Notepad++ is commonly used by developers, system administrators, and IT teams to manage scripts, configuration files, and technical workflows. Because of its popularity and trusted reputation, any issue affecting its update process deserves attention, even from organizations that don’t consider themselves high-risk targets.

This is one of the reasons many businesses rely on Managed IT Services instead of reacting to security issues after an incident has already occurred.

What Happened?

Notepad++ released a security advisory confirming that its infrastructure was compromised, allowing attackers to intercept traffic and inject malicious updates into the software distribution process. This type of incident is known as a supply chain attack, where attackers compromise a trusted source rather than targeting individual organizations directly.

Based on the information available, the compromise occurred between June 2025 and December 2, 2025. During that window, users who installed or updated Notepad++ may have unknowingly downloaded a version that had been tampered with.

At the time of writing, investigations are still ongoing, and the full scope of the attack has not been completely confirmed. Because of that uncertainty, security professionals are advising organizations to take a cautious approach and assume potential exposure if the software was installed during the affected period.

Reference Articles:
Notepad++ has published an official update outlining the incident, which can be reviewed in the Notepad++ security advisory.
Additional technical details and context are available in a third-party SOC Radar analysis of the compromised infrastructure.

Why Supply Chain Attacks Are a Bigger Risk Than Many Realise

Supply chain attacks are effective because they take advantage of trust. When a tool is widely used and considered safe, updates are often installed without a second thought. Security tools may not immediately flag the activity because the software appears legitimate.

In situations like this, attackers may gain:

• Access to systems without triggering obvious alarms
• Visibility into credentials or configuration files
• A foothold that can be used later for deeper access

Even organizations with strong perimeter security can be impacted if compromised software is introduced internally.

Vulnerabilities like this highlight the importance of Managed IT Security that actively monitors endpoints, applies updates, and responds to threats in real time.

Who Should Be Paying Attention?

This incident isn’t limited to large enterprises or development teams. Businesses should review their environment if any of the following apply:

• Notepad++ was installed or updated between June 2025 and December 2, 2025
• The software is used by developers, administrators, or technical staff
• Notepad++ was used to edit scripts, manage configuration files, or handle credentials
• The application exists on systems with elevated privileges

Even if nothing unusual has been noticed, it’s still worth taking the time to verify and review.

In situations like this, an IT Security Audit & Vulnerability Analysis can help confirm whether systems were exposed and identify any follow-up actions needed.

Practical Steps Businesses Should Take

Check Installed Versions

The first step is identifying whether Notepad++ is installed anywhere in your environment. If it is, confirm the version number. Any version older than 8.9.1 should be updated immediately using the official release.

Updating alone doesn’t guarantee safety, but it removes known exposure related to the compromised distribution period.

Review Credential Usage

One of the biggest risks in incidents like this is credential exposure. If Notepad++ was used to manage or store sensitive information, those credentials should be treated as potentially compromised.

This includes:

• SSH keys
• FTP credentials
• Database usernames and passwords
• Administrative or service accounts

Rotating credentials may feel inconvenient, but it’s a necessary step to limit potential damage. As an added precaution, businesses should consider resetting other critical passwords, even if they were not directly tied to Notepad++.

Perform Endpoint Review and Scanning

Affected systems should undergo endpoint review and scanning to ensure there is no lingering malicious activity. This is especially important for machines used in development, infrastructure management, or administrative roles.

Endpoint security tools, log reviews, and manual inspection can help determine whether the compromise extended beyond the application itself.

Managed vs. Unmanaged IT Environments

Incidents like this often highlight the difference between managed and unmanaged IT environments.

In managed environments, systems are typically monitored continuously, updates are tracked centrally, and security tools can flag unusual behavior more quickly. This makes it easier to identify potential exposure and respond faster.

In unmanaged environments, identifying affected systems often requires manual effort, approvals, and outside support. That extra time can increase risk, especially if issues go unnoticed.

Regardless of setup, every organization benefits from having a clear plan for responding to security advisories and software vulnerabilities.

Why This Matters Beyond Notepad++

This incident isn’t just about one application. It’s a reminder that even trusted tools can become attack vectors. Supply chain compromises are increasingly common because they allow attackers to reach many organizations at once.

For businesses, the takeaway is simple:

• Keep software updated
• Limit credential exposure
• Maintain visibility across endpoints
• Respond quickly when advisories are released

Having reliable Backup Solutions in place ensures that critical data can be restored quickly if a compromise leads to corruption, loss, or system failure.

Security isn’t about eliminating risk entirely. It’s about reducing exposure and responding effectively when issues arise.

Final Thoughts

Notepad++ is a useful and widely trusted tool, but this incident shows how quickly trust can be exploited. Taking a proactive approach now can help prevent larger problems later.

If you’re unsure whether your environment is affected or needs help reviewing systems, credentials, or endpoint activity, working with an experienced IT provider can bring clarity and reduce uncertainty.

A tested Disaster Recovery strategy helps organizations recover faster and minimize downtime when incidents escalate beyond initial containment.

Staying informed and acting early is often the difference between a minor issue and a serious security event.

The post What Businesses Need to Know About the Recent Notepad++ Security Compromise appeared first on Clearwater, St Petersburg, Tampa Fl..

Sonicwall Firewalls and SMA (Secure Mobile Access) network appliances are among the leading firewall and VPN remote access solutions and brand in the world. They have always been known for their stability, very comprehensive feature list, extensive options for customization yet their interface has always been one of the easiest for any IT professional to learn and use.

This comprehensive guide provides detailed instructions for:

• Downloading, installing, and configuring SonicWall Netextender and MobileConnect SSL VPN clients on both Windows PC (NetExtender) and Mac (MobileConnect)
• MFA / TOTP setup
• Remote Desktop connection procedures
• Troubleshooting tips for the above procedures.

NetExtender Setup for Windows PC

Step 1: Download NetExtender

1. Visit the official SonicWall VPN clients page: https://www.sonicwall.com/products/remote-access/vpn-clients/
2. Locate the NetExtender section
3. Select the appropriate Windows version (32-bit or 64-bit)
4. Click Download to save the installer file (typically named NetExtender-x64-10.3.x.msi or similar)

Step 2: Install NetExtender

1. Locate the downloaded installer file in your Downloads folder
2. Double-click the installer file to begin installation
3. If prompted by Windows User Account Control (UAC), click Yes to allow the installation
4. In the Setup Wizard welcome screen, click Next
5. Read and accept the License Agreement by selecting “I accept the terms of the License Agreement”, then click Next
6. Accept the default destination folder or browse to select a different location, then click Next
7. Choose shortcut options (Desktop, Start Menu, Quick Launch bar) – these are typically pre-selected
8. Click Install to begin the installation process
9. If prompted with a Windows Security dialog asking about device software installation, click Install
10. Uncheck the option to run NetExtender immediately if present, as a reboot is required
11. Click Finish and restart your computer when prompted

Step 3: Configure NetExtender Connection

After restarting your computer:

1. Launch NetExtender from the desktop shortcut or Start menu
2. Configure the connection settings with the following information:
   • Server: IP Address or domain name (we recommend a domain name), include your customized port at the end like this if using one: 4433
   • Username:
   • Password:
   • Domain: LocalDomain (case-sensitive) – this is the default domain but we recommend changing it.

Important: All fields are case-sensitive, so ensure exact spelling and capitalization.

MobileConnect Setup for Mac

Step 1: Download MobileConnect from Mac App Store

1. Click the App Store icon in your dock or Applications folder
2. In the search field, type “SonicWall Mobile Connect” and press Enter
3. Select SonicWall Mobile Connect from the search results
4. Click Free then Install (you may need to enter your Apple ID credentials)
5. Wait for the installation to complete – the app icon will appear in Applications folder and Launchpad

Step 2: Configure MobileConnect Connection

1. Launch SonicWall Mobile Connect from Applications or Launchpad
2. Since this is your first launch, select “Add connection” from the Connection dropdown
3. Configure the connection with the following details:
   • Name: Enter a descriptive name (e.g., “Dream Office Solutions”)
   • Server: IP Address or domain name (we recommend a domain name), include your customized port at the end like this if using one: 4433
4. Click Next
5. Mobile Connect will attempt to contact the server
6. If successful, enter your credentials:
   • Username:
   • Password:
   • Domain: LocalDomain (case-sensitive)

Important: All fields are case-sensitive, so ensure exact spelling and capitalization.

7. Click Save to create the connection

Step 3: Handle Certificate Warnings

If you receive a certificate verification warning:

1. Click Show Certificate
2. Select the trust disclosure triangle
3. In the “When using this certificate:” dropdown, select “Always Trust”
4. Click Continue and enter your Mac’s administrator password when prompted

TOTP (Two-Factor Authentication) Setup

Before connecting with either NetExtender or MobileConnect, you must set up TOTP authentication.

Step 1: Install Authenticator App

Download and install one of the following TOTP-compatible apps on your mobile device:

• Microsoft Authenticator (recommended)
• Google Authenticator
• Duo Mobile
• Free-OTP

Step 2: Initial TOTP Binding

Important: You must complete this process through the Virtual Office portal before using NetExtender or MobileConnect.

