Microsoft 365 insights from the field

A blog by Peter Schmidt about Security, Identity, Email Protection, Compliance, AI & Copilot, and Tenant-to-Tenant migrations

Microsoft Purview reference architecture diagrams – what’s in them and why it matters

by

Microsoft published a set of reference architecture diagrams for Purview. If you work with M365 data protection, they’re worth reading. There are 11 diagrams, from the Microsoft Purview Customer Excellence Engineering team, covering the full stack: They’re reference flows, not implementation guides. They won’t tell you how to build a policy, but they help you understand why one behaves the way it does, which is often more useful. Where to find the diagrams All diagrams …

Read more

Email Security Foundations #05 – DKIM deep dive: signing, selectors and how verification works

by

This post is part of the Email Security Foundations series on MSDigest.net. What DKIM actually does DKIM stands for DomainKeys Identified Mail. Where SPF checks where a message came from, DKIM proves that the message hasn’t been changed while it was in transit. When you send an email, your mail server adds a cryptographic signature to the message. When the receiving server gets it, it looks up your public key in DNS and uses that …

Read more

Email Security Foundations #04: SPF mistakes, troubleshooting, and validation

by

This post is part of the Email Security Foundations series on MSDigest.net. The mistakes that break SPF quietly SPF usually does not fail in loud or obvious ways. Mail does not bounce with a helpful error message. It just gets filtered, delayed, or rejected somewhere else. You only find out when someone eventually asks, “Did you get my email?” These are the mistakes I see most often, and how to fix them. Multiple SPF records …

Read more

Is Your On-Premise Exchange Server Ready for March 22nd 2026?

by

If you run an on-premises Exchange Server or any Windows-based SMTP relay that sends mail to or receives mail from Exchange Online, then you might have a hard deadline coming up: March 22, 2026. Miss it, and you can risk breaking your mail flow, if the Root Certificates used by Exchange is not updated. What Is Changing Microsoft Exchange Online is switching its TLS certificates to the DigiCert Global Root G2 certificate authority. This is …

Read more

Email Security Foundations #03: SPF deep dive – how it works and how to configure it

by

This post is part of the Email Security Foundations series on MSDigest.net. What SPF actually does SPF, Sender Policy Framework, is simply a way to publish a list in DNS of which servers are allowed to send email for your domain. When a receiving mail server gets a message claiming to be from yourdomain.com, it looks up your SPF record and checks whether the sending server is on that list. That’s it.That’s the whole idea. …

Read more