You can’t disrupt a chain if you can’t identify the links. In this blog, Paul Robichaux goes over some of the ways you can break a Kill Chain in your environment. And it all starts with asking yourself the right questions.
Many Microsoft 365 and Exchange Server logs contain IP addresses. To find out where the IP addresses come from and if they are internal or external, PowerShell developers can use online web-based geolocation services. It's important not to overuse the services because you could be throttled.
I used Microsoft Defender for Cloud Apps in a project with Microsoft 365 E5 licenses and realized it’s a handy and powerful tool at a reasonable price even if purchased as a standalone product. This post will outline practical use cases for using it to monitor and enforce restrictions on Microsoft 365 apps and some third-party apps to reduce the likelihood of information leakage.
Continuous access evaluation (CAE) is a feature that flew under the radar over the past two years. Even so, CAE for Azure Active Directory is an extremely important feature that will not only increase the security posture of your environment but reduce the amount of time before a user loses access to resources when certain critical events happen. This article discusses the need for the feature and how to work with it.
The Microsoft 365 ecosystem is a big place and it's hard to keep on top of everything. But to start 2022 off with a bang, here are five areas for tenant administrators to consider when they plan how they'll spend their time in the new year. As always, feel free to disagree and add comments describing what you plan to do in 2022.
Microsoft has recently made major strides to improve the capability and resiliency of multi-factor authentication in Azure AD; however, this article highlights the four practical ways in which you can take advantage of MFA in your Microsoft 365 estate, and just turn the darn thing on already!
There are many ways in which you can improve the security of your Exchange Online environment. In this article, Sean McAvinue details the most important steps that admins can immediately implement to align Exchange Online tenants with a good security baseline and posture.
8 Comments
A variety of methods exist to block access to a user's Office 365 (Azure AD) account from a complete block to a conditional access policy. In this article, we examine the various methods and debate the worth of each approach. Conditional access policies are the cleanest and most effective long-term solution, but you need Azure AD premium licenses. If you don't have those licenses, maybe one of the other approaches will work for you.
Microsoft provides many methods to manage a tenant’s data and users. PowerShell is a powerful tool to manage resources, including Conditional Access Policies using a set of cmdlets in the AzureAD module. In this article, Microsoft MVP Damian Scoles reviews the eight PowerShell cmdlets and how to use them.
For many organizations it is not possible to implement and manage Office 365 to the level of security necessary without Azure AD Premium. It is also not possible to effectively deploy and consume the capabilities of Azure AD Premium all at once. Recommending a phased deployment approach, Brian Desmond walks you through implementation of the four most important features you should start with.
How the Azure Active Directory baseline security policy enforces multi-factor authentication for privileged administrator accounts in Office 365 and Azure AD.
How to use Azure Active Directory conditional access policies to block legacy applications such as POP, IMAP, and basic authentication from connecting to Office 365.
