The Critical Need for Integrating Devices with Intune
In this blog, Jon Jarvis reviews the importance of integrating devices with Intune, and the risks that can arise from poorly managed devices.
February 21, 2024
Latest Articles
Entra ID Multifactor Authentication Reaches 38% of All User Accounts
In a February 12, 2024 tweet, Microsoft revealed that the percentage of Entra ID multifactor authentication by user accounts has reached 38%. In this article, we show how to use sign-in records to figure out if people use MFA and calculate the percentage of user accounts protected by MFA in a tenant.
February 19, 2024
Practical Protection: Should You Allow User Application Consent?
User consent is a great example of the tension between improved security and user convenience. Users want to be able to consent to applications without requiring the help of IT, which also allows the potential for a breach. In this blog, Paul reviews your options to solving the user consent problem.
February 16, 2024
Teams & Entra ID New Features, Plus Copilot Adoption in the Real World: The Practical 365 Podcast S4 E13
On the show this week, Steve and Paul talk through a plethora of new updates arriving in Microsoft Teams, Entra ID's leap towards zero trust, plus MVP Andy Huneycutt joins the Podcast to discuss Copilot for Microsoft 365 adoption.
February 9, 2024
Why You Should Conduct Regular Entra ID Assessments
In this article, Sean McAvinue explains what an Azure AD Assessment is and how it can assess and report on your Entra ID configuration, as well as plan the remediation of any discovered issues.
January 30, 2024
Cyber Roundtable with Microsoft’s Alex Weinert on Storm-0558 & Identity Protection. Plus the New Teams & Exchange Security: The Practical 365 Podcast S4 E6
On the show this week, Steve, Paul and Rich are joined by Microsoft's VP Director of Identity Security, Alex Weinert, to discuss almost all things related to securing identities. We hear about what happened behind the scenes during Storm-0558, and we discuss essential steps to protect Microsoft 365. And we discuss the latest news in the world of Microsoft 365 - in particular we discuss the new Teams 2.1 client that recently became GA, and for those still running on-premises or Hybrid Exchange Servers, it is time to get patching.
October 20, 2023
Practical Graph: Report Microsoft 365 Licenses Assigned Through Group-Based Licensing
Group-based licensing is a simple way to automate the distribution of licenses to members of security groups. In this article, we review how the mechanism works and show how to automate operations with PowerShell. Finally, we update the tenant licensing report to include group-based licensing and to highlight duplicate license assignments.
October 9, 2023
Heard at TEC: The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations
This blog is a recap of Sean Metcalfs TEC session on The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations.
September 28, 2023
Exploring the Value of Microsoft 365 Multi-Tenant Organizations
Many questions arose from the announcement of the Microsoft 365 multi-tenant organization (MTO) feature, In this article, I examine some practical aspects of multi-tenant organizations and examine why MTO does not replace the need for tenant-to-tenant migrations.
September 11, 2023
Adding an Expiration Date for Entra ID Guest Accounts
Microsoft has long been asked to support guest account expiration, just like the functionality available for on-premises Active Directory accounts. Engineering priorities have not allowed the developers to work on the feature, but it's possible to do the job with PowerShell as we explain here.
May 2, 2023
Detecting and Protecting Entra ID from Password Spray Attacks
With the move to the cloud, many organizations synchronize identities to Azure Active Directory. This makes an attacker’s job easier as they have a single point where they can attempt to compromise accounts. In this article, Thijs Lecomte walks through the protection and detection mechanisms available to repel password spray attacks.
November 10, 2022