1. Open your web browser and navigate to: https://domainname.com:4433
2. Enter your username and password provided by ProTek IT Solutions
3. After successful login, you will be presented with:
   • A QR code for binding your authenticator app
   • An Emergency Scratch Code – Save this code securely as it’s the only way to login if your mobile device is lost or reset

Step 3: Scan QR Code

1. Open your authenticator app on your mobile device
2. Look for an option to “Add Account” or “Scan QR Code”
3. Point your device’s camera at the QR code displayed on your computer screen
4. The app will automatically recognize and add the account (typically labeled “SNWL”)
5. The app will now display a 6-digit code that refreshes every 30 seconds

Step 4: Complete Binding Process

1. In the 2FA Code field on the Virtual Office portal, enter the current 6-digit code from your authenticator app
2. Click Continue or Login to complete the binding process
3. You should now see access to download NetExtender or other resources

Connecting with TOTP Authentication

For NetExtender (Windows)

1. Launch NetExtender and click Connect
2. If prompted with a security alert, click Always Trust
3. A separate authentication window will appear asking for an authentication code
4. Open your authenticator app and find the 6-digit code for this account
5. Enter the current 6-digit TOTP code in the Password field of the authentication window
6. Click OK to establish the SSL VPN connection

For MobileConnect (Mac)

1. Select your saved connection from the dropdown
2. Click Connect
3. Enter your username and password when prompted
4. When prompted for the TOTP code, open your authenticator app
5. Enter the current 6-digit code from your authenticator app
6. Click Login to establish the connection

Remote Desktop Connections

Once successfully connected via NetExtender or MobileConnect, you can access internal resources using Remote Desktop.

Step 1: Open Remote Desktop Connection

On Windows:

1. Press Windows Key + R to open the Run dialog
2. Type “mstsc” and press Enter
3. Alternatively, click Start and search for “Remote Desktop Connection”

Step 2: Connect to Target Servers

You can connect to either of the following servers:

SERVER NAME 01:

1. In the Computer field, enter: 168.0.10
2. Click Connect
3. Enter your credentials when prompted
4. Click OK to establish the connection

SERVER NAME 02:

1. In the Computer field, enter: 168.0.11
2. Click Connect
3. Enter your credentials when prompted
4. Click OK to establish the connection

Step 3: Handle Security Warnings

If you receive a security certificate warning:

1. Click Yes to continue the connection
2. The remote desktop session will open, displaying the desktop of the target server

Troubleshooting Common Issues

Computer repair composition with maintenance and technology symbols flat vector illustration

Connection Issues

• Certificate errors: Click “Always Trust” or “Accept” when prompted
• TOTP binding errors: Ensure you’ve completed the initial binding process through the Virtual Office portal
• Authentication failures: Verify username, password, and domain are entered exactly as provided (case-sensitive)
• Time sync issues: Ensure your mobile device’s time is synchronized correctly for TOTP codes

Performance Issues

• Restart NetExtender if the connection becomes unstable
• For Mac users, ensure SonicWall Mobile Connect has necessary network permissions

Important Security Notes

1. Never share your authenticator app or emergency scratch codes with others
2. Keep your emergency scratch code secure – it’s your only backup if your mobile device is lost
3. TOTP codes expire every 30 seconds – ensure you enter them promptly
4. Domain field is case-sensitive – enter “LocalDomain” exactly as shown
5. Only one active RDP session is typically allowed per user account

Following these detailed instructions will ensure successful setup and connection to the Dream Office Solutions network through either NetExtender or MobileConnect, with proper TOTP authentication and Remote Desktop access to the specified servers.

The post SonicWall VPN Setup Guide: NetExtender and MobileConnect Configuration appeared first on Clearwater, St Petersburg, Tampa Fl..

(This topic is centered around Microsoft 365 hosted emails but applies to other mail providers.)

PHISHING/SPOOFING EMAIL DEFINED:

A phishing/spoofing email is a fraudulent email that a cybercriminal has designed to fool end users and employees into thinking the email is legitimately from another employee, vendor, boss or friend. Most examples of phishing emails will be accomplished by a false email address hidden by a fake “display name”, such as “Boss’s Name” will be displayed at the top of the email before a fake email address such as “bosssname446@hotmail.com or bosssname@companydomain.ru – using a different domain extension like “.ru”, instead of .com. Or purchasing a domain name that is very similar to your company’s domain name, such as “acmeconstruction.com” could be spoofed with “acmeconstructoin.com” – you can see that its very slightly misspelled but many employees will miss that.

The above examples are just the tip of the iceberg in the realm of spoofing/phishing emails. Hackers and cybercriminals will do their “due diligence” and research into a company to find out details about employees, executive heirachy, accounting personnel and will also dig into the dark web for information about the company so that they can get a foothold into your network or email system.

In other instances they will devise a new way to get around spam filters and then send out millions of spam emails to their email lists until spam filters get around to figuring out how they are being bypassed.

WHAT BUSINESSES CAN DO TO PREVENT SPOOFING/PHISHING EMAILS:

We have seen that most small business are not properly setup to prevent spoofing emails, they might have one or two of the 8 or so processes implemented, and in some cases have none of them implemented.

Email anti-spam filters have long been lacking in the ability to detect and prevent phishing/spoofing attacks due to the emails themselves containing no actual red-flags that any software algorithm can detect (sketchy links, spam like attributes, malicious files). So while preventing spam/malware can in theory be largely accomplished through licensed advanced filters (either Microsoft or 3^rd party like Barracuda, Vipre, Proofpoint, etc.), the question of how to reduce and prevent phishing and spoofing attacks is more complex and requires several layers of defense each of which I will go into below:

KEY POINTS SUMMARIZED:

• Enable SPF Hard Fail
• Enable DKIM with Quarantine or Reject DMARC Policy
• Harden your email host server’s email security policies
• Turn of Microsoft Direct Send
• Stop using 3^rd party filters that rely on Connectors and MX relay, and instead use your email host server’s solution or one that truly integrates and keeps up with  modern detection capabilities OR –
  • Thoroughly configure the 3^rd party filter to properly bypass the checks your mail server will do, and ensure that the 3^rd party filter’s settings are all enabled to properly reject dmarc/spf fails, and ensure that the mail server has it’s own settings enabled
• Set up External Sender Banners
• Conduct User Awareness Training
• Consider Geo-Fencing Inbound Email

SPF (Sender Policy Framework)

INITIAL NOTES:

SPF is still needed and used but DKIM (mentioned next) is becoming the more modern go to for mail senders to authenticate with as an allowed sender for a domain. Many modern mail send solutions (like SendGrid, Mailchimp, etc) don’t even mention SPF when adding a domain to their system, since DKIM is trusted over SPF and receiving mail hosts will typically accept inbound mail where DKIM passes even if SPF fails. This is true even when hard fail is enabled. That said, there is a difference between what SPF and DKIM are doing, where DKIM is authenticating a sending source server via encrypted keys and SPF is verifying the sending source by IP or Domain.

FUNCTIONS:

• SPF soft fail tells receiving mail hosts that if the inbound email fails the SPF check to route mail to usually spam or junk
• SPF hard fail tells receiving mail hosts that if inbound email fails the SPF check to reject the mail completely.

CAVEAT(S):

• What the receiving mail host actually does with the inbound email when it fails its SPF check (sending IP is not in the sending domain’s SPF record) is not a given. Every mail provider has different settings and makes its own decision.

SPF hard fail could be completely ignored(!) if some or all other checks that the receiving server is doing check out (pass).

As mentioned, for example, if DKIM passes, then this typically overrules SPF. Which makes sense since if DKIM is set up and passing, it’s your trusted source send server.

However, other criteria of the email and its sender may also be evaluated by the receiving server, for example in Microsoft’s case we saw this in action where the sending domain and server was trusted, and the email made it through all of Microsoft’s (albeit basic, unlicensed, unconfigured/lowest strength) spam/phishing/virus checks. The sender utilized a spoofing technique involving sending out from Microsoft’s servers using its Direct Send feature (more on this later).

So even though SPF hard fail was on, the email did not pass the SPF check, and DKIM was not configured, the email still arrived.

TAKEAWAY:

SPF Hard fail is not doing all it may appear to be and is not enough to stop spoofing attacks, but can and should still be used in conjunction with DKIM and other prevention methods.

DKIM & DMARC

INITIAL NOTES: Now the standard for email authentication, it’s simple public/private key authentication. DKIM is a must as it ensures that your trusted send servers are in fact the ones sending from your domain, and makes it much harder for spoofers to spoof you.

DKIM without a DMARC policy or a DMARC policy that is set to none is like installing an antivirus but then not activating it – it’s doing zilch.

DMARC is the pairing record that tells the receiving server (your recipient) what to do with the message.

FUNCTIONS:

• DKIM private key is configured on the source server (your trusted sender)
• DKIM Public Key is added to your Domain’s records which is checked by receiving servers to verify that it passes checks against your private key signature.
• DMARC is a record which tells receiving servers what they should do if the DKIM check does not pass.

CAVEATS:

• DKIM does not verify the legitimacy of the sender it simply proves that the message was signed by someone in control of the private key for the sending domain. For example, Microsoft’s Direct Send feature could be leveraged by a bad actor to send out from a trusted smtp server therefore passing DKIM but failing SPF checks.
• Just like SPF hard fail, once again the DMARC policy which tells the receiving server what to do if checks fail is only a suggestion. Microsoft for example has a (turned off by default) setting which says whether to follow the DMARC policy or not – and even then it has a stipulation for “if the message is detected as a spoof, AND the DMARC policy is X, THEN…”

Who knows what other mail providers’ defaults and available options are.

TAKEAWAY:

DKIM with DMARC policy set to quarantine or reject should be paired with SPF hard fail. Combined they serve two different functions and go far toward protecting your domain from being spoofed but sadly, where loopholes still exist, such as with Microsoft’s blatant hole (Direct Send), or with weakly configured receiving mail servers, it is still not perfect

SIDE NOTE: SPOOFING TO OR FROM OTHER DOMAINS, NOT INTERNAL

This has all been so far discussed as far as attackers spoofing YOUR domain and sending to YOU (“Hi, this is your boss, please wire money to XXX-XXX”) and how to prevent/lower that risk, as well as detecting and lowering the risk of receiving inbound mail seemingly from people you know (trusted vendors or clients and friends being spoofed and emailing you).

