Chris Lehr - Portland OR
@chrislehr.com
Formerly @chrislehratx No more Twitter. My opinions are my own. Technology, old dull man things and more!
admin.microsoft.com/Adminportal/...
This will speed up a LOT of investigative efforts, I imagine. Awesome stuff to see from MSFT!
This will speed up a LOT of investigative efforts, I imagine. Awesome stuff to see from MSFT!
September 17, 2025 at 4:04 PM
admin.microsoft.com/Adminportal/...
This will speed up a LOT of investigative efforts, I imagine. Awesome stuff to see from MSFT!
This will speed up a LOT of investigative efforts, I imagine. Awesome stuff to see from MSFT!
EXO ETR to quarantine DirectSend emails (sample, use with care/caution/and lighter handed actions than the picture!
August 5, 2025 at 11:49 PM
EXO ETR to quarantine DirectSend emails (sample, use with care/caution/and lighter handed actions than the picture!
TIL - those times when it says block but the message inboxed is answered right here.
April 17, 2025 at 4:45 AM
TIL - those times when it says block but the message inboxed is answered right here.
Bravo - Allowing admins to add allows to their allow list. Finally.
March 10, 2025 at 7:57 PM
Bravo - Allowing admins to add allows to their allow list. Finally.
Ditching that Felon
February 20, 2025 at 9:46 PM
Ditching that Felon
Any recommendations aside from this one? Sort of abandoning some media and looking for advice.
February 10, 2025 at 2:38 AM
Any recommendations aside from this one? Sort of abandoning some media and looking for advice.
Why does MSFT not use DANE?
November 20, 2024 at 2:04 AM
Why does MSFT not use DANE?
KQL EmailEvents by country - improved!
EmailEvents
| where geo_info_from_ip_address(SenderIPv4) != ""
| extend GeoIPInfo = geo_info_from_ip_address(SenderIPv4)
| extend country = tostring(parse_json(GeoIPInfo).country)
| project country
| summarize count()by country
EmailEvents
| where geo_info_from_ip_address(SenderIPv4) != ""
| extend GeoIPInfo = geo_info_from_ip_address(SenderIPv4)
| extend country = tostring(parse_json(GeoIPInfo).country)
| project country
| summarize count()by country
November 18, 2024 at 7:49 PM
KQL EmailEvents by country - improved!
EmailEvents
| where geo_info_from_ip_address(SenderIPv4) != ""
| extend GeoIPInfo = geo_info_from_ip_address(SenderIPv4)
| extend country = tostring(parse_json(GeoIPInfo).country)
| project country
| summarize count()by country
EmailEvents
| where geo_info_from_ip_address(SenderIPv4) != ""
| extend GeoIPInfo = geo_info_from_ip_address(SenderIPv4)
| extend country = tostring(parse_json(GeoIPInfo).country)
| project country
| summarize count()by country
