Exchange

Recently I observed an interesting behavior after setting up a Microsoft Booking page. After creating the booking page, I suddenly got an e-mail to an automatically created mail alias with the same name as the booking page. This made me curious and I wanted to understand the behavior behind this, and if this could be abused by attackers to impersonate users in Exchange online. In this blog post, I want to share my findings and some tips on how to detect and prevent this kind of abuse in your environment. Microsoft Booking # Microsoft describes the Bookings capabilities as part of Microsoft 365: “A simpler way to organize schedules and manage appointments.” Booking pages can be either of type ‘personal’ or ‘shared’: Personal booking pages provide a handy option for users to create their own booking page, which is automatically linked to their calendar and allows others to book appointments with them. This is a great feature for users who want to share their availability and allow others to easily schedule meetings. The shared booking pages allow teams to provide a booking experience for services hosted by a team and come with a special mailbox and calendar.