Keep in mind that while you can fortify your own mail server for inbound handling by adjusting how it responds to SPF fails and DKIM fails (covered more later), there’s nothing you can do about the senders themselves not protecting their own domains from spoofing – meaning, if they don’t have DKIM or SPF set up correctly, their spoofed emails could still slip through your defenses.

As well and as already covered, a bad actor could yet take your domain and attempt to spoof it to someone other than you – for example if they get a hold of a client list and want to send spoofed emails from your domain to them requesting money, it is up to the client’s ( in this example) receiving mail servers to be correctly configured to detect and reject or quarantine such emails. If the receiving mail server on the client side has no mail filter and doesn’t care that the SPF and DKIM checks did not pass, this is how your domain could yet be spoofed despite anything else covered in this article.

MICROSOFT’s DIRECT SEND FEATURE

INITIAL NOTES: A long-standing vulnerability that we noticed in 2023 and which others already knew about:

The Call Is Coming From Inside the House: Microsoft Direct Send and Why You Need to Mitigate Now – Wolf & Company, P.C. (wolfandco.com)

Spoofing Microsoft 365 Like It’s 1995 – Black Hills Information Security (blackhillsinfosec.com)

And also something which Microsoft only now (2025) realized they needed to fix due to an onslaught of internal spoofing attacks.

No matter how many filters or advanced email defender licenses, spf or dkim or dmarc settings you enable these can all still be easily bypassed for spoofing and phishing activity  if you’re using Microsoft 365 and still have the Direct Send function turned on.

FUNCTIONS:

Open power shell right now and run this command, replacing the bolded parts with your domain and recipient (if you are using Microsoft 365):

Send-MailMessage -SMTPServer yourdomain-com.mail.protection.outlook.com -To luffy@yourdomain.com -From literallyanyone@yourdomainORanydomainthatmicrosofttrusts(!!).com -Subject “Please Reset Your Password” -Body “This is a test, Direct Send in 365 exploit….testing a simple spoof with direct send… Give me your passwords right now”

And the email will come through if Direct Send is enabled and your device’s network firewall isn’t otherwise blocking port 25 for some reason.

WHAT TO DO:

Turn off Direct Send ASAP.

This feature only became available in August 2025 , previously there was no way to fix Microsoft’s little loophole.

Here is a whole bunch of info from Microsoft: Introducing more control over Direct Send in Exchange Online | Microsoft Community Hub

Here is what to do and what to consider:

CONSIDER FIRST:

1. If you are using a 3^rd party mail filter or other service such as Barracuda, Proofpoint, Vipre, etc. chances are they are passing on email to your MX record in 365 rather than directly authenticating or integrating, and turning on the direct send Reject policy could break this. You need to create a Connector in 365 that whitelists that service’s IPs and rejects everything else. See more on this in the next section.
2. Same goes if you really want to keep sending out from a printer or scanner in the office using Microsoft (go get a free SMTP service!!)

STEPS TO CREATE A CONNECTOR:

Follow Microsoft’s article:

• Set up a connector to apply security restrictions to mail sent from your partner organization to Microsoft 365 or Office 365 | Microsoft Learn

STEPS TO TURN OFF DIRECT SEND:

Run Powershell

Commands:

Connect-ExchangeOnline (enter credentials)

Set-OrganizationConfig -RejectDirectSend $true

That’s it.

NOTE:

The change should propagate out to our entire service within 30 minutes. With the feature enabled, any received Direct Send messages from YOUR DOMAIN or using YOUR MX POINT will see the following message:

550 5.7.68 TenantInboundAttribution; Direct Send not allowed for this organization from unauthorized sources

Unless Direct Send is re-enabled again, any messages that hit this error will need a partner connector created to authenticate their source as an approved sender.

NOTE ON MICROSOFT’s DIRECT SEND VULNERABILITY:

They thought they fixed it but they haven’t fully. Turning off direct send will stop the spoofing of your domain as Microsoft will reject these (tested and verified), however:

Even if you have turned of direct send for YOUR tenant – the rest of the world will likely take years to catch on to this need, or decide to ignore it out of ignorance.

In the meantime, Direct Send can be used not only to send from anyone else’s  MX point to your tenant, from any other domain that Microsoft trusts.

MEANING: Even with direct send off on your tenant, bad actors can still leverage tenants that haven’t yet and bypass your 3^rd party filters by sending emails from trusted 365 domains directly to you.

3^rd PARTY EMAIL FILTERS,  CONNECTORS IN 365 AND HOW THESE ALL PLAY TOGETHER

When you utilize a 3^rd party email filter, let’s take Fusemail (by VIPRE) as an example, you are pointing your MX records to the filter first. The filter then does all the checks that it can, and pass the email along to Microsoft. When it passes the mail to Microsoft, it is important to understand a few things (read in order, each builds on the next):

• The sender IP that shows up in Microsoft’s side is Fusemail’s, not the actual sender.
• The original sender is highly unlikely to have Fusemail set up in their SPF record
• Therefore, from Microsoft’s perspective, the SPF check will fail.
• If the sender has DKIM set up for their domain for the host they are sending from, the DKIM signature will survive.
• Microsoft does not immediately reject all emails just because SPF fails (as already covered earlier, even if hard fail is turned on in the senders SPF record)
• Not everyone is up to date with DKIM – a lot of senders won’t have this.
• So, when SPF fails (since Fusemail’s IP is looked at, and is not in the sender’s SPF) AND if DKIM is not setup or set up incorrectly, now we have two red flags for Microsoft to consider..
• Microsoft will not immediately reject inbound emails just because SPF and DKIM both fail (again, previously covered).
• Microsoft will also look at things like sender reputation, , sender trust, email content/attributes, etc.
• What Microsoft does with the email is influenced by the email security policies you have set within Microsoft itself.
• So, Microsoft could decide to route such an email to quarantine, junk, or reject it if it sees any other reason besides SPF failing that makes it weary – or if it’s just in a bad mood and doesn’t like that SPF failed on a hard fail.
• That said, it is safe to say that with a 3^rd party email filter in play which results in SPF ALWAYS FAILING (!!), coupled with Microsoft’s own checks/policies/filter, this could result in more (possibly valid) emails getting routed to spam or junk on Microsoft’s side.

Three points to consider when asking yourself if that is the solution:

1. Is my 3^rd party filter really that good, doing all the checks that it should be, keeping up with advancing technologies and detection abilities?

2. Microsoft emails sent from one Microsoft tenant to another will never go through your inbound connector or third-party filters. So if you want to turn off all the Microsoft built-in policies to avoid having multiple quarantines to check, just know that bad actors can use Microsoft too. So can spam / marketing agencies.

3. REMEMBER: Even if you have turned of direct send for YOUR tenant – the rest of the world will likely take years to catch on to this need, or decide to ignore it out of ignorance. And Direct Send can be used not only to send from your MX point to your tenant, but from anyone else’s MX point to your tenant, from any other domain that Microsoft trusts.

MEANING: Even with direct send off on your tenant, bad actors can still leverage tenants that haven’t yet and bypass your 3^rd party filters by sending emails from trusted 365 domains directly to you.

Considering leaving all of the 365 filters on and STRENGTHENING THEM:

1. How do we feel about having users need to look out for quarantine reports from both Microsoft AND a 3^rd party solution?
2. How do we feel as IT admins about managing two separate solutions?
3. Microsoft’s free built in security measures don’t offer much to write home about- even on the strongest settings – is the free version even enough to catch emails sent from its own servers as phishing/spoofing attempts, or do we need to now also think about paying for their Advanced Defender plans which have better impersonation protection..?
4. And then, how do we feel about paying for TWO different spam services?
5. And are we certain that this double layer won’t conflict anywhere?
6. What about the fact that all emails inbound from the spam filter will fail SPF, what will increasing Microsoft’s email security do with that when it does its checks?

Consider licensing Microsoft’s Defender Plan 1 or 2.

Also to consider, there are some (untested) solutions out there like Avanan (by Check Point) or Cortex Advanced Email Security (by Palo Alto Networks) which leverage authentication via API so that you are directly integrated with Microsoft forgoing the need for connectors and MX record hops/redirects.

OR ELSE – customize an inbound connector that whitelists the 3^rd party’s IPs, and use 3 tools in 365 to ensure that the emails that are ONLY coming from these IPs are not double filtered so to speak:

1. Inbound connector with Vipre Enhanced Filtering for Connectors –

Create the inbound connector for partner org, allow listing by the filter’s IPS then enable Enhanced filtering also known as “skip listing,” which is a feature in Exchange Online that helps maintain accurate sender information and message integrity when using third-party spam filtering services like Vipre Email Security. It’s particularly useful in complex routing scenarios, like hybrid environments or when your MX record doesn’t point directly to Microsoft 365. This feature allows you to configure Office 365 to look beyond the last hop (e.g., Vipre’s IP) and identify the original sending IP address of an email, improving the accuracy of security features like anti-spoofing and anti-phishing.

2. Connection filter in Anti-Spam Policy

Allow list all the 3^rd party filter’s IPs

3. Anti-Phishing Policy spoofed Sender Allow-List

Allow list all the 3^rd party filter’s IPs with wild card *

4. Mail-flow rule to bypass spam filtering

Bypass spam filtering for all the 3^rd party filter’s IPs

5. Strengthen all other Microsoft policies which will apply to internal; or tenant-to-tenant only. (does not solve direct send loophole or tenant-to-tenant phishing without enhanced licensing. Still considerations regarding the double solution issue and needing more licenses.)

OTHER LINES OF DEFENSE:

EXTERNAL SENDER BANNERS

Remember that even with all the previous protections, spoofing a domain can still be done in the most basic sense, where the attacker is not truly sending from your domain but instead masking their domain on the email to make it look like it came   from your domain. These types of emails may still get through all lines of defense  since the sender may have all its ducks in a row and pass all checks and their email  may not seem harmful to the various filters.

