ASD Mailflow settings check script

I’ve taken the Exchange Online Mail Flow settings recommendations from the ASD Blueprint for Secure Cloud and created an online JSON settings file here:

https://github.com/directorcia/bp/blob/main/ASD/Exchange-Online/Settings/mailflow.json

I’ve then created a PowerShell script here:

https://github.com/directorcia/Office365/blob/master/asd-mailflow-get.ps1

with documentation here:

https://github.com/directorcia/Office365/wiki/ASD-Mail-Flow-Configuration-Check

that reads the online JSON file (or uses a local version if you want to use that) and compares the recommended ASD settings to those in your own Exchange Online environment. Note, the script makes NO CHANGES to your environment, it simply reads the current settings.

It then produces the console output you see above and a HTML report like this:

You can refer to this page I also created:

https://github.com/directorcia/bp/wiki/Exchange-Online-Mail-Flow-Security-Controls

as to why these settings are important to the security of your M365 environment.

Look out for more scripts like this coming soon. I welcome any suggestion about improving this.

CIA Brief 20251108

Whisper Leak: A novel side-channel attack on remote language models –

https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberatt…

3 Microsoft leaders share big ideas on the future of AI, gaming and work –

https://news.microsoft.com/signal/articles/microsoft-leaders-on-the-future-of-ai-gaming-and-work/?o…

New IDC research highlights a major cloud security shift –

https://www.microsoft.com/en-us/security/blog/2025/11/06/new-idc-research-highlights-a-major-cloud-…

Beware of double agents: How AI can fortify — or fracture — your cybersecurity –

https://blogs.microsoft.com/blog/2025/11/05/beware-of-double-agents-how-ai-can-fortify-or-fracture-…

Automating IOC hunts in Microsoft Sentinel data lake –

https://techcommunity.microsoft.com/blog/microsoftsentinelblog/automating-ioc-hunts-in-microsoft-se…

Microsoft offers in-country data processing to 15 countries to strengthen sovereign controls for Microsoft 365 Copilot –

https://www.microsoft.com/en-us/microsoft-365/blog/2025/11/04/microsoft-offers-in-country-data-proc…

Support tip: Aligning network policy with Microsoft Intune and Zero Trust –

https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-aligning-network-policy-…

Unlocking Business Value: Microsoft’s Dual Approach to AI for Security and Security for AI –

https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/unlocking-business-value-micros…

Build with Copilot Pages: A new way to bring your ideas to life –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/build-with-copilot-pages-a-new-way…

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control –

https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assist…

7 hidden gems to effectively manage your tasks in Microsoft Planner –

https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/7-hidden-gems-to-effectively-manag…

Delivering more threat hunting insights with Microsoft Defender Experts’ newest capabilities –

https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/delivering-more-threat-hunting-in…

After hours

“The Garage” featuring Lewis Hamilton & Eric André – https://www.youtube.com/watch?v=sPp8DhuBsKA

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

ASD Remote domains check script

I’ve taken the Exchange Online Remote Domains settings recommendations from the ASD Blueprint for Secure Cloud and created an online JSON settings file here:

https://github.com/directorcia/bp/blob/main/ASD/Exchange-Online/Mail-flow/remote-domains.json

I’ve then created a PowerShell script here:

https://github.com/directorcia/Office365/blob/master/asd-remotedomain-get.ps1

with documentation here:

https://github.com/directorcia/Office365/wiki/ASD-Remote-Domain-Configuration-Check

It then produces the console output you see above and a HTML report like this:

You can refer to this page I also created:

https://github.com/directorcia/bp/wiki/Exchange-Online-Remote-Domain-Security-Controls

as to why these settings are important to the security of your M365 environment.

Look out for more scripts like this coming soon. I welcome any suggestion about improving this.

CIAOPS Need to Know Microsoft 365 Webinar – November

laptop-eyes-technology-computer_thumb

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at my recommended security framework for Microsoft 365 environments.

