Author: Thijs Lecomte

Latest Articles

When You Should Disable Azure AD Security Defaults

Security Defaults is a control in Azure Active Directory which has been around since 2019 and is enabled by default on new tenants created after October 2019. Microsoft recently announced they will now start turning on Azure AD security defaults for existing tenants. Throughout this blog we will explore what this means and if Security Defaults is the right fit for your organization.

June 13, 2022

Why Continuous Access Evaluation (CAE) for Azure AD Matters

Continuous access evaluation (CAE) is a feature that flew under the radar over the past two years. Even so, CAE for Azure Active Directory is an extremely important feature that will not only increase the security posture of your environment but reduce the amount of time before a user loses access to resources when certain critical events happen. This article discusses the need for the feature and how to work with it.

March 22, 2022

Ten Ways to Harden the Security of Your Microsoft 365 Tenant – Part 2

Over the years, the Microsoft security stack has become very feature rich and offers many ways to customize the configuration. Third-party products are available with similar features, but lack the integration capability of the Microsoft stack. In the second part of the "Ten Ways to Harden the Security of Your Microsoft 365 Tenant" series, we look at five ways to secure your environment using controls that require a premium license such as Office E5 or Azure AD Premium.

March 2, 2022

Ten Ways to Harden the Security of a Microsoft 365 Tenant

If there's one topic all administrators can agree on, it's that security is something every organization should work to improve in 2022. In this two-part article series, we explain ten different ways to improve tenant security that every administrator should consider. The first part reviews five ways to harden tenant security without the need for extra licenses, using controls that every organization can implement.

February 17, 2022

Planning for Azure AD Conditional Access Policies

Conditional Access policies provide many security benefits, from the implementation of MFA in a user-friendly way, to the controls that can limit what data users access or download. However, the process of setting up CA policies is daunting to some at first. This article provides some thought processes and best practices to make this security initiative more manageable.

February 10, 2022

Why Separate Microsoft 365 Administrator Accounts are Critical to Security Posture

There’s a lot of debate around the need to separate Microsoft 365 administrator accounts, especially when controls such as Privileged Identity Management exist within an organization. However, even with PIM there are remaining security concerns which necessitate the operation of separate accounts. This article explains the importance of using separate accounts; details how to target different Conditional Access policies for admin and user accounts and highlights how this approach increases your security posture and limits potential attack vectors against administrator accounts.

January 18, 2022

Identifying Potential Unwanted Access by Your MSP/CSP Reseller

Over the past few years, there's been an escalation in supply chain attacks where an attack on a partner company (like Kaseya or Solarwinds) has a direct effect on customers. A strong security posture is more important than ever as these attacks increase in frequency and sophistication, and this applies to Microsoft partners as well. Lately The Microsoft Threat Intelligence Center has reported seeing a significant rise in the number of attacks targeting Microsoft partners with Delegated Admin Permissions (DAP). This article unpacks the major issues around DAP and provides alternative solutions that grant your partner the level of access they need, while still maintaining a strong security posture for your tenant.

January 14, 2022
Set up Microsoft Sentinel as a single pane of glass for Microsoft 365 alerts
Microsoft Sentinel

Set up Microsoft Sentinel as a single pane of glass for Microsoft 365 alerts

Microsoft Sentinel helps organizations protect their Microsoft 365 tenants by providing insight into activity that might require investigation. This article shows how to set up Microsoft Sentinel with a basic configuration that delivers a great deal of value by enhancing your security posture. In just four simple steps, you can connect Microsoft Sentinel to other Microsoft Cloud Security products to get a single pane of glass for incidents and automate security response through playbooks.

January 3, 2022

When does enabling Microsoft Sentinel make sense?

While Microsoft Sentinel is certainly an excellent product, many organizations lack clear understanding around Microsoft 365 Defender and if it also provides a way to aggregate multiple security products. Microsoft MVP Thijs Lecomte explores the differentiators in this article: having a bird's eye view across security products, automation, third-party data sources, and more importantly - why you should enable it.

December 9, 2021