To help with this you can set up an automatic message to prepend the body of any email that originates from outside your tenant (from a different domain), such as “WARNING – THIS SENDER IS EXTERNAL”

This can help draw attention to the fact that even though an email seems to come from your boss, something about it phishy.

(Microsoft’s how-to is not covered here.)

GEO-FENCING INBOUND EMAIL

Not always workable for everyone since some companies will need to be able to receive emails internationally. But something to look into case by case as an optional strengthening measure. If you know you don’t work with anyone from Russia, why not go block a whole country from trying to phish or spoof you.

Microsoft Article: https://learn.microsoft.com/en-us/defender-office-365/anti-spam-policies-configure?source=recommendations&view=o365-worldwide#use-the-microsoft-365-defender-portal-to-create-anti-spam-policies

USER AWARENESS TRAINING

Put last only because it’s not the main topic of this article, but user awareness training really is the first line of defense. Unaware end users clicking on phishing emails or falling for requests for money or information is the root problem. If everyone knew what to look for and what to send straight to trash, we wouldn’t need all the extra layers of protection as much.

So whether using a paid service like KnowBe4 or conducting manual training, it goes without saying this is a must.

The post PREVENTING EMAIL SPOOFING/PHISHING appeared first on Clearwater, St Petersburg, Tampa Fl..

However I’ve always been skeptical of jumping onboard the 4G/5G LTE or satellite related internet options, even for backup internet. Partly because nowadays so many companies are using hosted VOIP phone services which require very low latency and good quality internet connections, and 4G/5G services vary by location and if the building you’re in will kill the signal or not. Satellite connections have always had significant latency so one could barely use it for browsing.

At several businesses in the California region we have had customers sign up for Point to Point Fixed Microwave Wireless Connections that use high bandwidth fixed wireless dishes to connect to dishes that are mounted on either very high cellular towers or on top of high rise buildings, this technology allows for internet network connections that are almost the same as having a land based wired fiber or coax connection. However these connections can be costly and mostly are priced higher than Dedicated Internet Access Fiber Connections. One company that provides a cheap option for this for backup internet is OneRingNetworks.

However with the advent of Starlink and how close those satellites are to earth, the latency between your dish and the satelite is very close to having a land based cabled connection to a standard High Speed Internet Connection over Coax or some similar connection.

Starlink has changed the game in being able to have reliable internet connection anywhere, no matter how many ISPs in your local neighborhood are down due to some power outage or other issue.

We installed Starlink at 2 sites for a customer as backup internet options. This customer’s requirements are basic internet browsing and VOIP phones. We started with the basic 40GB Priority Plan for $140/month which gives you “unlimited” bandwidth after the 40GBs but not with the SLA and TTL that you get with the first 40GBs.

(Since these tests were done, Starlink just released new pricing and you can get 50GBs priority at $65/month and 500GBs priority at $165/month: https://www.starlink.com/service-plans/business)

Here are the actual results of the tests:

SITE 1 RESULTS:

PING TESTS:

The pings stayed consistent throughout the duration of the failover (15 minutes or so) including during test VOIP calls and browsing.

RUN VOIP QUALITY TEST:

https://www.ringcentral.com/support/qos.html

MULTIPLE VOIP CALLS RUNNING CONCURRENTLY:

We tested 4-5 calls happening concurrently during this failover, no issues were noted and call quality was as expected.

FOLLOW UP NOTE: February 27 2025 a full day of using Starlink occurred at this site – no one noticed any difference in internet quality/response time or call quality. During this time, the client left backups running to the cloud which used up almost 40GB of their priority StarLink data in that day – so there was high traffic usage. Here is the client feedback:

So, only the on duty captain knew [about the failover] and we did not give any guidance, I looked at usage patterns in the morning after and everything was normal, YouTube, Netflix, Hulu streaming, and all types of social media went on and no one even noticed. Call quality normal (listened to several call recordings) even when the NAS Cluster was backing up to the C2 Datacenter…During the day there were approx 15 at Site 1 and 5 at Site 2, over night it dropped to 5 at HQ and none at Site 2”

WHAT’S THE LATENCY LIKE WHEN BROWSING SITES VERSUS BEING ON THE FIBER?:

“I noticed the slightest extra millisecond when opening web pages but it was not significant and could have been transient. See note above, no one else noticed latency.”

ANYTHING ELSE THAT WILL GIVE MORE INSIGHT INTO THE STARLINK CONNECTION ON HOW USABLE IT IS FOR EITHER A BACKUP OR MAYBE EVEN A PRIMARY CONNECTION:
Speed tests a1 Site 1 – 2x tests done back to back (note the significant differences):

SITE 2 PING TESTS:

The pings showed some inconsistencies throughout the failover, no phone or browsing testing was done at the TC.

The post USING STARLINK AS BACKUP OR PRIMARY INTERNET – ACTUAL BASELINE TESTING REVIEW appeared first on Clearwater, St Petersburg, Tampa Fl..

Microsoft has been trying to move ALL of their administration bit by bit to Microsoft Office 365 and/or Azure.

Ever since the Volume Licensing Service Center was fully decommissioned by Microsoft, locating legacy licenses from that account has not been clear – a search on the web turns up countless others having the same issue.

(https://www.reddit.com/r/Office365/comments/11zzf8p/role_that_provides_access_to_volume_license_keys/?captcha=1)

and Microsoft sort of explains it in this article:

https://learn.microsoft.com/en-us/microsoft-365/commerce/licenses/user-roles-faq?view=o365-worldwide#request-permission-to-view-licenses

However, unless you are familiar with the actual process of purchasing and managing volume licenses, Microsoft 365 management, and the whole transition from the VLSC to the Microsoft admin portal, it’s still not very clear.

Microsoft mentions a “Volume Licensing” role that’s needed, and the assumption for most is that this is some special role within the Microsoft 365 Admin Center. But it’s not.

There are only TWO ways to be granted this role:

1. At the time of purchasing your original volume license, you were asked by the vendor selling you the license what email to use as the administrator for it in the VLSC. This is entirely different from any email you might have used to correspond with the vendor, sign in to the vendor account with and make the purchase, and it is even different (potentially) from the contact email given at the time of purchase (for example, your end user contact details). The vendor would have somehow explicitly requested the email which they were to release the license to, as the admin.

This is the ONLY account that is given the “VL role” to start.

Of note is that you may have purchased multiple licenses at different time periods, using different emails. Therefore some of your licenses may be tied to one email with the VL Role, and some to another.

2. The account mentioned above is the only one then that can administer the licenses and grant this role to others, which is now done in the 365 Admin Center. Any licenses that used to be in the vlsc, tied to the account above, were automatically pushed out to this account when the transition happened. So the second way that you can be granted this VL role, is again only if the primary account (mentioned in 1., above) , can sign in to the Microsoft 365 Admin Portal with the associated email, and then explicitly grant admin rights to another user.

There is no other way around this, and so this next part is important:

What happens if you purchased your volume licenses through a reseller or MSP or perhaps a now-ex-employee, and they used an email that you a) do not know, b) do not have access to?

Simply put you won’t be getting those licenses back. The only thing you can try to do is get the cooperation of the entity or person that sold you the license. So don’t waste time trying to figure out some other odd workaround.

You need to a) know the email that was given to the vendor at the time of purchase to be the license administrator and b) that account needs to be able to sign in to the Microsoft 365 admin center to then manage and assign the VL role to one of your own emails. (More on this below).

We have wasted countless hours ourselves trying to get help from the VLSC support chain, and perhaps if we had spent just a little more and were able to provide the original invoices, order numbers, contract numbers, license details, maybe they possibly could have helped transfer the VL role somehow or provided the original order email. But we had no such luck. The licenses are worth thousands of dollars in some cases so in their eyes, some other company asking them to transfer ownership rights is likely a security problem.

So let’s assume that you can track down the original email that was set as the license administrator at the time of purchase which is always step A and is necessary. (If you can’t get this you’re out of luck.) The next step is to see if it is an account capable of signing in to the Microsoft 365 admin portal: https://admin.microsoft.com

If it is not a Microsoft Work Account you will not by default be able to do this. The admin center is only available to be signed into with a work/school account, not a Microsoft personal account. If the email used at purchase was a personal account, the quickest and simplest way to get this account capable of signing in to the Microsoft 365 Admin portal is to purchase one of Microsoft’s cheapest business plans using the same account, on a monthly term (so that you can cancel later- you will have to manually change the term when purchasing). Exchange Online Plan 1 is a good option: Compare Microsoft Exchange Online Plans Microsoft 365

If it is already Microsoft Work account (meaning, it is hosted within an existing Microsoft 365 tenant) but does not have a Microsoft 365 Admin role assigned, as far as we understand, you will not be able to sign in to view and manage licenses. The solution would be to have an assigned administrator of this tenant grant the user in question temporary admin rights so that they can then sign in and manage the volume licenses, and grant the VL admin role to one of your own emails.

Here is a link to the direct page where the Volume Licensing tab is supposed to be found:

https://admin.microsoft.com/Adminportal/Home#/subscriptions/vlnew/downloadsandkeys

It’s normally found in the Microsoft 365 Admin portal under Billing, Your Products – but IT WILL NOT SHOW UP if you aren’t signing in with the correct user.

Likewise, if you try to navigate directly to it using the above link, with a wrong account, it will simply tell you that you don’t have access yet.

Here is what the Volume Licensing Section looks like if you are signed in with the VL Admin user:

When you click on contracts, it will show you all of the volume licensing contracts tied to this account and what role you have – if you are an administrator, then you can grant the same role to any other email that you choose:

To do this go back to the root Volume Licensing screen and click on Add Users to Contract then click Add or edit users

Here type the email that you want to be the new/additional Administrator (it will look within the tenant first but if you fully type the email out, then press enter, it will let you grant rights to an external user.)

