Thanks for the good info. Microsoft’s ever-changing nature presents a challenge (and a rabbit-hole of searching). In reviewing mail status, we trigger the stock monthly email & collaboration report. (Using Defender for O365 Plan 1 policy defaults). Most data is obvious (Edge Block Spam, Good Mail, Malicious URL etc.) but there’s a column labeled ‘others’ – in our case tallying as much as 10% of total volume.
Any idea what that is? (and are these messages delivered? quarantined? bit-bucketed? returned to sender?)
By mistake I have tried this simulation ( Malware Attachment) in my personal laptop directly, worried how to remove that malicious thing running in my personal laptop, any idea like where that malicious file gets stored, Thanks in Advance
Great stuff! I can’t believe how much of my life I have wasted navigating GUI’s to get basic networking info. This is a huge timesaver. I like the backup process as well before getting into heavy duty diagnostics. Your writing is great. I always read your articles even when I think I already know/understand the content because you always have a new wrinkle. Keep up the great work!
“With NTLM authentication, there is no way around rebooting or logging out.”
Not true. You can just kill explorer.exe and then launch it again by using runas.exe, as this will perform authentication with a DC and get a new token with the updated group membership for the new explorer process. So now they can access files and folders that are only accessible by those groups you added them to. Obviously requires the user to type their password in as part of the runas bit, but better than having to close everything and log off.