Recently, security researchers at JumpSec labs identified a vulnerability in Teams that allows malware delivery through Teams chat. Microsoft Acknowledged the vulnerability but didn't release any immediate remedies. In this blog, we will discuss two practical methods to avoiding malware delivery within Teams.
In this Blog, James Yip explains how to conduct sensitive file inventory and background labeling using the Purview Information Protection Scanner.
Many people use the Windows Task Scheduler to run PowerShell scripts. The Task Scheduler works, but it creates a dependency on a specific workstation and isn't as secure as you might like. Running Microsoft 365 PowerShell scripts in Azure Automation is a much better idea. It's time to dump the Task Scheduler!
When it was first available, Microsoft 365 Data Loss Prevention (DLP) policies could only process Microsoft 365 data. Over the last few years, Microsoft expanded the scope for DLP to support these additional environments. In this article, we focus on implementation details around applying DLP to endpoint devices.
At the end of March, Practical 365 traveled with the TEC European roadshow, traveling between three cities in Europe over a week, listening to experts talking primarily about security-focused topics aimed at improving your Microsoft 365, Azure AD and Active Directory. Read our whistle-stop tour of the most important points made by expert speakers.
While some methods for MFA responses have security issues, people often overlook their practical advantages. Not everyone is ready to dump a valid authentication method. In this article, we take the journey to removing phone-based responses from your tenant while considering some practical implications.
At the end of March 2023, CISA released a new tool called ‘Untitled Goose.’ It is a post-incident hunting tool to help security practitioners sift through security logs in the Microsoft Cloud. In this blog, we discuss the tool, its uses, and our opinion on it.