User Profile
rijojoy7
MCT
Joined 3 years ago
User Widgets
Recent Discussions
Re: Mastering Outbound Spam Protection in Microsoft Defender and Exchange Online Protection (EOP)
Users These are individual mailboxes, mail users, or mail contacts. Example: You want to apply the policy to email address removed for privacy reasons and email address removed for privacy reasons. You enter both email addresses in the "Users" box. Result: The policy applies to emails sent by Alex or Jessica Groups You can choose Distribution groups Mail-enabled security groups Microsoft 365 Groups (but NOT dynamic distribution groups) Example -You select the group email address removed for privacy reasons. Result -The policy applies to all members of the SalesTeam group Domains You can apply the policy to senders whose primary email belongs to a specific domain. Example: You enter contoso.com. Result: The policy applies to everyone in your organization with an email like email address removed for privacy reasons. Note: If you include contoso.com, it also automatically includes subdomains like marketing.contoso.com, unless you specifically exclude them How to Add Values Click in the appropriate box (Users, Groups, or Domains). Start typing an identifier—this can be a name, alias, email, etc. Select from the dropdown list. You can repeat this step to add multiple entries. Example: Add email address removed for privacy reasons and email address removed for privacy reasons. Both will be included Logic Applied (OR vs. AND) Same category (Users/Groups/Domains) = OR logic. If any match, policy is applied. Example: If either email address removed for privacy reasons OR email address removed for privacy reasons sends an email, the policy applies. Different categories combined (User + Group) = AND logic. All conditions must match. Example User: email address removed for privacy reasons Group: Executives Result: The policy only applies if Romain is a member of Executives group Exclude Internal Senders (Sender Exceptions) This lets you exclude specific senders from the policy. Same category exclusions = OR logic Different category exclusions = OR logic too Example: You exclude: email address removed for privacy reasons email address removed for privacy reasons Domain: hr.contoso.com Result: If the sender is Lisa, or in the ITTeam group, or has an email in hr.contoso.com, the policy won’t applyMastering Outbound Spam Protection in Microsoft Defender and Exchange Online Protection (EOP)
In today’s cloud-driven landscape, protecting your organization’s email flow is not only about stopping inbound threats—it’s also about ensuring your users aren’t the source of outbound spam. Whether caused by account compromise, misconfiguration, or shadow IT, outbound spam can damage your domain’s reputation, trigger blacklists, and even lead to service throttling from Microsoft. What Is Outbound Spam? Outbound spam refers to unwanted or malicious messages sent from inside your organization to external recipients. These messages can originate from: Compromised accounts Misused shared mailboxes Automation scripts or connectors Forwarding loops Outbound spam can place your domain on blocklists, reduce deliverability, and ultimately erode trust in your brand Tools Used: Microsoft Defender + Exchange Online Protection Microsoft 365 includes built-in outbound protection via: Exchange Online Protection (EOP) for all tenants Microsoft Defender for Office 365 for advanced protection and insights Step-by-Step: Configuring Outbound Spam Protection in EOP Create and Apply Outbound Spam Policies Microsoft 365 Defender Portal → Email & Collaboration → Policies & Rules → Threat Policies → Anti-Spam Policies Select ->Create Policy → Outbound Spam Filter Policy Give the policy a clear name Apply granular scoping by selecting users, groups, or domains based on risk level Configure outbound spam policies in EOP Message limits sections Section configures the limits for outbound email messages from Exchange Online Set an external message limit Maximum number of external recipients a user can send messages to in a one-hour period Set an internal message limit Maximum number of internal recipients a user can send messages to in a one-hour period Set a daily message limit The maximum total number of recipients per day This limit encompasses both internal and external recipients Valid value is 0 to 10000 Restriction placed on users who reach the message limit Restrict the user from sending mail until the following day Email notifications are sent, and the user is unable to send any more messages until the following day, based on UTC time Restrict the user from sending mail User can't send email until they're removed from Restricted users by an admin After an admin removes the user from the list, the user won't be restricted again for that day limit reset to zero No action, alert only Email notifications are sent Forwarding rules section controls automatic email forwarding by Exchange Online mailboxes to external recipients Automatic - System-controlled - system to manage the automatic forwarding of email messages to external recipients On - Forwarding is enabled: Automatic external email forwarding isn't disabled by the policy Off - Forwarding is disabled: All automatic external email forwarding is disabled by the policy Disabling only automatic forwarding messages to external addresses Outbound spam policies don't affect the forwarding of messages between internal users Notifications section You can configure additional recipients who should receive copies and notifications of suspicious outbound email messages Send a copy of suspicious outbound messages that exceed these limits to these users and groups Specify users or groups within your organization who should receive copies of outbound email messages that exceed the defined sending limits Setting adds the specified recipients to the bcc field of suspicious outbound messages Setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies Notify these users and groups if a sender is blocked due to sending outbound spam Allow you to configure who should receive a notification when a sender is blocked for sending outbound spam This setting is in the process of being deprecated from outbound spam policies Strongly recommend that you use the alert policy rather than this setting in the outbound spam policy to notify admins and other users Remove blocked users from the Restricted entities page Email & collaboration > Review > Restricted entities The user is restricted from sending email, but they can still receive email. Alert settings for Restricted users Automatically notifies admins when users are blocked from sending email Email & collaboration > Policies & rules > Alert policy Search Policy Name: User restricted from sending email Managing outbound spam is more than configuring a few switches—it's about having a layered defense posture. Microsoft Defender for Office 365 and Exchange Online Protection give you the visibility, automation, and control to protect both inbound and outbound mail traffic Managing outbound spam isn’t just about setting limits—it’s about shaping a layered, intelligent policy landscape Detects malicious senders Alerts admins in real time Automatically blocks abuse Protects domain trust and email deliverability With Microsoft Defender for Office 365 and EOP, you have everything you need to build a resilient outbound protection frameworkMicrosoft Intune device enrollment self learn
What is Microsoft Intune Intune enables organizations to manage and secure their employees’ devices, applications, and data Device like desktop computers, laptops, smartphones, or tablets Key features and capabilities Mobile Device Management (MDM) Mobile Application Management Endpoint Security Device and App Configuration Conditional Access Endpoint Security Reporting and Analytic License Support Microsoft 365 E3 ,Microsoft 365 E5 ,Microsoft 365 F1 ,Microsoft 365 F3 ,Microsoft 365 A3,A5 (Education Only), Microsoft Business Premium, Enterprise Mobility + Security E3,Enterprise Mobility + Security E5 , Add on Microsoft Intune Plan 1 , Microsoft Intune Plan 2 Basic Steps Device Intune Enrollment Allow users to join devices to Microsoft Entra ID (Entra admin > Device > device Setting ) Users may join devices to Microsoft Entra All – all user can join Selected – selected user or Group None – no one Require Multifactor Authentication to register or join devices with Microsoft Entra No if you use a Conditional Access policy to require multifactor authentication Manage Additional local administrators on Microsoft Entra joined devices Select the users who are granted local administrator rights on a device These users are added to the Device Administrators role in Microsoft Entra ID Enable Microsoft Entra Local Administrator Password Solution(LAPS) Management of local account passwords on Windows devices Restrict non-admin users from recovering the BitLocker key(s) for their owned devices Admins can block self-service BitLocker key access to the registered owner of the device Configuring Entra ID MDM/WIP scopes (Entra admin >Settings > Mobility > Microsoft Intune) MDM (Mobile Device Management) and WIP (Windows Information Protection) set of policies and configurations in Microsoft Entra that allow organizations to control and manage how devices and applications access corporate resources MDM Scope: Device-level policies and settings Organizations can manage the entire device, including device settings, apps, and data. This scope allows organizations to enforce device compliance, deploy device configurations, manage apps, and control access to corporate resources WIP Scope: Data protection feature that helps prevent accidental data leakage by separating personal and corporate data https://rijoskill.com/microsoft-intune/Azure Virtual Desktop how to create host pool
What is Host Pool Collection of one or more virtual machines (VMs) that serve as session hosts Providing virtual desktops or remote applications to users Efficient management, scaling, and maintenance of the virtual desktop infrastructure Example Host Pool A company Acme Corp, with multiple departments Sales, Marketing, and Engineering. Each department has different host pool Sales Department Host Pool Host pool contains VMs with applications specific to the sales team Marketing Department Host Pool Host pool contains VMs with applications specific to the Marketing team Engineering Department Host Pool Host pool contains VMs with applications specific to the Engineering team Host Pool Type Personal host pool Each user is assigned a dedicated session host VM Individual desktop experience Settings, data, and applications remain the same between sessions Example: A company assigns dedicated VMs to their executives and managers for personalized and consistent virtual desktop experiences Assignment Type Direct Administrators manually assign specific session host VMs to individual users Automatic Azure Virtual Desktop automatically assigns a session host VM to users when they first log in to the host pool Pooled host pool Multiple users to share a set of session host virtual machines (VMs) within a host pool Users are dynamically assigned an available session host VM from the pool Two primary load balancing algorithms available for pooled host pools Breadth-first load balancing This algorithm distributes user sessions across the maximum number of available session host VMs in the host pool Example Pooled host pool with 4 session host VMs maximum session limit 6 , If there are 16 concurrent user sessions each VM will have 4 sessions on average maintaining a balanced distribution Depth-first load balancing This algorithm fills each session host VM to its maximum session limit before moving on to the next VM Example Pooled host pool with 4 session host VMs maximum session limit 6 , If there