Zum Inhalt

Index

Opt-in to Enable or Disable IPv6 in Exchange Online (without DANE)

Starting October 16, 2024, Microsoft will enable IPv6 for all customer Accepted Domains using Exchange Online. This upgrade offers improved security, scalability, and performance by utilizing IPv6.

Organizations need to update their network allow-lists (Firewall) to permit Exchange Online IPv6 endpoints and modify any IP-based inbound connectors referencing IPv4 (Connector, Rules). It is possible to stay with IPv4-only traffic, domains can be opted out over a PowerShell cmdlet. After October 16, if no preference is set, IPv6 will be enabled by default, potentially affecting inbound email traffic.

Switch to UnifiedAuditLog from MailboxAuditLog (and AdminAuditLog)

Microsoft is going to retire Audit Log cmdlets from the 'Exchange Online PowerShell' module starting from September 2024. Instead, they recommend using the Unified Audit Log (UAL) for auditing.

  • MailboxAuditLog: The Mailbox Audit Log cmdlets will have a separate deprecation date, which will be announced early next year.
  • AdminAuditLog: Two Admin Audit Log cmdlets, Search-AdminAuditLog and New-AdminAuditLog (New-AdminAuditLogSearch), will retire on September 15, 2024. It's recommended to use Search-UnifiedAuditLog instead.

Entra or Microsoft Graph PowerShell

Since June 2024, a new option has become available for transitioning legacy PowerShell scripts away from the deprecated AzureAD module. Below are examples and thoughts on which option might suit your path to solving this challenge. The 'Entra PowerShell' module, currently in Public Preview, shows great potential to soon be ready for production environments.

Passkey (FIDO2, CBA, SSH, MFA)

Over the years, we've been familiar with SSH key-based authentication, deploying a restricted set of FIDO2 Security keys, and experimenting with certificate-based authentication (CBA). However, due to complexity and platform limitations, we've faced challenges in widespread implementation, resulting in a reliance on extensive MFA through Authentication Apps or even SMS (considered weak). The introduction of the new Passkey holds the promise of rewriting this history.