Friday turned out to be a tinker day, one of those where you come home a little wiser than when you left 🙂
In production we have some HPE servers running large data collections, something I guess would qualify as big-data. They are based on CentOS 7.2 and each have a data volume of 15TB that was running low.
The last couple of days there has been a lot of talk about the latest vulnerabilities affecting all modern CPU’s. This should be a concern for all of us as they have been proven to be somewhat easily exploitable and it is just a matter of time before targeted exploits are found in the wild.
Or maybe the title should have been “How to correctly license Microsoft Server 2016 in a virtual environment”
I know it’s not a new thing and there are many sites describing the procedure on how to find out what license packs you need when having to license correctly with the changes made to the license model beginning with Server 2016.
I found this little thing on my pc that I did almost three years ago.
In this guide we will go through the steps required for getting 802.1x authentication up and running on a single server that only has the domain controller role installed.
Last week I was tasked with expanding the raid array on some of our serveres running CentOS on a Hewlett Packard Enterprise ProLiant DL380 Gen9 platform. Here is what I have found.
Christmas is just around the corner and the year is coming to a close.
Usually this last quarter is one of the busiest of the year for the companies as the last orders needs to be closed before the financial year closes.
So when January comes we should be filled with renewed energy and a lot of new years resolutions that needs to be fulfilled.
One of them could be how to advance our skillset, maybe get inspired to take on new projects to move the business forward or simply just meet some old or maybe new friends and get a feeling of what direction the industry is heading in 2018.
Here are a couple of the “must attend” events in the first quarter of 2018, both in Copenhagen.
One of the things we found after moving the mail to Office 365 is that sometimes mail will get moved to the Junk mail folder even though the Exchange Online spam filter and Outlook configuration was modified in a way that would allow mail to arrive in the Inbox.
So what is happening?
Although we have changed the configuration in Outlook and Exchange Online, we still have a junk email rule per mailbox in Exchange. This behaviour has been present since Exchange 2010 but we are seeing this becoming an issue when mailboxes are being migrated from on-premises (where it have been disabled) to Exchange Online that have the junk email configuration enabled by default.
Therefore we need to connect to Exchange Online through powershell and use the Set-MailboxJunkEmailConfiguration cmdlet to change the settings for each mailbox.
The quick and dirty command is:
Set-MailboxJunkEmailConfiguration <user> -Enabled $false
Microsoft actually has a great writeup on the subject here: https://technet.microsoft.com/en-us/library/bb123559(v=exchg.160).aspx
It is worth mentioning that this setting can also be changed from the users web mail.
In this second part we will focus on the LogRhythm configuration and use the informations obtained in the first part of the series, Preparing Azure AD (Office 365) for SIEM Integration. This will complete the integration and allow us to obtain audit logs directly from Azure and Office 365 into our SIEM solution.
Office 365 (O365) allows customers to host their Office solution in the Microsoft cloud. With the proper credentials and configuration, it’s possible for the LogRhythm System Monitor to collect O365 management events from the following applications through the Office 365 Management Activity API:
- Azure Active Directory (Azure AD)
Lately I have been asked how we see mail protection when migrating from an on-premises exchange solution to Office 365 (Exchange Online).
Before we begin, we should observe what is what when discussing these new services.