An interesting and worthwhile interview (available on YouTube) with security researcher Amit Serper reveals a lot more detail about the Autodiscover credential leak reported by Guardicore last month. The interview (with three Office 365 MVPs) goes through the collection of leaked credentials, how Serper tried to reproduce the problem, and his interaction with Microsoft. It’s a real pity Serper didn’t include the information in his original report as it would have taken a lot of heat out of the situation.
Microsoft's Greg Taylor joins MVPs Steve Goodman and Paul Robichaux to discuss the demise of Basic Authentication (AKA Legacy Auth) in Exchange Online.
Yes - one of the core ways someone can exploit your tenant - but you might need it enabled thanks to a pesky vendor's app - will be gone. What do you need to do to prepare? What happens if you do nothing? We find that out, plus much more...
Microsoft has recently made major strides to improve the capability and resiliency of multi-factor authentication in Azure AD; however, this article highlights the four practical ways in which you can take advantage of MFA in your Microsoft 365 estate, and just turn the darn thing on already!Read More
Deleted Azure AD users enter a soft-deleted 30-day period. During this time, administrators can recover accounts. You might want to remove deleted accounts before this period lapses. As explained in this article, this is easily done using PowerShell.Read More
Microsoft has introduced a new feature to control how long guests have access to content shared with them in SharePoint Online and OneDrive for Business. You can configure a tenant-wide policy and then tune the policy for specific sites. The new control does not affect guest access gained through membership of Microsoft 365 Groups. Here’s what you need to know about SharePoint Online’s guest expiration policyRead More
It has been a tiring year for Exchange on-premises and hybrid administrators and unfortunately, it’s not getting any easier. The HAFNIUM exploits cast a negative light on Microsoft Exchange, re-emphasizing why email is a crucial part of any organization and that nothing and no one is exempt from an attack. Find out why and what you can do to protect your organization NOW.Read More
In the show this week, Ingo Gegenwarth joins Steve and Paul to talk about how to manage Exchange Online at scale in advance of his TEC talk; and we look at the pricing for Windows 365, test drive Teams 2.0 and check in on Skype in retirement – has it really retired?Read More
TEC 2021, The Experts Conference, takes place as a virtual event on September 1-2. In this article, Tony selects his favorite sessions from the event agenda. This isn’t to say that the other sessions are no good. Everyone’s got their own favorite topics and there are many other TEC 2021 sessions covering other topics which will make others very happy.Read More
Microsoft insists that encrypted SharePoint and OneDrive for Business files found by eDiscovery searches can only be decrypted by Advanced eDiscovery, which requires Office 365 E5 licenses. This seems unfair, especially as Office 365 E3 tenants can create and use sensitivity labels to protect Office documents stored in SharePoint Online and OneDrive for Business. An example of not very joined up thinking when it comes to software licensing?Read More
There are many ways in which you can improve the security of your Exchange Online environment. In this article, Sean McAvinue details the most important steps that admins can immediately implement to align Exchange Online tenants with a good security baseline and posture.Read More
The recent 10th anniversary of the launch of Office 365 brought some questions about the demarcation between Office 365 and Microsoft 365. For instance, do I have an Office 365 tenant or is it a Microsoft 365 tenant? Is a feature part of Microsoft 365 or does it belong to Office 365? And why does Microsoft insist on calling its desktop Office apps Microsoft 365 Apps for enterprise? Welcome to the bizarre world of branding, and that’s before throwing Windows 365 into the mix.Read More