Enter the display name then Review + Apply

You then choose the contract to assign to this user:

Then assign the administrator role:

Make sure to click Verify and save user assignments:

The user in question will then receive an EMAIL INVITE which they will have to open to accept and activate the role assignment. If the target user is not mail-enabled for example an unlicensed admin, just do a trial license in 365 admin center under Billing>Purchase Services (look for Business Premium or E3, those usually have free trials) and assign one of the licenses to the admin temporarily so you can receive the email and click on the link within. Make sure to go back and cancel your trial.

And voila you have your volume licenses back.

The post WHERE DID OUR MICROSOFT VOLUME LICENSES GO? appeared first on Clearwater, St Petersburg, Tampa Fl..

EMPLOYEES USING PERSONAL EMAIL PLATFORMS LIKE GMAIL AND YAHOO TO “POP” COMPANY EMAILS

PROBLEM:

Many small businesses have allowed their employees to either use their personal email (such as Gmail, Yahoo, Outlook, etc.) for work or have allowed them to pull in their work email using POP to their personal email – and specifically free Gmail accounts is the worst culprit as Google makes that so easy and it’s a very popular platform.

When companies allow employees to do this, they lose control over their historical emails, sent and received by their employees. Since the employee is POPing the company’s email (i.e. joe@companydomain.com) to their personal Gmail (joe@gmail.com), they have control over who has access to that mailbox and could potentially never give the company back that potentially valuable data, it’s all stuck in their personal Gmail account which the company has no authority to access.

Third party email backup solutions that will backup your business email also have no access to emails in someone’s personal Gmail account so if an employee decides to delete it all, it’s gone forever.

Also since a user is accessing those emails in his personal account, your company internal cybersecurity measures will have no effect on whether his personal account gets hacked and your company email data compromised without you knowing.

In addition to not having access to their account, the other BIG problem is when email is POP’d into someone’s personal Gmail account, it is mixed in into the same Inbox and Sent folder as their personal emails, so it’s all in one bucket making it very hard to distinguish and organize so business emails can be extracted.

Some companies have gone so far as to try and setup free personal Gmail accounts for the business by creating email accounts such as user.at.companyA@gmail.com. However that end user will have the password for that account and if they leave, you have no way of getting into that account – there is no business centralized management of it.

POP and IMAP email protocols are now legacy protocols that really don’t have a place in business environments.

Before getting into how to fix this, the true answer would have been to:

1. Never allow employees to POP their business email to their personal cloud email accounts to begin with by either using an email platform that can restrict this and/or making a company policy that clearly delinates this.

2. But with many small businesses still using cheap email alternatives from website hosts that only allow POP or IMAP email, these email platforms have NO way of restricting the use of POP so employees could be setting up POP to their Gmail accounts and you have no way of knowing or controlling that.

3. Having a proper business grade email server that uses more advanced protocols other than POP and IMAP, such as what Google Workspace and Microsoft Office 365 have. You have the power to disable POP as needed as there is really no need for it anymore.

SOLUTION:

We’ve brought onboard businesses that we’ve upgraded to either Google Workspace or Microsoft Office 365 that have had employees with company email in their personal Gmail accounts. And as long as the employee allows you temporary access to their personal account, you can cleanly migrate JUST the business emails out of the Inbox/Sent/Trash folder, without touching the user’s personal emails.

The key is to use Gmail Tagging to create separate tagged folders that are filtered to the company email address for the Inbox, Sent and Trash and any other respective folder. Once those tagged folders have been created, you can use Bittitan’s cloud email transfer service to migrate over those folders to the company email Inbox, Sent and Deleted Items folder.

INSTRUCTIONS:

1. To get your email account ready for migration, login to the employee’s personal Gmail account and then click on Settings (the gear icon) -> See all settings.

2. In the “Forwarding and POP/IMAP tab, make sure to enable IMAP. This is needed so that Bittitan can connect to the Gmail account to transfer the business emails.

4. You will need to enable 2FA, to do this click on the icon in the top right corner that has your picture or a letter, then click on “Manage your Google Account”.

5. On the left-hand side, click on Security.

6. Got to “2-Step Verification” and enable this.

7. Enter the phone number you want the 2FA to go to.

8. You will then need to setup an App Password, to do this, click on 2-Step Verification.

9. Scroll to the bottom of the page and click on App Passwords.

10. Create your app password and save this.

11. This app password will be used as the source credentials in Bittitan for the email account you’re trying to migrate to Google Workspace/Office 365.

12. If you’re trying to only migrate certain emails, like maybe just your work emails and not your personal emails, you will need to do the following. Create a label in Gmail, call it what you want, for example “Work”. To do this, click the “+” sign next to Labels, give it a name and click Create.

13. Go to Settings (the gear icon) -> See all settings

14. Click on the tab “Filters and Blocked Addresses” -> “Create a new filter”

15. In the “Has the words” section put the domain of your company, for example “@protekitsolutions.com” if you’re looking for work emails from Protek IT Solutions and then click Create Filter.

16. On the next page, select “Skip the Inbox (Archive it)”, “Apply the label:” (Here put the name of the label you created), and check “Also apply filter to “ ” matching conversations.”

17. This will bring all the emails you want migrated into this label.

18. In BitTitan, when creating the source email address, don’t forget to use the app password created earlier as the password.

19. In the ADVANCED OPTIONS under Filter Folders put ^(?!Work) (or whatever label name you created in step 13 above)

20. Under SUPPORT, put FolderMapping=”^Work->Work”.

The post Company Emails in Personal Email Accounts appeared first on Clearwater, St Petersburg, Tampa Fl..

See what are our TOP 7 picks for Cyber Security Policies every company must implement in 2025

1. Phishing Emails – Security Awareness Training
2. Phishing Emails to access Office 365 resources
3. 2FA – Protecting Email from hackers
4. Ransomware
5. Local Backups
6. Firewall Vulnerability
7. Threatlocker – game changer

Cyber Security Policy #1: Understanding Phishing Emails: How They Infect Computers and the Importance of Security Awareness Training

One of the most common methods employed by cybercriminals to compromise computers and sensitive information is through phishing emails. These deceitful messages are designed to trick end users into clicking malicious links that can lead to ransomware, malware infections, or unauthorized access to data. As organizations increasingly rely on digital communication, understanding the dangers of phishing and implementing effective security awareness training, such as that provided by KnowBe4, is crucial for safeguarding computers and networks.

The Mechanics of Phishing Emails

Phishing emails come in various forms and can be deceivingly sophisticated. Here are the key elements that make them effective:

1. Deceptive Content: Phishing emails often mimic legitimate organizations, including banks, service providers, and well-known companies. They may include official logos, colors, and terminology to appear credible.

2. Urgency and Fear: Phishers often create a sense of urgency. For instance, they may claim that immediate action is required to avoid account suspension or report suspicious activity—a tactic that pressures users to act quickly without thinking.

3. Malicious Links: These emails typically contain hyperlinks directing individuals to fraudulent websites that look genuine. Once clicked, users may be prompted to enter sensitive information or unknowingly download harmful software.

4. Attachments: Some phishing attempts involve malicious attachments. Opening these files can lead to automatic installations of malware.

Consequences of a Phishing Attack

The ramifications of falling victim to phishing emails can be dire:

1. Data Breaches: Compromised credentials can lead to unauthorized access to sensitive data, putting user and organizational information at risk.

2. Financial Loss: Cybercriminals can exploit stolen data for financial gain, leading to significant monetary losses for both individuals and businesses.

3. Operational Disruption: Ransomware attacks may result in locking users out of their systems and demand payment for regaining access, crippling business operations.

4. Reputation Damage: Organizations suffer hurt reputations when customers’ data is compromised, leading to a loss of trust and potentially impacting future business.

Enhancing Security Through Awareness Training

To combat the rising tide of phishing attacks, investing in security awareness training is essential. Here are ways organizations can enhance their defenses through effective training programs:

1. Regular Training Sessions: Educating employees about the latest phishing techniques can equip them with the knowledge to spot fraudulent emails.

2. Simulated Phishing Attacks: By conducting simulated phishing campaigns, organizations can assess employee readiness and reinforce training effectiveness. These exercises can help individuals recognize phishing attempts in real-time.

3. Real-time Reporting Mechanisms: Encouraging employees to report suspicious emails fosters a culture of vigilance. Organizations should implement straightforward methods for reporting potential threats.

4. Continuous Updates: The cyber threat landscape is ever-evolving. Regularly updating training content to include current tactics used by cybercriminals keeps employees informed and cautious.

5. Encouragement of Best Practices: Employees should be trained to verify the sender’s email address, look for signs of spoofing, and avoid clicking on links or downloading attachments from unknown sources.

KnowBe4: A Premier Solution in Cybersecurity Training

Among the various options for security awareness training, KnowBe4 stands out as a leading platform for educating organizations on cybersecurity best practices. With a vast library of resources, engaging content, and comprehensive programs, KnowBe4 equips employees with the necessary tools to identify and thwart phishing attempts. Their platform provides:

– Tailored Training Modules: Customizable courses that meet the specific needs and risks of an organization.

– Interactive Learning: Gamified training experiences that engage users while reinforcing knowledge retention.

– Metrics and Reporting: Comprehensive analytics to track employee progress and assess training effectiveness.

Phishing emails pose a significant threat to computers, data integrity, and overall organizational security. Understanding how these malicious tactics work and focusing on preventive measures can effectively mitigate risk. Implementing robust security awareness training programs, such as those offered by KnowBe4, equips employees with the tools they need to recognize and avoid the pitfalls of phishing attacks. As cyber threats continue to evolve, a proactive approach to cybersecurity education will remain paramount in safeguarding both individuals and organizations in the digital landscape.

