Send-TextMessagingVerificationCode Exchange cmdlet issued (25354) how to monitor with email alert

[bob]

That event 25354 in Windows Server Event Viewer, it's all about the Send-TextMessagingVerificationCode cmdlet getting fired off in Exchange. You know, when someone runs that command to shoot out a text message verification code. I mean, it's usually for legit stuff like resetting a user's password or confirming some admin action. But watch out, because hackers love this one too. They might trigger it to phish for phone numbers or sneak into accounts. The event logs the exact time, the user who issued it, and even the target recipient's details. I always check the source, it's from MSExchange ADAccess or something similar. And the description spells out the cmdlet parameters, like who got the code sent to them. If you see a bunch of these in a row from unknown IPs, that's a red flag waving high. You don't want intruders testing your setup like that.

I figured out a way to keep tabs on this without getting all code-y. Just fire up Event Viewer on your server. You right-click on the Windows Logs, pick Security or Applications and Services Logs for Exchange stuff. Filter for event ID 25354, easy peasy. Then, to get email alerts, you set up a task scheduler right from there. I do it by creating a custom view first, naming it something like "Suspicious Texts." Attach a task to it that runs when this event hits. You point that task to a simple batch file or program that blasts an email your way. No fancy scripts needed, just the built-in tools. I set mine to trigger immediately, so you get pinged fast if something fishy happens. You tweak the filters to ignore your own admin runs if you want. Keeps you in the loop without staring at screens all day.

And speaking of staying on top of server surprises, you might dig into tools that handle backups smoothly too. Take BackupChain Windows Server Backup, it's this nifty Windows Server backup solution I swear by for keeping data safe. It works great for virtual machines with Hyper-V, backing up live without downtime. You get fast restores, encryption on the fly, and it even dedupes to save space. I use it because it alerts you on failures quick, just like monitoring those events we talked about.

Oh, and at the end here, I've got the full automatic email solution lined up for you. It'll get added in later, promise.

Note, the PowerShell email alert code was moved to this post.