In the second article of this 2-part series, we describe the alternatives that exist to help secure access for remote workers, exploring the worthy features that don’t require MDCA. The features detailed in this article are available for any tenant with Azure AD Premium licensing and offer a more generic set of controls for tenants where MDCA licensing is not available.
There are many ways to provide secure access for remote users working on a home network or personal device (such as VPNs or VDI environments) and they each bring their own levels of complexity. This article explores using Microsoft Defender for Cloud Apps as a solution that is easily deployed, and capable of expanding beyond Office 365 to bring a higher level of control and governance over third-party cloud apps that lack similar native controls.
Microsoft 365 has many built-in controls to manage how users communicate externally, however, these controls do not generally extend to internal communication. While this is fine in most environments, situations exist where a degree of separation is required to segregate communication across different groups of users. This article details the configuration of Address Book Policies, and how they can be extended to include Teams.
Microsoft 365 Desired State Configuration (DSC), is a way to capture details of a tenant's configuration using PowerShell in such a way that any changes made to the configuration can be easily detected. DSC allows administrators to understand when configurations change so that they can take action when necessary. In this article, Sean McAvinue explains how to use DSC to capture and report details of your Microsoft 365 tenant.
With the pace of Office 365 adoption globally, many administrators will inevitably find themselves in a position where they need to manage more than one tenant simultaneously. When managing at scale, PowerShell allows authentication to multiple tenants using different PowerShell instances. Profiles and containers are a great way to operate across multiple tenants and accounts without going through cumbersome sign-out processes and closing browsers.
This article examines the different components of Defender for Office 365, and how you can customize the configuration beyond the baselines to enhance the relevance and impact the policies have on your tenant. The most important aspects to review when modifying the configuration from baselines and the reasons to consider each configuration option are highlighted, but they don’t take you all the way. The items listed here are a subset of what’s available, but when combined with the baselines will help you to bring your Defender implementation to the next level.
There's no definitive 'right' or 'wrong' way to structure Teams and channels, however there are some limits and best practices that can be followed to ensure the structures created are easy to use and navigate. This article explores the decision process Team owners can use to assess if a new channel is needed, what type should be used and how to manage large numbers of channels in a team.
There are many ways in which you can improve the security of your Exchange Online environment. In this article, Sean McAvinue details the most important steps that admins can immediately implement to align Exchange Online tenants with a good security baseline and posture.
Microsoft Defender for Office 365 (Previously Office 365 Advanced Threat Protection) is a suite of tools/policies that provides powerful protection for your Office 365 environment. This article explores the various tools available at the different licensing levels and shows how Preset Policies and Configuration Analyzer can help you quickly align with the guidance provided, allowing you to focus on the settings that matter the most in your environment.
Within large organizations utilizing Teams, generating reports on channel storage and then migrating this data is extremely difficult. To help map out how Teams uses SharePoint, this article introduces a simple Graph API/PowerShell script to report Teams channels and their SharePoint locations and walks you through the steps so you can run the report yourself.
14 Comments
Azure AD business-to-business guest user accounts are a terrific way to securely grant access to apps and services for external users and partner organizations. In this article, a script is introduced that can be used to automate the guest user invitation process, integrating it more seamlessly with any custom applications.
57 Comments
When contacts are added to an organizations Global Address List (GAL), they do not always populate in the users personal device contacts depending on what app, device, etc. is being used. This becomes problematic when users working from outside the office are unable to contact the IT Service Desk, HR, or other internal services. To solve the problem, this article introduces a PowerShell script that will read a set of standard contacts from a CSV file and write them as personal contacts to user mailboxes. Mobile devices can then synchronize these contacts along with others created by the user.
