Blog posts, news and opinions about Microsoft’s Office 365 cloud services and applications.
In this article, we guide you through the process of using the Graph Activity Log and Kusto Query Language (KQL) to hunt for common indicators of mailbox compromise, with useful tips along the way.
In this episode of Practical Protection, we explore securing Power Platform environments, covering the basics of environment isolation, governance strategies, and lifecycle management.
Updating Defender for Endpoint is quite complex, as the process differs between each operating system, and not all updates are alike. In this blog, we explore how to manage updates effectively on each platform, with practical tips throughout.
There's a lot to learn about Copilot Studio, especially for hard-pressed Microsoft 365 tenant administrators who already have too much work to do. This article gives administrators the essential details that they should consider as Copilot agents become more interesting to their organization.
The new Purview eDiscovery implementation supports a Graph API. Where there's a Graph API, there are PowerShell cmdlets based on the API. This article explains how to use PowerShell to automate different aspects of eDiscovery cases. PowerShell can't review the items found by searches, but it can handle most of the other processing.
In this episode of Practical Protection, we dive into the basics of Threat Hunting, tools you can use, and even some DIY hunting advice.
In this episode, Steve Goodman and Bastiaan Verdonk interview Victor King from Quest Software, on best practices for Active Directory security. They discuss identifying misconfigurations, managing privileged access, and continuous environmental monitoring.
This article explains how to scope groups administration using apps and restricted administration units to make sure that only certain administrators can manage certain groups programmatically. Although this is probably not something that is needed for some tenants, it's a technique that could be used in many situations.
Microsoft recently announced a breaking change for all Android-based Teams devices. Teams Administrators must prepare some required policies in Microsoft Intune and also check and validate Conditional Access policies. If the changes aren’t made, Teams Android devices cannot log in after the automatic update installation.
In this article, James Yip discusses different ways to leverage Intune to run PowerShell scripts as part of endpoint management, specifically for Windows workstations, to perform custom administrative tasks.
AI is supposed to make our lives easier, so how about writing some PowerShell to block out timeslots in a travek calendar when the calendar's owner is on the move? Eventually AI gets the task done, but it needed some coaching and firm instruction along the way.
Some people say that the Teams usage report (available in the Microsoft 365 admin center) is a great way of finding inactive teams. I consider that viewpoint to be rubbish because the Teams usage report doesn't include all the kinds of activities that a team might host. This article explains how to use audit data to supplement the usage report and create a better view of inactive teams.
