About Michel de Rooij

Michel de Rooij, with over 25 years of mixed consulting and automation experience with Exchange and related technologies, is a consultant for Rapid Circle. He assists organizations in their journey to and using Microsoft 365, primarily focusing on Exchange and associated technologies and automating processes using PowerShell or Graph. Michel's authorship of several Exchange books and role in the Office 365 for IT Pros author team are a testament to his knowledge. Besides writing for Practical365.com, he maintains a blog on eightwone.com with supporting scripts on GitHub. Michel has been a Microsoft MVP since 2013.

Security Updates Exchange 2016-2019 (Nov2024)

Posted on November 12, 2024 by Michel de Rooij

NOTICE (Nov27): The SUs have been re-released. The v2 adds additional control over the X-MS-Exchange-P2FromRegexMatch header, which is set for messages with a non-RFC5322 compliant P2 FROM header. Install these on your Exchange server, also if you already deployed the v1 SU to benefit from the additional control.

The Exchange product group released November 2024 updates for Exchange Server 2016 and 2019.

The vulnerabilities addressed in these Security Updates for Exchange Server are:

Vulnerability	Category	Severity	Rating
CVE-2024-49040	Spoofing	Important	CVSS:3.1 7.5 / 6.7

The v2 Security Updates for each supported Exchange Server build are linked below:

Exchange	Download	Build	KB	Supersedes
Exchange 2019 CU14	Download	15.2.1544.14	KB5044062 KB5049233	KB5036401
Exchange 2019 CU13	Download	15.2.1258.39	KB5044062 KB5049233	KB5036402
Exchange 2016 CU23	Download	15.1.2507.44	KB5044062 KB5049233	KB5036386

Added Features

Anti-Malware Scan Interface (AMSI) integration

The ability of products that use the Exchange Server AMSI integration to perform additional tasks on message bodies. The feature is disabled by default. You can enable it on a protocol base like Exchange Web Services or PowerShell. More information on this feature here.

Non-RFC5322 compliant header detection

Similar to the change in Exchange Online mentioned in MC886603, after installing this SU, messages with a non-compliant P2 FROM header (RFC5322) will be detected. Unlike Exchange Online, which will drop these messages, Exchange will add a header that can be used in transport rules as organizations see fit. To be compliant, organizations should ensure messages with multiple From addresses include a Sender header. More information here.

Elliptic Curve Cryptography (ECC) certificate support

ECC certificates can now be used on Edge Transport servers and bound to the POP and IMAP services. Note that unlike the previous implementation, which required enabling using New-SettingOverride, they are now configured through a registry key, i.e.

New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\Diagnostics" -Name "EnableEccCertificateSupport" -Value 1 -Type String

More information here.

Microsoft Information Protection Client (MSIPC)

MSIPC will now ne enabled by default, replacing Microsoft Digital Rights Management (MSDRM) for information rights management.

Fixed Issues

Apart from security fixes and added features, these Security Updates also correct the following issues:

Issue Fixed	Exchange 2016	Exchange 2019
Journal report decryption doesn’t decrypt attachment in journal mailbox	Yes	Yes
Error after adding support for AES256-CBC–encrypted content in August 2023 SU	Yes	Yes
Exchange can’t decrypt IRM messages	Yes
Server with PowerShell_ISE doesn’t serialize when connecting to EMS	Yes	Yes
Email sent through Pickup folder displays admin version	Yes	Yes
CSR created by Exchange are signed with outdated Encryption algorithm	Yes	Yes
OWA displays incorrect time zone for Amman	Yes	Yes
Kazakhstan changes to single time zone in 2024	Yes	Yes
Moderated messages are marked as expired after they are approved or rejected		Yes
Exchange Transport Rules and Data Loss Prevention rules don’t work after installing November 2024 SU V1	Yes	Yes

Notes

Security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2019 CU14 to Exchange 2019 CU13. When downloading, the security update will carry the same name for different Cumulative Updates, and I suggest tagging the file name with the CU level when archiving it, e.g., Exchange2019-CU14-KBXXXXXX-x64-en.msp.
Like Cumulative Updates, Security Updates are cumulative, and you only need to install the latest SU for your CU.
If you have deployed Exchange Management Tools to manage your on-premises Exchange Servers or installed the tools after removing the Last Exchange Server for recipient management, it is recommended that you apply the Security Update. Be aware of a few cmdlet piping issues mentioned here.