Training employees to be the first line of defense against phishing not only protects valuable assets but also fosters a culture of cybersecurity awareness that can make a significant difference in today’s interconnected world.

Cyber Security Policy #2: Tricked by Phishing Emails to Access Office 365 Resources: A Growing Threat

Organizations are relying more than ever on cloud-based services like Microsoft Office 365. While these platforms enhance productivity and facilitate collaboration, they also presents new vulnerabilities, especially concerning user security. One of the most insidious threats faced by end users today is phishing emails designed to trick them into providing access to their Office 365 resources. Cybercriminals employ sophisticated techniques to engage users in giving away their email passwords and two-factor authentication (2FA) codes, leading to devastating repercussions for individuals and organizations alike.

Understanding Phishing and Its Mechanisms

Phishing is the fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communications. The prevalence of phishing attacks has surged in recent years, particularly as the cyber threat landscape evolves. In the context of Office 365, users are often targeted through:

1. Deceptive Emails: Attackers send emails that appear to be from legitimate sources, such as IT departments or Microsoft, prompting users to “log in” to verify their accounts.
2. Imitation of Legitimate Sites: Links in phishing emails often direct users to fake login pages that closely mimic legitimate Office 365 portals, making it difficult to discern authenticity.
3. Urgency and Fear Tactics: Phishing emails often create a sense of urgency (e.g., “Immediate action required to prevent account suspension”) that compels users to act quickly without due diligence.

Understanding these tactics is crucial for recognizing the signs of phishing attempts and preventing unauthorized access to valuable resources.

How Phishing Leads to Man-in-the-Middle Attacks

Once users are tricked into providing their login credentials, attackers may perform what is known as a Man-in-the-Middle (MitM) Attack. Here’s how it typically unfolds:

1. Credential Harvesting: The hacker collects the provided email credentials along with any secondary authentication codes.
2. Accessing Office 365 Accounts: With complete access, attackers can log into the user’s Office 365 account, giving them the ability to view, edit, or delete files stored in OneDrive and SharePoint.
3. Data Exfiltration: Sensitive information, such as company documents, financial records, and personal data, can be exploited for malicious purposes or sold on dark web marketplaces.

The impact can be catastrophic for organizations, leading to data breaches, loss of intellectual property, and significant financial repercussions.

Prevention Measures for Individuals and Organizations

To combat the risks associated with phishing and MitM attacks, both individuals and organizations must adopt robust security measures. Here are some effective strategies:

1. Education and Training: Regular training programs should be implemented to educate users about phishing tactics and promote safe email practices.
2. Verification of Sources: Encourage users to verify the authenticity of emails, particularly those requesting sensitive information. This may involve contacting the purported sender directly through a separate communication channel.
3. Multi-Factor Authentication: While 2FA is essential for securing accounts, consider adding additional layers of verification (like biometric authentication or security questions) when logging into Office 365.
4. Email Filtering Solutions: Employ advanced email security tools that utilize machine learning and AI to detect and filter phishing emails before they reach users’ inboxes.
5. Regular Security Audits: Organizations should conduct frequent security audits of their Office 365 environments to assess vulnerabilities and reinforce system defenses.

The Role of IT Security Policies

Establishing comprehensive IT security policies is crucial for safeguarding organizational resources against phishing and other cyber threats. Policies should include:

– Incident Response Plans: Clear procedures for responding to suspected phishing attacks or security breaches.
– Access Controls: Limiting user access to Office 365 resources based on role and necessity, thereby minimizing potential exposure to sensitive information.
– Monitoring and Reporting: Continuous monitoring of user activity within Office 365 and encouraging users to report suspicious communications immediately.

the threat of phishing emails targeting Office 365 users remains a significant concern in today’s cybersecurity landscape. By understanding the tactics employed by cybercriminals, users can be better equipped to identify and thwart such attacks. Organizations must prioritize user education, implement robust security measures, and establish strict IT policies to mitigate the risk of data breaches and protect their valuable resources. As the digital environment continues to evolve, being vigilant and proactive in cybersecurity measures will be essential in safeguarding sensitive information and maintaining organizational integrity.

Cyber Security Policy #3: The Importance of Two-Factor Authentication: Protecting Your Email from Hackers

Email serves as a critical communication tool for businesses of all sizes. However, with this reliance comes an increased risk of cybersecurity threats, particularly email hacking. Recent data indicates that companies lacking Two-Factor Authentication (2FA) are at a significantly higher risk of having their email accounts compromised. This article explores the dangers of not employing 2FA and its implications for businesses and their communications.

Understanding Two-Factor Authentication (2FA)

Two-Factor Authentication is a security measure that requires not only a password and username but also something that only the user has on them. Typically, this involves a secondary verification method, such as a text message code, an authentication app, or a biometric fingerprint scan. The implementation of 2FA drastically reduces the likelihood of unauthorized access and enhances overall email security.

Why is 2FA Crucial?

1. Enhanced Security Layer:
– 2FA adds an extra layer of protection beyond just a password, making it substantially harder for hackers to gain access.
– Even if a hacker obtains a user’s password, they would still need the secondary authentication method to breach the account.

2. Phishing Protection:
– Phishing emails often result from compromised accounts. By implementing 2FA, the ability for hackers to manipulate accounts diminishes significantly.
– Users are less likely to fall victim to phishing scams, which rely on maintaining unfettered access to their email accounts.

The Consequences of Not Using 2FA

Increased Vulnerability

Companies that do not employ 2FA are sitting ducks for hackers. The process of hacking an email account can be remarkably straightforward for cybercriminals, leading to dire consequences:

1. Phishing Exploits:
– Once a hacker gains access to an email account, they can use that address to send deceptive emails, posing as the account owner.
– This can result in unsuspecting contacts falling victim to fraud, compromising both personal and company data.

2. Manipulation of Email Rules:
– A hacker can create email rules that automatically delete sent phishing emails. This prevents the victim from noticing that their account has been compromised, as they won’t find any suspicious messages in their Sent Folder.
– By eliminating evidence of breaches, hackers can operate undetected for extended periods.

3. Harvesting Sensitive Data:
– Hackers can copy the entire contact list of the compromised email account for future phishing campaigns.
– They may download the email history to gather sensitive data, which can be leveraged to better tailor their attacks, increasing their efficacy over time.

The Long-Term Impact on Businesses

The ramifications of having email accounts hacked can have long-lasting effects on a business’s reputation and operational integrity.

1. Loss of Customer Trust:
– If customers receive phishing emails from a seemingly legitimate source, their trust in the brand may be severely damaged.
– Ensuring that communication remains secure is paramount for maintaining a loyal customer base.

2. Financial Implications:
– Cyber incidents often result in financial losses, from both direct extortion (e.g., ransomware) and the costs associated with mitigating the breach, such as IT support and legal fees.
– The cost of having to restore security and manage the fallout from phishing scams can far surpass the investment in basic protective measures, like 2FA.

3. Legal Ramifications:
– As cybersecurity regulations become stricter, companies need to protect their customers’ data to avoid potential legal action stemming from breaches.
– Non-compliance with security measures can lead to penalties and costly lawsuits.

Implementation of 2FA: Making it Work for Your Business

To secure email accounts and overall company communications, implementing 2FA should be a priority. Here are a few steps to follow:

1. Choose a 2FA Method:
– Opt for methods that best suit your organization’s needs, whether it’s SMS-based, app-based, or biometrics.

2. Educate Employees:
– Conduct regular training sessions to inform employees of the importance of 2FA and proper email hygiene.
– Awareness is key in thwarting attacks.

3. Corporate Policy:
– Institute a company-wide policy that mandates the use of 2FA for all business communications.
– Ensure compliance through regular audits and updates on security protocols.

The risk of email hacking is ever-present, and companies without Two-Factor Authentication are particularly vulnerable. Not only does the absence of 2FA expose businesses to phishing attacks and data breaches, but it also compromises customer trust and financial stability. Prioritizing the adoption of 2FA can mitigate these risks and foster a secure environment for internal and external communications. In a landscape where cybersecurity threats are evolving, proactive measures like 2FA are no longer optional—they are essential for safeguarding your business and its stakeholders.

Cyber Security Policy #4: Ransomware: A Persisting Threat and Effective Solutions

Ransomware, a form of malicious software that encrypts a victim’s files and demands a ransom for their release, continues to be a significant topic of discussion among cybersecurity experts and businesses alike. Just last week, we received alarming messages from multiple customers reporting that their entire networks and servers had fallen victim to ransomware attacks. This disturbing trend underscores the urgent need for effective solutions to mitigate the risks associated with ransomware.

Understanding Ransomware

Ransomware operates by infiltrating a computer system and encrypting data, rendering it inaccessible until a ransom is paid, typically in cryptocurrency. The implications of such attacks can be devastating: not only can they lead to financial loss, but they can also result in a loss of customer trust, reputational damage, and potential legal repercussions. Organizations need to be proactive rather than reactive when dealing with this threat.

The Landscape of Ransomware Attacks

1. Prevalence of Attacks: Ransomware attacks are on the rise, affecting businesses across various sectors—including healthcare, finance, and education. IBM’s Cyber Security Intelligence Index reported an increase of 200% in ransomware incidents in recent years, indicating that no sector is immune.

2. Motive for Attacks: Cybercriminals often target vulnerable organizations to extort money. They thrive on the urgency and panic that accompanies a ransomware incident. Many organizations face the difficult decision of paying the ransom, often believing it to be the fastest way to reclaim access to their critical data.

3. Evolution of Techniques: As cybersecurity measures improve, so too do the tactics employed by ransomware attackers. They have adopted more sophisticated methods, such as double extortion, where they not only encrypt files but also threaten to leak sensitive information if the ransom isn’t paid.

