From 002166e949aaa5498c308e03482e6c7edb56ae89 Mon Sep 17 00:00:00 2001 From: David Paulson <dpaul@microsoft.com> Date: Thu, 15 Feb 2024 09:40:46 -0600 Subject: [PATCH 1/2] TlsDomain only need check with DomainValidation --- .../Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 | 3 ++- docs/Diagnostics/HealthChecker/ExoConnectorCheck.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 index c3c958cb04..772f22bb6c 100644 --- a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 +++ b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 @@ -318,7 +318,8 @@ function Invoke-AnalyzerFrequentConfigurationIssues { $showMoreInfo = $true } - if ($connector.TlsDomain -ne "mail.protection.outlook.com") { + if ($connector.TlsDomain -ne "mail.protection.outlook.com" -and + $connector.TlsAuthLevel -eq "DomainValidation") { $params = $baseParams + @{ Name = "Send Connector - $($connector.Identity.ToString())" Details = "TLSDomain not set to mail.protection.outlook.com" diff --git a/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md b/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md index 0aab89e368..84ee82078a 100644 --- a/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md +++ b/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md @@ -17,7 +17,7 @@ These are now being flagged as an issue due to some recent changes within Exchan Some additional configuration concerns are also warned about if one of the following is true: - TLSAuthLevel is not set to `CertificateValidation` or `DomainValidation` -- TLSDomain is not set to `mail.protection.outlook.com` +- TLSDomain is not set to `mail.protection.outlook.com` if TLSAuthLevel is set to `DomainValidation` ## Included in HTML Report? From 5b22735b4f739685d5f7f5ca89100922d56c134b Mon Sep 17 00:00:00 2001 From: David Paulson <dpaul@microsoft.com> Date: Thu, 15 Feb 2024 10:01:20 -0600 Subject: [PATCH 2/2] TlsAuthLevel set to NULL, TlsDomain warning no longer triggered --- .../HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 index 4497cba3b8..b926686dcf 100644 --- a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 +++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 @@ -121,7 +121,7 @@ Describe "Testing Health Checker by Mock Data Imports" { TestObjectMatch "Open Relay Wild Card Domain" "Not Set" TestObjectMatch "EXO Connector Present" "True" # Custom EXO Connector with no TlsDomain TlsAuthLevel - $Script:ActiveGrouping.Count | Should -Be 14 + $Script:ActiveGrouping.Count | Should -Be 13 } It "Display Results - Security Settings" {