What's Trending

Subscribe

Latest Posts

Why Using App Secrets in Production is a Bad Idea 3 Comments

Why Using App Secrets in Production is a Bad Idea

As many organizations adapt legacy scripts to use app authentication instead of traditional service account credentials, security can be compromised if certain risks are overlooked. While app secrets can be great for testing code, there’s a reason they have an enforced expiry date - the longer a secret exists in production, the higher the risk it will become compromised. The methods described in this article will help build a good foundation for app authentication while keeping security top of mind when creating or updating automation scripts.

February 16, 2022
Attack Simulation Training: RBAC and End User Notifications 2 Comments

Attack Simulation Training: RBAC and End User Notifications

Attack Simulations are Microsoft’s foray into a crowded field of competitors who provide a service that trains users to recognize dangerous email with simulated Phishing or malware-infested messages. Microsoft has continually added features and functionality since they released Attack Simulations, including additional simulation types, different payloads, custom payloads, customizable training and more. The most recent upgrades are RBAC permissions and end user notifications. These two additions to Attack Simulation Training are a great incentive to deploy and adopt this functionality, as End User communications are the key enhancement that make this feature worthwhile for an organization.

February 15, 2022
Planning for Azure AD Conditional Access Policies 26 Comments

Planning for Azure AD Conditional Access Policies

Conditional Access policies provide many security benefits, from the implementation of MFA in a user-friendly way, to the controls that can limit what data users access or download. However, the process of setting up CA policies is daunting to some at first. This article provides some thought processes and best practices to make this security initiative more manageable.

February 10, 2022
Microsoft 365 Tech Blogging, Vlogging and Podcasting Kit – Top Choices for 2022 5 Comments

Microsoft 365 Tech Blogging, Vlogging and Podcasting Kit – Top Choices for 2022

Creating content to share with your fellow IT professionals is time-consuming, and getting the right setup and equipment for tech blogging, vlogging and podcasts is important. However, it can be difficult to know what the best kit for your budget is. In this article you'll find exactly what you need, from Microsoft 365 environments, microphone, cameras, green-screens to software for recording or streaming your next tech discovery in the Microsoft Cloud.

February 4, 2022
Exchange Online Launches Support for MTA-STS 5 Comments

Exchange Online Launches Support for MTA-STS

Exchange Online now supports SMTP Strict Transport Security (MTA-STS), a mechanism to help defend SMTP communications between mail servers. Microsoft 365 tenants can decide if they want to enable MTA-STS for their domain by publishing a DNS record and an MTA-STS policy. You don't have to use MTA-STS, but it's a good idea to consider the option.

February 4, 2022
Secure Access for Remote Workers without Microsoft Defender for Cloud Apps 4 Comments

Secure Access for Remote Workers without Microsoft Defender for Cloud Apps

In the second article of this 2-part series, we describe the alternatives that exist to help secure access for remote workers, exploring the worthy features that don’t require MDCA. The features detailed in this article are available for any tenant with Azure AD Premium licensing and offer a more generic set of controls for tenants where MDCA licensing is not available.

February 3, 2022