*** BONUS CONTENT ***

As an added incentive to register for this webinar, I’ll send everyone that does a free copy of my M365 Security Framework Comparison analysis report. Stay tuned to your inbox once you have registered to help you secure your Microsoft 365 environment better.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

November Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2511)

The details are:

CIAOPS Need to Know Webinar – November 2025
Friday 28th of November 2025
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

CIA Brief 20251101

What’s new in Microsoft 365 Copilot | October 2025 –

https://techcommunity.microsoft.com/blog/Microsoft365CopilotBlog/what%E2%80%99s-new-in-microsoft-36…

Building human-centric security skills for AI –

https://techcommunity.microsoft.com/blog/microsoftlearnblog/building-human-centric-security-skills-…

GenAI vs Cyber Threats: Why GenAI Powered Unified SecOps Wins –

https://techcommunity.microsoft.com/blog/microsoft-security-blog/genai-vs-cyber-threats-why-genai-p…

Introducing Researcher with Computer Use in Microsoft 365 Copilot –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-researcher-with-comput…

Celebrating makers and innovation at Power Platform Community Conference 2025 –

https://www.microsoft.com/en-us/power-platform/blog/2025/10/30/celebrating-makers-and-innovation-at…

The 5 generative AI security threats you need to know about detailed in new e-book –

https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-n…

What’s New in Microsoft Intune: October 2025 –

https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune…

Cyber security priorities for boards of directors 2025-26 –

https://www.cyber.gov.au/business-government/protecting-business-leaders/cyber-security-for-busines…

Automate with Workflows Agent in Microsoft 365 Copilot (Frontier) –

https://www.youtube.com/watch?v=Vvk1ScZT-lo

SharePoint Showcase highlights: Smarter Copilot responses using metadata with the Knowledge Agent –

https://techcommunity.microsoft.com/blog/microsoft365insiderblog/sharepoint-showcase-highlights-sma…

Liquid Glass and template category filters in Word, Excel, and PowerPoint for iOS –

https://techcommunity.microsoft.com/blog/microsoft365insiderblog/liquid-glass-and-template-category…

Secure external attachments with Purview encryption –

https://techcommunity.microsoft.com/blog/azurepurviewblog/secure-external-attachments-with-purview-…

Using Microsoft Sentinel MCP Server with GitHub Copilot for AI-Powered Threat Hunting –

https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/using-microsoft-sentinel…

The next chapter of the Microsoft–OpenAI partnership –

https://blogs.microsoft.com/blog/2025/10/28/the-next-chapter-of-the-microsoft-openai-partnership/

Work smarter with Copilot in the People, Files, and Calendar apps –

https://techcommunity.microsoft.com/blog/microsoft365insiderblog/work-smarter-with-copilot-in-the-p…

Custom detections are now the unified experience for creating detections in Microsoft Defender –

https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/custom-detections-are-now-th…

Build apps in minutes with App Builder agent in Microsoft 365 Copilot (Frontier) –

https://www.youtube.com/watch?v=v27H_R1ltB0

Microsoft 365 Copilot now enables you to build apps and workflows –

https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you…

After hours

The AI rollout is here – and it’s messy – https://www.youtube.com/watch?v=GY_Ywqd3mzA

Editorial

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

October Microsoft 365 Webinar resources

The slides from this month’s webinar are available at:

https://github.com/directorcia/general/blob/master/Presentations/Need%20to%20Know%20Webinars/202510.pdf

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com.au/p/need-to-know-webinars

Watch out for next month’s webinar.

SharePoint Online–Playbook for SMB

To receive a FREE copy of my SharePoint Online – Playbook for Small Businesses you’ll need to sign up for, and attend, this months CIAOPS Need to Know webinar:

You can register for the regular monthly webinar here:

October Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2510)

The details are:

CIAOPS Need to Know Webinar – October 2025
Friday 31st of October 2025
11.00am – 12.00am Sydney Time

more webinar details.

Techwerks 29 – 21 November 2025

bw-car-vehicle

CIAOPS Techwerks face to face returns to Melbourne CBD on Friday the 21st of November 2025. The venue for the event will be:

Cliftons Melbourne CBD
Level 1, 440 Collins St
MELBOURNE VIC 3000

The course is limited to 15 people and you can sign up and reserve your place now! You reserve a place by completing this form:

http://bit.ly/ciaopsroi

or by sending me an email (director@ciaops.com) expressing your interest.

The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:

Gold Enterprise Patron = $50 ex GST

Gold Patron = $90 ex GST

Silver Patron = $180 ex GST

Bronze Patron = $360 ex GST

Non Patron = $720 ex GST

I hope to see you there.