Storm-0558 is a China-originated attack against sensitive Exchange Online mailboxes. The attack exposed several flaws in Microsoft's processing of data. Microsoft says that the holes are now closed, but it's still a good idea to check that your tenant is not being attacked in the same way.
Microsoft 365 Copilot is only available for 4 Microsoft 365 SKUs. There's no technical reason why this is so. Instead, Microsoft is using Copilot as a selling point to convince customers to upgrade to Microsoft 365 E5 (preferably). All's fair in love and business, and this is just an example of product management for maximized profit.
You can’t disrupt a chain if you can’t identify the links. In this blog, Paul Robichaux goes over some of the ways you can break a Kill Chain in your environment. And it all starts with asking yourself the right questions.
On this week’s show, Paul and I are joined by industry veteran Mary Jo Foley, to talk about her keynote session at this year’s TEC conference this coming September – learn her view on how your priorities and Microsoft’s intersect and what value Microsoft 365 needs to deliver. Plus we’re talking new Power Platform and Teams AI-driven features plus there’s a plethora of new Azure AD & Entra features that help secure your environment and make it easier for complex organizations to work seamlessly together.
At the end of March, Practical 365 traveled with the TEC European roadshow, traveling between three cities in Europe over a week, listening to experts talking primarily about security-focused topics aimed at improving your Microsoft 365, Azure AD and Active Directory. Read our whistle-stop tour of the most important points made by expert speakers.
While some methods for MFA responses have security issues, people often overlook their practical advantages. Not everyone is ready to dump a valid authentication method. In this article, we take the journey to removing phone-based responses from your tenant while considering some practical implications.
Because of the way the Windows security model works, it’s not currently possible to eliminate the use of passwords for local administrator accounts. Given that fact, the next best solution is to remediate the biggest problems with passwords for these local accounts, including weakness, reuse, and tenure. In this article, we discuss how the Local Administrator Password Solution (LAPS) helps with all of those!
Microsoft 365 auditing makes lots of data available to administrators to help them understand what happens in a tenant. When attackers try to compromise accounts, they can leave fingerprints behind in audit data. Being aware of what you might find in the data helps suppress BEC attacks.