Introduction to Microsoft Exchange (Server and Online) for Cyber Security Engineers
Email security is a paramount staple in every Cyber security environment. This is due the fact email continues to be one of the (if not the main) threat vector for adversaries.
I have reported on this, many times — as vendors and National Cyber security entities share their yearly threat reports and recommendations.
Amongst the many vendors and this space, Microsoft is one the major ones, having being part of the industry since 2005, at least.
Starting out my career — I worked with Sys admins that used to deal with Forefront 2011 for on-prem Exchange servers. Years went by and I started dealing with Cisco’s IronPort Email Gateway as a Security Specialist/Engineer which was in the peak of popularity of Hosted Email security solutions — Good 2010s. Later working with Trend Micro’s Email Security Gateway and more recently with Microsoft’s Email security solution, Defender for Office 365.
During all these years, most of the time, customers I dealt with were using the same email platform… And I’m not here to discuss the reasons of why this is. Rather, in this piece, I’ll talk about the platform itself — what we’re protecting, the most popular and utilized Enterprise Email solution in the world.
I’ll focus on Microsoft Exchange for Enterprises. There’s a raft of solutions for consumers that I will not be including in my comments/research below — I will also allow myself to abstract some of the nomenclature in favour of simplicity.
Essentially, Microsoft Mailbox offering is called “Microsoft Exchange”. A great write-up about the history of Exchange can be seen in Wikipedia.
Starting out mid 90s with Exchange server, and later on being offered as a cloud service. Currently, Exchange is commonly deployed in a couple different models:
- Exchange Server
- Exchange Online — Cloud service
Internal teams at Microsoft worked on Mail solutions for the company.
A post in tech community reflects on the struggles back then. It’s an incredible…