On a final note, as with any patch or update, it is recommended that you apply it in a test environment before implementing it in production. However, it is not recommended to wait for regular maintenance cycles when it concerns security updates and follow a more agile approach; the ratings indicate the level of urgency.

Practical PowerShell Series: Part 7

Posted on October 22, 2024 by Michel de Rooij

Defining dynamic parameters in advanced functions or scripts significantly enhances user experience and functionality by making these functions or scripts more intuitive and user-friendly, primarily when used interactively. For instance, with tab completion, parameters are offered – or not – based on specified conditions, guiding users toward correct usage patterns. This reduces errors and improves overall script robustness by ensuring users are directed toward the appropriate options, making the script more flexible and easier to use.

The seventh part of the Practical PowerShell series covers using dynamic parameters to enhance advanced functions or scripts, discussing both Parameter Sets and DynamicParam script block.

Click here to read the full article on Practical 365.

Practical PowerShell Series: Part 6

Posted on September 3, 2024 by Michel de Rooij

The practicalities of producing PowerShell output and generating logging are other essential scripting elements. No administrator likes to stare at a blank screen, wondering if the command just entered is functioning or not. Also, when performing bulk operations against multiple objects, it could be wise to register the success or failure of this operation in a manner that is useful for reporting. Depending on your use case, it can also be beneficial to log these failures so that they can easily be re-used for consecutive retries after remediation of the cause.

The sixth part of the Practical PowerShell series covers these topics, talking about output streams and logging.

Click here to read the full article on Practical 365.

MVPs around the World (2024)

Posted on July 11, 2024 by Michel de Rooij

Update: Added Sankey diagram to display award relationships between 2023 to 2024.

Another year, another Microsoft MVP award cycle. Happy to report that yours truly received his 11th MVP Award

As every year, this is also a moment to have a quick peek at the MVP population. The numbers below are taken from the public MVP portal on July 11th. Comparing them to July of recent years should give an idea of trends and what award categories (and thus products) seem to have focus.

A few notes:

3.187 public MVP profiles were processed.
The award categories Enterprise Mobility and M365 Development have ceased to exist and are now expertise areas. Most MVPs who used to be in these categories have moved to the Security and Developer Technologies categories.
More countries are now represented in the program compared to last year.

MVP Awardees per Category

The following chart and table display the awardees per award category from July 2019 to 2024, plus change percentages compared to previous years. Former Enterprise Mobility and M365 Developer awardees have mostly moved to Security and Developer Technologies.

Award Category	Jul2020	Jul2021	%	Jul2022	%	Jul2023	%	Jul2024	%
AI Platform	122	138	13%	128	-7%	105	-18%	269	156%
Business Applications	240	323	35%	351	9%	442	26%	474	7%
Cloud and Datacenter Management	209	219	5%	164	-25%	136	-17%	111	-18%
Data Platform	358	392	9%	364	-7%	335	-8%	307	-8%
Developer Technologies	697	770	10%	715	-7%	747	4%	761	2%
Enterprise Mobility	113	133	18%	149	12%	100	-33%	0	-100%
Internet of Things	0	0	0%	0	0%	43	0%	43	0%
M365	512	556	9%	492	-12%	541	10%	643	19%
M365 Development	64	69	8%	59	-14%	70	19%	0	-100%
Microsoft Azure	463	534	15%	546	2%	526	-4%	527	0%
Mixed Reality	0	0	0%	0	0%	45	0%	35	-22%
Security	0	0	0%	0	0%	171	0%	305	78%
Windows and Devices	43	42	-2%	45	7%	61	36%	102	67%
Windows Development	110	120	9%	92	-23%	37	-60%	30	-19%
Total	2931	3296	12%	3105	-6%	3359	8%	3607	7%
Count	2849	3223	13%	3023	-6%	3175	5%	3187	0%

Note: The difference between total awards and total MVPs is caused by MVPs that are awarded in more than one category.

MVP Awardees per Country

The following chart and table display the awardees per country, plus change percentages compared to July last year.

