Recently, security researchers at JumpSec labs identified a vulnerability in Teams that allows malware delivery through Teams chat. Microsoft Acknowledged the vulnerability but didn't release any immediate remedies. In this blog, we will discuss two practical methods to avoiding malware delivery within Teams.
You can’t disrupt a chain if you can’t identify the links. In this blog, Paul Robichaux goes over some of the ways you can break a Kill Chain in your environment. And it all starts with asking yourself the right questions.
In this Blog, James Yip explains how to conduct sensitive file inventory and background labeling using the Purview Information Protection Scanner.
Recycling is not only good for the planet, but it's also good for the security of your organization. In this article, Paul Robichaux discusses how to properly dispose of your devices so that you stay protected.
This week, we’re bringing you the latest news from Microsoft’s Build conference; including the best of many Microsoft 365 copilot announcements, a peek into the underpinnings of Copilot itself via new Azure service, the return of Mesh for Teams and much more.
Join us as we continue our deep dive into the validation phase of a Microsoft 365 Exchange Online Domain Transfer. In this Blog, we discuss how to communicate a migration plan to stakeholders and end-users.
Many people use the Windows Task Scheduler to run PowerShell scripts. The Task Scheduler works, but it creates a dependency on a specific workstation and isn't as secure as you might like. Running Microsoft 365 PowerShell scripts in Azure Automation is a much better idea. It's time to dump the Task Scheduler!
When it was first available, Microsoft 365 Data Loss Prevention (DLP) policies could only process Microsoft 365 data. Over the last few years, Microsoft expanded the scope for DLP to support these additional environments. In this article, we focus on implementation details around applying DLP to endpoint devices.
Whether you like it or not, MFA is coming for you! You can either deploy and support MFA for your users, or Microsoft is going to do it for you. The choice is yours. Learn more about how Microsoft will be enforcing MFA in the future, and what you should do.
At the end of March, Practical 365 traveled with the TEC European roadshow, traveling between three cities in Europe over a week, listening to experts talking primarily about security-focused topics aimed at improving your Microsoft 365, Azure AD and Active Directory. Read our whistle-stop tour of the most important points made by expert speakers.
While some methods for MFA responses have security issues, people often overlook their practical advantages. Not everyone is ready to dump a valid authentication method. In this article, we take the journey to removing phone-based responses from your tenant while considering some practical implications.
At the end of March 2023, CISA released a new tool called ‘Untitled Goose.’ It is a post-incident hunting tool to help security practitioners sift through security logs in the Microsoft Cloud. In this blog, we discuss the tool, its uses, and our opinion on it.
