Love.

This week on our global adventure to find people who #DoMore on the Microsoft Instagram page, we met Julia Streets, who worked in the London PR world for years, but took a break to pursue her passion for comedy. Now she does both.

Instagram, #DoMore

Thanks for checking out this edition of Weekend Reading. We’ll see you next Friday!

Posted by Suzanne Choney
Microsoft News Center Staff