A writeup about the MERCURY attack by the Microsoft Threat Intelligence team reveals how a nation state actor linked to the Iranian government compromised an Azure AD tenant by using the AADConnect tool. In this article, we discuss how the attack developed and what you can do to prevent the same attack techniques being used against your tenant.
In this edition of Practical Protection with Paul Robichaux, we dive into understanding what multi-tenant applications are, what they can do, and how to manage them in order to keep your tenant and users safe.
Microsoft 365 tenant administrators might want to know when user accounts receive a specific license. Unhappily, Azure AD license assignment dates can mislead, so some interpretation and personal knowledge might be needed to find out just when a user was licensed.
As organizations move to the cloud, on-premises environments (and their security) are put in the background as the focus shifts to the cloud. Nevertheless, most organizations I know are in a hybrid scenario where the on-premises environment holds the master data and synchronizes everything into Azure Active Directory. This blog explores how an on-premises environment is connected to the cloud and how an attacker might move from on-premises to the cloud laterally.
Azure AD system-preferred authentication means that users must use their strongest authentication method when they sign-into Azure AD. The change emphasizes the desirability of strong authentication methods over weak. Now in preview, Microsoft plans to make the policy effective for everyone in July 2023.
Hybrid work is really a mixed blessing—while it offers a lot of fantastic benefits for people who are able to take advantage of it, it can introduce some new and unpleasant security issues that you need to be prepared to deal with. This article dives into these new risks and how you can avoid them.
Microsoft 365 security is a big topic. Focus is important when it comes to getting things done. In this article, we suggest five areas that administrators could work on during 2023 to improve the security posture of their tenant. You might already have established full control over some of these areas. Even if you have, it's still good to consider if you can improve security.
Dynamic Azure AD administrative units are like dynamic Azure AD groups in that they have a membership rule to calculate their membership. Azure AD uses the rule to find members regularly, so the administrative unit never goes out of date. That is, assuming the properties of Azure AD user accounts are maintained and up to date.
Today, conditional access policies can restrict access to Microsoft 365 workloads but not to specific objects within a workload, such as individual mailboxes or SharePoint sites. In this article, James Yip explores using Authentication Context with conditional access polices to secure access to sensitive SharePoint content.
Microsoft 365 tenants can create Azure AD accounts in different ways. No matter whether you create accounts manually or with PowerShell scripts, the important thing is to end up with the right data in Azure AD because many Microsoft 365 features depend on accurate directory.
When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.
Microsoft’s Windows 365 Cloud PC offering can be the perfect fit for organizations that require remote workers to log into a PC that can access their network without the need for a VPN. This article deep dives into Windows 365 and how to setup Windows 365 Enterprise for your organization.