Solutions to Combat Ransomware

To effectively combat ransomware, organizations must adopt a multifaceted approach that includes prevention, detection, and response strategies. Here are some critical solutions that can be implemented:

1. Regular Backups:
– Regularly back up data to an external drive or to the cloud.
– Ensure that backups are not connected to the main network to prevent them from being encrypted by ransomware.
– Test backups periodically to confirm their integrity and ensure they can be restored quickly if needed.

2. Security Training and Awareness:
– Conduct cybersecurity training sessions for employees, emphasizing the importance of recognizing phishing attempts and suspicious downloads.
– Encourage a culture of vigilance where employees are motivated to report potential threats.

3. Robust Anti-Malware Solutions:
– Utilize updated anti-virus and anti-malware software to detect and neutralize potential threats before they can inflict harm.
– Implement endpoint protection solutions that monitor devices for any unusual behavior indicative of a ransomware attack.

4. Network Segmentation and Least Privilege Access:
– Segment networks to limit the spread of ransomware should one segment become compromised.
– Implement least privilege access across the network, ensuring that users only have access to the data necessary for their roles.

5. Incident Response Planning:
– Develop and regularly update an incident response plan that includes procedures for addressing a ransomware attack.
– Conduct simulations or tabletop exercises to prepare the IT staff for a coordinated response should an attack occur.

Ransomware remains a pronounced threat in the cybersecurity landscape, as evidenced by the ongoing reports of organizations being targeted and compromised. Proactive measures must be taken to safeguard against this insidious form of cybercrime. By implementing robust backup strategies, fostering employee awareness, and establishing comprehensive security protocols, organizations can better prepare themselves against potential ransomware attacks.

As we continue to navigate this evolving threat, it is crucial for businesses to remain vigilant and dedicated to enhancing their cybersecurity posture. The battle against ransomware may be ongoing, but with the right tools and protocols in place, organizations can emerge resilient, minimizing the impact of such attacks on their operations and reputations.

Cyber Security Policy #5: Keeping Your Local Backups Off of the Local Microsoft Server Domain

With the alarming rise of cyberattacks, particularly ransomware, it has become essential to adopt robust strategies for safeguarding sensitive information. One critical measure in mitigating risks is to keep backups off of the local Microsoft Server Domain. This article explores the reasons for this approach, highlights best practices for maintaining secure backups, and provides actionable insights for organizations to protect their data effectively.

The Importance of Isolating Backups

Ransomware attacks typically target the interconnected systems of a corporate network. When hackers infiltrate a network, they can easily access and encrypt all files, including backups stored on the same domain. By keeping local backups off the Microsoft Server Domain, organizations can create a separate line of defense against data loss. This separation is essential for the following reasons:

1. Preventing Encryption: If hackers gain access to the network, they may encrypt data across the board, including backups. However, if backups are stored separately, they remain untouched, allowing organizations to restore operations without paying ransoms.

2. Reducing Attack Surface: A Microsoft Server Domain can serve as a single point of entry for cybercriminals. By decentralizing backups, organizations can reduce the attack surface and make it more challenging for hackers to compromise multiple systems.

3. Ensuring Data Availability: Frequent, localized backups can be valuable in quickly restoring operations post-attack. Keeping these backups off the domain ensures they are readily accessible when needed.

Best Practices for Off-Domain Backup Solutions

To ensure local backups remain secure and accessible, organizations should consider the following best practices for off-domain backup solutions:

1. Choose the Right Backup Location

Select a storage location that is not connected to your main server network. Options include:

– External Hard Drives: Regularly back up critical data to external USB drives that are disconnected from the network after the backup process.
– Network-Attached Storage (NAS): Use a dedicated NAS device that operates on a different network segment or VLAN to store backups.
– Cloud Storage Solutions: Implement cloud backup services to securely store duplicates of essential data off-site.

2. Implement Encryption for Backups

To enhance the security of backups, make sure to:

– Encrypt Data: Use strong encryption algorithms to protect files both during transmission and at rest.
– Secure Access: Limit access to backups to authorized personnel only and employ strong authentication methods to reduce unauthorized access risks.

3. Regularly Test Backup Restoration

Ensuring that data can be restored promptly is crucial. Follow these steps:

– Test Restores: Periodically conduct restore tests to verify that data can be reliably retrieved from your backups.
– Schedule Regular Backups: Automate backup schedules to ensure data is updated frequently and minimizes the risk of loss.

4. Maintain Redundant Copies

Implement a strategy that includes multiple copies of backups stored in different locations. This can be achieved through:

– Geographically Dispersed Backups: Store copies in various physical locations to safeguard against local disasters or attacks.
– Version Control: Keep different versions of backups to effectively revert to previous states in case of corruption.

Securing your data should be a non-negotiable priority for any organization today. Keeping local backups off of the local Microsoft Server Domain is a vital strategy that can significantly bolster your defense against ransomware and other malicious attacks. By understanding the risks, practicing robust backup solutions, and following best practices, businesses can ensure they are not only safeguarding their data but also maintaining operational continuity in the face of cyber threats. As technology and tactics evolve, staying vigilant and proactive in data security will be the best line of defense.

Cyber Security Policy #6: SonicWall Firewall Vulnerability: Understanding CVE-2024-40766 and Its Implications

One critical measure in mitigating risks is to keep backups off of the local Microsoft Server Domain. This article explores the reasons for this approach, highlights best practices for maintaining secure backups, and provides actionable insights for organizations to protect their data effectively.

The Importance of Isolating Backups

Ransomware attacks typically target the interconnected systems of a corporate network. When hackers infiltrate a network, they can easily access and encrypt all files, including backups stored on the same domain. By keeping local backups off the Microsoft Server Domain, organizations can create a separate line of defense against data loss. This separation is essential for the following reasons:

1. Preventing Encryption: If hackers gain access to the network, they may encrypt data across the board, including backups. However, if backups are stored separately, they remain untouched, allowing organizations to restore operations without paying ransoms.

2. Reducing Attack Surface: A Microsoft Server Domain can serve as a single point of entry for cybercriminals. By decentralizing backups, organizations can reduce the attack surface and make it more challenging for hackers to compromise multiple systems.

3. Ensuring Data Availability: Frequent, localized backups can be valuable in quickly restoring operations post-attack. Keeping these backups off the domain ensures they are readily accessible when needed.

Best Practices for Off-Domain Backup Solutions

To ensure local backups remain secure and accessible, organizations should consider the following best practices for off-domain backup solutions:

1. Choose the Right Backup Location

Select a storage location that is not connected to your main server network. Options include:

– External Hard Drives: Regularly back up critical data to external USB drives that are disconnected from the network after the backup process.
– Network-Attached Storage (NAS): Use a dedicated NAS device that operates on a different network segment or VLAN to store backups.
– Cloud Storage Solutions: Implement cloud backup services to securely store duplicates of essential data off-site.

2. Implement Encryption for Backups

To enhance the security of backups, make sure to:

– Encrypt Data: Use strong encryption algorithms to protect files both during transmission and at rest.
– Secure Access: Limit access to backups to authorized personnel only and employ strong authentication methods to reduce unauthorized access risks.

3. Regularly Test Backup Restoration

Ensuring that data can be restored promptly is crucial. Follow these steps:

– Test Restores: Periodically conduct restore tests to verify that data can be reliably retrieved from your backups.
– Schedule Regular Backups: Automate backup schedules to ensure data is updated frequently and minimizes the risk of loss.

4. Maintain Redundant Copies

Implement a strategy that includes multiple copies of backups stored in different locations. This can be achieved through:

– Geographically Dispersed Backups: Store copies in various physical locations to safeguard against local disasters or attacks.
– Version Control: Keep different versions of backups to effectively revert to previous states in case of corruption.

Securing your data should be a non-negotiable priority for any organization today. Keeping local backups off of the local Microsoft Server Domain is a vital strategy that can significantly bolster your defense against ransomware and other malicious attacks. By understanding the risks, practicing robust backup solutions, and following best practices, businesses can ensure they are not only safeguarding their data but also maintaining operational continuity in the face of cyber threats. As technology and tactics evolve, staying vigilant and proactive in data security will be the best line of defense.

Cyber Security Policy #7: Threatlocker: A Game-Changing Cybersecurity Product

Threatlocker is a revolutionary product that has adopted a unique approach to cybersecurity by focusing on application whitelisting—allowing only approved software to run on workstations and servers. This tactic fundamentally alters the way organizations defend against potential threats, marking a significant shift in the cybersecurity landscape.

Understanding Application Whitelisting

Unlike conventional security measures that predominantly focus on identifying and blocking known threats, Threatlocker’s whitelisting approach functions on the principle of allowing only pre-approved applications to execute. This contrasts the traditional blacklist model starkly, which merely keeps a list of known malicious software but can still leave networks vulnerable to zero-day exploits and other novel threats.

Key Aspects of Threatlocker’s Approach

1. Application Control:
The core functionality of Threatlocker is its ability to enforce strict application control. Administrators can maintain a detailed policy of which applications are permitted to run based on specific criteria. This control is essential for preventing the execution of unauthorized software that may pose a risk.

2. Proactive Threat Prevention:
By limiting applications to just those specified in the whitelist, Threatlocker minimizes the attack surface significantly. Attackers often rely on exploiting vulnerabilities found in unapproved applications or embedding malware within them. With threatlocker, the chance of a successful attack is drastically reduced.

3. Real-Time Monitoring and Response:
Threatlocker not only prevents unauthorized applications from executing but also provides real-time monitoring capabilities. This feature allows businesses to track and respond to any suspicious activity or attempts to run non-whitelisted software instantly. This level of visibility is crucial for maintaining security and compliance.

