Starting my updates today (I typically wait a week to let other people be the test bed), I will update at the end tomorrow or the following day, especially if I run into any trouble.
More importantly though, there’s two substantial changes in Windows Updates this month that you should be aware of if you are not already.
KB5020805 enters the next phase for patching CVE-2022-37967.
This month’s patches do the following:
Between now and October is your last chance to look for anything broken by this change, after October 10th patches the ability to undo this change is removed completely.
For more details see: https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb
KB5021130 enters final phase of patching for CVE-2022-38023
This month’s patches are the final phase of mitigation for this issue. Last month it forced the on everyone, so hopefully you’ve seen and found anything broken, as this month removes the ability to turn this change off due to the following:
For more details see: https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
Check your system logs for both of those KBs (event IDs to look for are outlined later in both articles) before patching.
Edit 1:
Just noticed that “CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability” has additional remediation steps if you are not using Microsoft Defender for Office. More details and regkey included in this article: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
Just subscribed, came here for the same reasons! Hoping this place can take off, because main reason I was going to give Reddit a single of iota of traffic going forward was for the Mega Patch Tuesday Threads, those are so insanely helpful that they are the first place I go before patching now. Hopefully we’ll some going in here as well, maybe our lord and savior JoshTaco will grace us with their presence as well 🤞 🚬
Cheers!
Main thing to consider is where you’re storing the backups. Are you wanting to store the locally or in another cloud service? The other consideration, of course, is cost.
The most CapEx friendly solution is to buy a Synology with a ton of drives. Their built in software can backup 365 and Google without any additional cost or license. Your only limitations here are bandwidth, storage space, and the fact the data is local. A cheap place you could store this data back in another cloud would be Wasabi, which the Synology can also connect to.
Veeam can back to up to local or cloud based repos, Wasabi included, but you have to pay a per user license, which can add up.
A Cloud to Cloud backup solution I’ve worked with is SysCloud. Easy to use interface, especially for plucking out files and folders for recovery. You can pay per user or buy bulk storage. I’ve only used it for Google Suite for Drive/classrooms/and other non-mail stuff, but I know it can do 365 content as well.
Finally, for strictly email (and not OneDrive/SharePoint, etc), one option is Mimecast. They are a great email security gateway that you can route your email through ahead of 365, and I think for security alone are a good investment if you can afford it. In addition to it handling security functions, you can also buy the archival service for capturing everything that goes through before users interact with them. Being able to near instantly search our entire email archive is super handy when doing legal/hr searches. It ain’t cheap though.
Another cloud to cloud I know but don’t use for 365 is Druva. We used them for endpoint backup and are quite happy with them in that regard, but I do know they do 365 as well, don’t know much about how that is licensed though.
Definitely compare some other products but those should be a good list to start with.
However, I do think the Synology is probably slightly more unique in its space. The software that comes their NAS are really powerful, does all kinds of things without cost beyond buying the hardware it self.