Country	No.(change)	Country	No.(change)	Country	No.(change)	Country	No.(change)
ALB	1 (0%)	SLV	2 (0%)	MKD	5 (0%)	SVK	4 (100%)
AGO	1 (100%)	EST	4 (300%)	MYS	7 (16%)	SVN	7 (16%)
ARG	17 (30%)	FIN	33 (6%)	MLT	1 (100%)	ZAF	11 (0%)
AUS	106 (-3%)	FRA	117 (-2%)	MUS	1 (100%)	ESP	100 (12%)
AUT	31 (-7%)	GEO	1 (100%)	MEX	18 (5%)	LKA	10 (11%)
AZE	4 (100%)	DEU	138 (6%)	MAR	4 (100%)	SWE	77 (1%)
BHR	1 (0%)	GHA	6 (-15%)	MMR	1 (-50%)	CHE	52 (4%)
BGD	3 (-25%)	GRC	11 (120%)	NPL	3 (-25%)	TWN	44 (-5%)
BEL	58 (-2%)	GTM	1 (0%)	NLD	174 (4%)	TZA	1 (100%)
BOL	5 (66%)	HND	1 (0%)	NZL	32 (-20%)	THA	16 (45%)
BIH	6 (-15%)	HKG	6 (0%)	NIC	3 (200%)	TUN	1 (0%)
BRA	124 (0%)	HUN	8 (-12%)	NGA	25 (38%)	TUR	20 (-5%)
BGR	7 (-30%)	ISL	4 (0%)	NOR	39 (-12%)	TGO	0 (-100%)
CMR	1 (0%)	IND	114 (40%)	PAK	9 (80%)	UKR	13 (44%)
CAN	113 (-7%)	IDN	7 (-13%)	PAN	3 (200%)	ARE	3 (50%)
CHL	4 (0%)	IRL	31 (-9%)	PRY	1 (0%)	GBR	272 (5%)
CHN	132 (0%)	ISR	12 (-15%)	PER	13 (0%)	USA	481 (1%)
COL	16 (14%)	ITA	68 (3%)	PHL	6 (-15%)	URY	2 (100%)
COD	4 (100%)	JPN	146 (-12%)	POL	65 (8%)	UZB	2 (0%)
CRI	2 (0%)	JOR	1 (100%)	PRT	22 (4%)	VEN	1 (0%)
CIV	1 (0%)	KAZ	0 (-100%)	PRI	0 (-100%)	VNM	5 (0%)
HRV	13 (-14%)	KEN	7 (133%)	REU	1 (100%)	UZB	2 (0%)
CZE	24 (-20%)	KOR	54 (-17%)	ROU	11 (-43%)	VEN	1 (0%)
DNK	47 (4%)	LVA	1 (-67%)	SAU	4 (-20%)	VNM	5 (0%)
DOM	3 (-50%)	LBN	1 (100%)	SEN	0 (-100%)	YEM	1 (100%)
ECU	4 (0%)	LTU	6 (200%)	SRB	7 (40%)
EGY	8 (100%)	LUX	1 (0%)	SGP	19 (35%)

MVP Awards from 2023 to 2024

The Sankey diagram below displays the number of awarded categories moving from 2023 to 2024 (click to zoom). New awardees are categorized as “New,” and those who are no longer present on the MVP portal (e.g., no longer MVP) are categorized as “Out.” Note that new awardees getting awarded in multiple categories are counted as new for each category; in other words, there are not 632 new MVPs awarded this cycle.

If you have questions or comments, please leave them in the comments below.

Practical PowerShell Series: Part 5

Posted on July 3, 2024 by Michel de Rooij

Writing PowerShell scripts can be a fulfilling task. After all, you write something to assist with a task or procedure so you can focus on the result, not the task itself. But what if your script tries to run an action and is unsuccessful, for example, when a user the script attempts to manipulate is invalid or the signed-in account has insufficient permissions to run a cmdlet? And do not forget the peculiarities of the online world, such as a network connection dropping or an authentication token expiring.

This is where one of the often-undervalued aspects of writing resilient and “a less optimistic version” of scripts comes into the picture: exception handling, the topic of the fifth part in the Practical PowerShell series.

Click here to read the full article on Practical 365.