4. Comprehensive Reporting Tools:
The product also boasts robust reporting tools that enable users to generate detailed logs and reports. These reports can be invaluable for risk assessments, compliance requirements, and understanding overall network activity.

5. Flexible Licensing and Modules:
Threatlocker offers a variety of modules that organizations can license based on their specific needs. This flexibility allows businesses to customize their security solutions, ensuring comprehensive coverage tailored to their unique environment.

The Benefits of Implementing Threatlocker

Businesses adopting Threatlocker can enjoy several key benefits that significantly enhance their cybersecurity posture:

– Reduced Risk of Data Breaches: Implementing application whitelisting drastically lowers the odds of successful data breaches, as unauthorized applications are unable to execute.

– Mitigated Insider Threats: The whitelisting model also safeguards against insider threats, as employees are unable to execute unauthorized applications that could lead to data leaks or system compromises.

– Enhanced Compliance: Organizations in regulated industries must adhere to stringent data protection standards. Threatlocker’s ability to enforce application controls helps organizations meet compliance obligations more easily.

– Increased Productivity: By removing the risk of malware infiltration, businesses can focus on their operations without the constant fear of cyberattacks halting productivity or causing costly downtime.

As cyber threats evolve and become more sophisticated, the need for innovative cybersecurity solutions becomes even more crucial. Threatlocker represents a paradigm shift in how organizations can protect themselves from the ever-increasing threats posed by hackers and malicious software. By adopting a whitelisting approach, Threatlocker not only offers a robust defense mechanism but also helps organizations achieve compliance and enhance overall security.

Adopting such forward-thinking technology may very well be a game-changer for businesses looking to safeguard their operations in an unpredictable digital landscape. As we move into a future where cyber threats are an inevitable reality, products like Threatlocker will play a vital role in reshaping how organizations think about and manage their cybersecurity strategies.

–

As cyber threats continue to evolve, companies must take proactive steps to fortify their cybersecurity defenses. By implementing strategies to combat phishing, securing backups against ransomware, addressing firewall vulnerabilities, and establishing comprehensive policies, organizations can significantly reduce their risk and protect their sensitive data. As businesses navigate the digital landscape, prioritizing cybersecurity will not only shield them from current threats but also instill confidence in customers and stakeholders alike. Remember, an investment in cyber defense is an investment in the future of your organization.

The post Top 7 Cyber Security Policies Every Company MUST Implement in 2025 appeared first on Clearwater, St Petersburg, Tampa Fl..

Cisco Meraki’s devices are registered to an owners Meraki.com cloud portal and if registered/claimed in that portal, no one else can “claim” that device and register it in their own account.

This prevents anyone from just using any Meraki device if they purchase it used. Hence it forces companies to purchase new Meraki appliances.

NOTE: Working with Meraki support to see if they will help us with this process Meraki finally just said they can’t actually help us and we would have to contact the previous owner.

QUESTION: “CAN YOU BACKUP MERAKI DEVICE CONFIGS AND SAVE THEM LOCALLY TO IMPORT INTO ANOTHER ACCOUNT: “

1. In talking with Meraki support, there is no way to backup, copy, save etc. a devices configuration in the cloud. If we were replacing the device in the same account it could push out the same configuration that way but there is no other way to get the config, so we would need to immediately reconfigure any device on our own once transferred to a new account as all previous configuration is lost.

HOW TO TRANSFER MERAKI DEVICES FROM ONE ACCOUNT TO ANOTHER:

2. The best way to transfer the device according to the Meraki support tech that I talked to, is to follow the steps outlined here: Moving Devices between Organizations – Cisco Meraki Documentation and here, for uncalming: Adding and Removing Devices from Dashboard Networks – Cisco Meraki Documentation

SUPPORT/SECURITY LICENSES:

3. If a Meraki device is unclaimed from one account and then registered to another account, any support/security licenses that were paid for will be lost and the device goes into a 30 day trial

Here’s the summarized step by step based on the above two articles in a simplified process:

1. Sign in to the Meraki cloud portal https://dashboard.meraki.com/
2. Select the network containing the devices, should look something like this:

3. To remove the 8x APs, navigate to the device list page: Wireless > Monitor > Access points for wireless networks
4. Click the checkboxes next to any devices that should be removed, for example:

5. Click Edit, then Remove from Network

6. The device(s) will disappear from the list.
7. To remove the 2x Cisco Switches, navigate to Switching > Monitor > Switches and repat the same steps above to remove them.

Once the above is done, the Meraki tech said we can then go into our account and using the device serial numbers, add them to the account.

We cannot transfer the licensing between accounts so anyone will need to re-license, there’s a 30 day grace period that should activate on the newly added devices though. All devices will need to then be reconfigured in the account.

This whole process can take 5 – 60 minutes to complete, as it will remove the device configuration, then re-contact the Meraki servers and re-register in the new account.

The post HOW TO UNCLAIM A CISCO MERAKI DEVICE AND ALLOW ANOTHER ORGANIZATION TO CLAIM IT AND TAKE OWNERSHIP appeared first on Clearwater, St Petersburg, Tampa Fl..

Microsoft’s definitions of “Internal Users” and “External Users” – specifically as it applies to the External Connector License VS a standard Windows Server User CAL – are somewhat vague and overlap.

You can Google and find many descriptions from various sources on what their interpretation of these is, and they paraphrase what they think an external user is, but in most cases, there are unanswered questions and vague pieces.  But instead of trusting random articles from different IT company article/blog writers with making sure you are compliant with Microsoft licensing, I wanted to get Microsoft’s definition for all of this. Here are the articles I was able to put together where they have various definitions and explain it in several ways – again ,not being clear enough and overlapping with “internal users” in some cases.

I put this article together so that anyone else working out how to properly license the External Connector License VS User CALs can make up their own mind based on the Microsoft definitions below.

Please let me know if you have any other sources from Microsoft further defining the below?

The below first article for internal and external users, it specifically mentions “onsite” IT contractors and agents. In today’s world of remote access, where contractors would have worked onsite in the past are now fulfilling the same function remotely. So the definition seems very incomplete in not explicitly talking about the remote workforce and instead very explicitly using the word “onsite” – essentially classifying all contractors and agents that work remotely as “external users”.

THIS SITE: https://www.microsoft.com/en-us/licensing/product-licensing/windows-server TO THIS DOWNLOADABLE PDF: https://aka.ms/WindowsServerLicensingGuide “Requirements for internal users – Client Access License (CAL) “For users that are either the customer’s or its affiliates’ employees, or its or its affiliates’ onsite contractors or onsite agents:”

“Requirements for external users – Client Access License (CAL) and/or External Connector license (EC) “For users that are not either customer’s or its affiliates’ employees, or its or its affiliates’ onsite contractors or onsite agents:”

“CALs are required for users that are either the customer’s or its affiliates’ employees, or its or its affiliates’ onsite contractors or onsite agents. CALs or, alternatively, External Connectors are required for users that are not either the customer’s or its affiliates’ employees, or its or its affiliates’ onsite contractors or onsite agents.”

Microsoft Product Terms – Glossary

“External Connector License means a License assigned to a Server that permits access to the corresponding version of the server software or earlier versions of the server software by External Users.
“External Users means users that are not employees, onsite contractors or onsite agents of Customer or its Affiliates.”

Client Access Licenses (CAL) & Management Licenses | Microsoft Volume Licensing “If you want external users—such as business partners, external contractors, or customers—to be able to access your network, you have two licensing options:

Acquire CALs for each of your external users.
Acquire External Connector (EC) licenses for each server that will be accessed by your external users.”

“An external user is a person who does not have employee-level access to your company’s network or the network of your affiliates, and is not someone to whom you provide hosted services. An EC license assigned to a server permits access by any number of external users, as long as that access is for the benefit of the licensee and not the external user. Each physical server that external users access requires only one EC license regardless of the number of software instances running. An “instance” is an installed copy of software.

“The right to run instances of the server software is licensed separately; the EC, like the CAL, simply permits access. The decision on whether to acquire CALs or an EC for external users is primarily a financial one.”
—
PDF DOWNLOAD: Microsoft Product Terms Explained.pdf https://download.microsoft.com/download/E/8/E/E8EDAE36-CBC6-4123-BC5A- F651D174FD6C/Microsoft_Product_Terms_Explained.pdf “Quick Facts: External User Access

The server license permits external users’ (such as customers or vendors) access to base functionality.”

The post WINDOWS SERVER 2013 / 2016 / 2019 / 2022 EXTERNAL CONNECTOR LICENSES – HOW MICROSOFT DEFINES “EXTERNAL USERS”: appeared first on Clearwater, St Petersburg, Tampa Fl..

Below are the user instructions for how to setup this up and use it in Outlook Web Access and Microsoft Outlook:

OUTLOOK WEB ACCESS:

In OWA, log into your account. Then go to the Settings gear icon in the upper-right hand corner and click View all Outlook settings.

Click on Compose and reply

Scroll down to the Message format section and check the box for Always Show From

Next, scroll down to the Addresses to send from section and check the box for the alias you would like to be able to send emails as.

Now click the Save button in the lower-right hand corner.

Now when you create a new email, click on the from field and you will see the options you have for sending the email as.

MICROSOFT OUTLOOK:

For the Outlook desktop application, start a new email and click on Options.

Click on the three periods and in the Show Files section select From.

Click on the From field and select Manage List…

From here select the alias you would like to be able to send as and click OK

Now when you click on the From field, you will be able to see the different aliases you can use.

Our new partner, Design Rush, have an article on ‘Microsoft Teams‘.

The post MICROSOFT OFFICE 365 EMAIL – HOW TO SEND EMAILS FROM YOUR ALIASES USING OUTLOOK AND OUTLOOK WEB ACCESS appeared first on Clearwater, St Petersburg, Tampa Fl..