Hal Pomeranz · Apr 20, 2022 · 12:20 AM UTC

Hal Pomeranz

Hal Pomeranz @hal_pomeranz

20 Apr 2022

Notes from the IR front lines — if you have on-prem Exchange, assume compromise. Also start a plan to migrate to Microsoft 365… yesterday.

435

kyle hendrickson · Apr 20, 2022 · 10:21 PM UTC

kyle hendrickson @MoarGood

20 Apr 2022

Is this necessary if exchange is not accessible to the internet? No EWS or OWA? MDM for access to mobile email? Proof point or something like it as your email edge to the internet?

Hal Pomeranz · Apr 20, 2022 · 11:09 PM UTC

Hal Pomeranz · Apr 20, 2022 · 11:09 PM UTC

Hal Pomeranz @hal_pomeranz

20 Apr 2022

Replying to @MoarGood

Certainly eliminates Exchange as the initial breach, but it will be a juicy target after they get in with stolen VPN credentials

Apr 20, 2022 · 11:09 PM UTC

kyle hendrickson · Apr 20, 2022 · 11:24 PM UTC

kyle hendrickson @MoarGood

20 Apr 2022

Replying to @hal_pomeranz

With exchange being so much more than just simple email services, it has never made sense to just stick it on the internet raw and naked no matter how much people like outlook web access.