======Microsoft - Exchange - Autodiscover======

[[https://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx|Microsoft TechNet - White Paper: Exchange 2007 Autodiscover Service]] \\
[[https://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx|Microsoft TechNet - White Paper: Understanding the Exchange 2010 Autodiscover Service]] \\

[[https://technet.microsoft.com/en-us/library/bb124251(v=exchg.141).aspx|Microsoft TechNet - Exchange 2010 - Autodiscover Service]] \\
[[http://technet.microsoft.com/en-us/library/bb124251(v=exchg.150).aspx|Microsoft TechNet - Exchange 2013 - Autodiscover Service]] \\

[[http://support.microsoft.com/en-us/kb/2783881|Microsoft Support - How to suppress the AutoDiscover mismatch warning in Outlook 2007, Outlook 2010, and Outlook 2013]] \\
[[http://support.microsoft.com/en-us/kb/2612922|Microsoft Support - How to control Outlook AutoDiscover by using Group Policy]] \\

[[http://blogs.technet.com/b/rmilne/archive/2013/04/02/busting-the-set-autodiscovervirtualdirectory-myth.aspx|TechNet Blogs » 250 Hello » Busting The Set-AutodiscoverVirtualDirectory Myth]] \\


=====Articles/Blogposts=====

[[http://social.technet.microsoft.com/Forums/exchange/en-US/f2083f31-af18-497b-a522-9869fdca4e13/exchange-2007-to-exchange-2013-transition-and-autodiscover?forum=exchangesvrdeploy|Exchange TechCenter Forums - Exchange 2007 to Exchange 2013 Transition and Autodiscover]] \\
[[http://www.proexchange.be/blogs/exchange2013/archive/2012/11/21/retrieving-exchange-autodiscover-scp-information-from-ad-via-powershell.aspx|Pro-Exchange,Lync & Office 365 - Retrieving Exchange Autodiscover SCP information from AD via PowerShell]] \\
[[http://sysadmin-e.com/exchange-scp|Sys Admin Extraordinaire - Details about Service Connection Point for Exchange Autodiscover]] \\
[[http://msdn.microsoft.com/en-us/library/office/dn467395(v=exchg.150).aspx|MSDN Office Dev Center - How to: Find Autodisover endpoints by using SCP lookup in Exchange]] \\
[[http://exchangeserverpro.com/exchange-server-2010-2013-migration-reviewing-autodiscover-configuration/|exchangeserverpro.com - Exchange Server 2010 to 2013 Migration – Reviewing Autodiscover Configuration]] \\
[[https://acbrownit.wordpress.com/2012/12/20/internal-dns-and-exchange-autodiscover/|AC Brown's IT World - Internal DNS and Exchange Autodiscover]] \\
[[https://acbrownit.wordpress.com/2014/04/04/exchange-autodiscover-episode-2-attack-of-the-exchange-server/|AC Brown's IT World - Exchange Autodiscover Episode 2: Attack of the Exchange Server]] \\
[[http://practicalkungfu.net/2013/02/10/disable-autodiscover-methods-in-outlook-2013/|PracticalKungFu.net - Disable autodiscover methods in Outlook 2013]] \\
[[http://www.anywherexchange.com/2014/05/disable-autodiscover-lookup-for-outlook.html|Exchange Anywhere - Disable Autodiscover SCP Lookup for Outlook Clients with Office 365]] \\
[[http://365command.com/autodiscover-service-and-how-to-disable-it-on-premises-justins-tech-tip-of-the-week/|Autodiscover service and how to disable it on-premises – Justin’s Tech Tip of the Week]] \\
[[http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/|Elan Shudnow's Blog - Autodiscover, DNS, Certificates, and what you need to know]] \\
[[http://blogs.technet.com/b/rmilne/archive/2011/10/21/exchange-amp-the-autodiscover-web-service.aspx|TechNet Blogs »  250 Hello »  Exchange & The Autodiscover Web Service]] \\
[[http://rajisubramanian.blogspot.nl/2014/01/exchange-2013-autodiscover-and-outlook.html|Raji Subramanian - Exchange 2013 Autodiscover and Outlook Provider]] \\
[[http://www.ntsystems.it/post/Outlook-Autodiscover-and-what-to-do-when-migrating-from-Exchange-2010-to-2013.aspx|ntSystems | info.tech - Outlook Autodiscover and what to do when migrating from Exchange 2010 to 2013]] \\
[[http://mikepfeiffer.net/2011/08/testing-exchange-autodiscover-with-powershell-and-the-ews-managed-api/|Mike Pfeiffer - Testing Exchange Autodiscover with PowerShell and the EWS Managed API]] \\
[[http://blogs.technet.com/b/kristinw/archive/2013/04/19/controlling-outlook-autodiscover-behavior.aspx|TechNet Blogs » We're All In! » Controlling Outlook Autodiscover behavior]] \\
[[http://blogs.technet.com/b/exchdxb/archive/2012/05/10/troublshooting-autodiscover-exchange-2007-2010.aspx|TechNet Blogs »  EXCHDXB »  Troublshooting Autodiscover (Exchange 2007/2010)]] \\
[[http://exchange-server-guide.blogspot.nl/2014/07/resolve-exchange-autodiscover-error-600.html|Microsoft Exchange Server Made Easy - Resolve Exchange Autodiscover Error 600 Invalid Request]] \\

[[http://blogs.technet.com/b/exchange/archive/2013/05/23/ambiguous-urls-and-their-effect-on-exchange-2010-to-exchange-2013-migrations.aspx|The Exchange Team Blog - Ambiguous URLs and their effect on Exchange 2010 to Exchange 2013 Migrations]] \\

[[http://lyncvoice.blogspot.nl/2015/01/troubleshooting-ews-issues-in-lync-2013.html|A blog on Skype for Business and LYNC - Troubleshooting EWS issues in LYNC 2013]] LYNC 2013 (and 2016) use the autodiscover DNS records to locate the EWS and do not use the SCP like Outlook can.


====Exploit====

[[https://www.guardicore.com/labs/autodiscovering-the-great-leak/|Guardicore - Autodiscovering the Great Leak]] \\
[[https://github.com/guardicore/labs_campaigns/tree/master/Autodiscover|GitHub - guardicore/labs_campaigns/tree/master/Autodiscover]] This repository contains a list of Autodiscover domains with all possible TLDs and a mapping to 127.0.0.1 to be included in your local hosts file. \\