are 16 concurrent user sessions each VM will have maximum session limit then only move to next session Application Group Type Logical grouping of applications App groups allow administrators to organize and manage application Two primary app group types Desktop App Group Provides users with a full desktop experience Allowing access to all applications session host VMs within the host pool A desktop app group named Desktop Application Group Automatically created when a host pool is created Not support to create another desktop app group in the same host pool while a desktop app group exist Example : Software development team requires access to a complete Windows 10 desktop experience with various integrated development environments (IDEs), version control tools, and other applications RemoteApp Group Provides users access to individual applications installed on session host VMs Instead of presenting an entire desktop environment You can create multiple remote app group as your requirement Example: A sales team needs access to a customer relationship management (CRM) application and a presentation tool RemoteApp app group with these applications and assigns it to the sales team members Application groups User Assignment A user can be assigned to both a desktop app group and one or more RemoteApp app groups in the same host pool. Users can only launch one type of app group per session Workspace A workspace is a logical grouping of application groups. Each application group must be associated with a workspace for users to see the desktops and applications published to them complete setup Guide click the below link https://rijoskill.com/get-started-with-azure-virtual-desktop-a-complete-tutorial/Learn Azure Site to Site VPN On-Premises to Azure
many organizations have started to adopt a hybrid approach, where they maintain a mix of on-premises and cloud resources. Microsoft Azure's Site-to-Site VPN is a powerful solution that enables secure and seamless connectivity between your on-premises network and an Azure Virtual Network (VNet). Azure Site-to-Site VPN and the steps to set it up. What is Azure Site-to-Site VPN? Azure Site-to-Site VPN is a service that allows you to create a secure and private connection between your on-premises network and an Azure VNet over an encrypted IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This connection allows your on-premises resources to communicate with Azure resources as if they were part of the same local network. Prerequisites To establish a Site-to-Site VPN connection in Azure, you need the following: An Azure Virtual Network (VNet) with a defined address space. A compatible VPN device on-premises with a public IP address. A Local Network Gateway representing your on-premises network. A Virtual Network Gateway associated with your Azure VNet. Complete guide below link Setup guide how to configure Azure site-to-site VPN on-premise to AzureAZ-104 Step-by-Step Guide to Configuring Data Disks for Azure VMs
Azure Virtual Machine Disk Topic Cover -Azure Virtual Machine Disk -Disk Type -LAB Demonstration https://rijoskill.com/az-104-step-by-step-guide-to-configuring-data-disks-for-azure-vms/AZ-104 Azure Compute Gallery - Simplify VM Image Management
Azure Compute Gallery, a service on Azure that helps you easily create and share common VM images across your organization. Read More https://rijoskill.com/az-104-azure-compute-gallery-simplify-vm-image-management/Re: Staged rollout of MFA
MFA Default Configuration link https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-defaults entra admin center ->identity -> Overview -> properties -> Security defaults ->enable once you enable all user need to register MFA , default You Need Manage MFA need premium license , Azure AD P1 license (office Business Premium , E3,E5) license details please find below link https://www.microsoft.com/en-us/security/business/microsoft-entra-pricingRe: SharePoint Anyone links expiration date
Does the expiration date expire fore internal users? no only you can put the expiration date anyone Can the expiration date be set for People in the organization? no Please refer the link https://learn.microsoft.com/en-us/microsoft-365/solutions/best-practices-anonymous-sharing?view=o365-worldwide#set-an-expiration-date-for-anyone-linksAZ-104 How to Create and Manage a Virtual Machine Scale Set in Azure
https://rijoskill.com/az-104-how-to-create-and-manage-a-virtual-machine-scale-set-in-azure/ Virtual machine scale sets allow you to deploy and manage a group of identical, load balanced VMs in Azure. Scale sets are an Azure Compute resource that provide automatic scaling capabilities to quickly scale out VMs to meet demand and scale in to save costs when demand is low.AZ-104 Azure Availability Zones Configuring VMs for High Availability
Achieve 99.99% VM Uptime with Azure Availability Zones Availability Zones in Azure allow you to distribute your infrastructure and applications across physically separate data Centers. This prevents downtime from failures affecting a single location. AZ-104 Azure Availability Zones Configuring VMs for High AvailabilityHow to Create a Virtual Machine Availability Set in Azure for High Availability
Hi I just create one small blog topic related to Virtual Machine Availability Set How to Create a Virtual Machine Availability Set in Azure for High Availability, - What are availability sets? - How availability sets provide high availability - Fault domains and update domains - Creating an availability set in the Azure portal - Adding VMs to an availability set https://rijoskill.com/azure-virtual-machine-availability-set/Re: AZ-104 Voucher
https://events.microsoft.com/en-us/Allevents/?language=English Microsoft provide challenges once you participate and complete challenge you can get Plese join linkindin. Microsoft learn , Microsoft community blog Real time update you will recive Currently now Microsoft AI challenges available
