Work and live with IT

Phase out Legacy Authentication - Enable Modern Authentication

Blog series This is part two of the six-part series on “Phase out Legacy Authentication”. Preface Enable Modern Authentication Create prerequisites Gain insights The first 90% The next 9% Endgame Enable Modern Authentication This step may seem strange, but in old tenants (created before 01.08.2017) Modern Authentication for Exchange Online and Skype for Business Online is not necessarily enabled. Exchange Online For Exchange Online, the Exchange Online PowerShell V2 module must be installed to enable Modern Authentication.

Phase out Legacy Authentication - Preface

In an Azure AD environment, legacy authentication is the Achilles heel of security. While modern clients take into account conditional access policies and multifactor authentication, the use of legacy clients and associated protocols such as SMTP, IMAP or Exchange ActiveSync creates an often overlooked gap in this protection. Since these protocols are not compatible with Conditional Access, they “bypass” the protection unless explicitly defined. This is not a security hole on Microsofts part, but a design decision and the impact on your own environment should therefore be well understood.

Create a Network Trace Without Wireshark

Wireshark is a powerful tool to analyze network data. However, it is another tool that needs to be regularly updated and that relies on additional software (Npcap) to capture network data. But Windows has a built-in tool to create a network trace. And with a small additional tool the created etl file becomes a pcap file which can be analyzed without any problems. An installation of Wireshark and Npcap is therefore not necessary to capture the data.

Test UDP connection with PowerShell

When analyzing network problems, a simple ICMP ping is never sufficient to verify if the connection between two devices works. Normally a TCP connection to a server is needed and PowerShell comes with an appropriate cmdlet Test-NetConnection. However, by default Test-NetConnection only supports TCP connections and also tests an ICMP ping each time. So, what’s up with UDP? There is no built-in tool for analyzing stateless UDP packets, so I wrote the following two functions.

Optimize your Microsoft Teams traffic with QoS on a UniFi USG

At times like these, when everybody is working from home and the whole family uses the internet as well, the traffic requirements can be tough on your internet connection. When you are using real-time collaboration tools, such as Microsoft Teams, that rely on a good and stable internet connection for voice, video and screen sharing, parallel Netflix/Disney+/Hulu/Amazon Prime traffic can make the experience subpar for everybody involved. Thankfully it’s possible to optimize your outgoing traffic based on what services are used.

Certificate management with Azure Automation and Let's Encrypt

The Let’s Encrypt project has had a lasting impact on the Internet landscape. Free SSL certificates for everyone can be created automatically and signed by Let’s Encrypt. Due to the broad acceptance by browser manufacturers and cross-signing, the certificates are valid almost everywhere. However, an automated solution is absolutely necessary due to the short validity period of 90 days. Using PowerShell in Azure Automation, a workflow can be created that takes care of certificate renewal and secure central storage.