• Home
  • Topics
    • Office 365
    • Teams
    • SharePoint Online
    • Exchange 2019
    • Exchange 2016
    • Exchange 2013
    • Hybrid
    • Certificates
    • PowerShell
    • Migration
    • Security
    • Azure
  • Blog
  • Podcast
  • Webinars
  • Books
  • About
  • Videos
    • Interview Videos
    • How To Guide Videos
  • Subscribe
    • Facebook
    • Twitter
    • RSS
    • YouTube

Practical 365

Why Separate Microsoft 365 Administrator Accounts are Critical to Security Posture

January 18, 2022 by Thijs Lecomte 9 Comments

Microsoft 365

There’s a lot of debate around the need to separate Microsoft 365 administrator accounts, especially when controls such as Privileged Identity Management exist within an organization. However, even with PIM there are remaining security concerns which necessitate the operation of separate accounts. This article explains the importance of using separate accounts; details how to target different Conditional Access policies for admin and user accounts and highlights how this approach increases your security posture and limits potential attack vectors against administrator accounts.

Azure Active Directory, Blog, Microsoft 365 Conditional Access policies, Credential Guard, FIDO2, Legacy Authentication, Multi-factor authentication, Phishing, Primary Refresh Token, Privileged Identity Management

Identifying Potential Unwanted Access by Your MSP/CSP Reseller

January 14, 2022 by Thijs Lecomte 2 Comments

Delegated Admin Permissions

Over the past few years, there’s been an escalation in supply chain attacks where an attack on a partner company (like Kaseya or Solarwinds) has a direct effect on customers. A strong security posture is more important than ever as these attacks increase in frequency and sophistication, and this applies to Microsoft partners as well. Lately The Microsoft Threat Intelligence Center has reported seeing a significant rise in the number of attacks targeting Microsoft partners with Delegated Admin Permissions (DAP). This article unpacks the major issues around DAP and provides alternative solutions that grant your partner the level of access they need, while still maintaining a strong security posture for your tenant.

Blog, Microsoft 365 Azure Lighthouse, Cloud Solution Provider, Delegated Admin Permissions, Granulated Delegated Admin Permissions, Managed Service Provider, Multi-factor authentication

Improve MFA Effectiveness in Your Microsoft 365 Tenant in 30 Minutes

November 22, 2021 by Tony Redmond 13 Comments

GENERIC Azure AD around Authentication

Microsoft has released two new features to help Multi-factor authentication for Azure AD accounts work smarter and better. It’s possible to implement number matching and additional context for MFA challenges in 30 minutes, and the two increase the security of MFA. It’s something that every Microsoft 365 tenant administrator should consider, as we explain here.

Azure Active Directory, Blog Additional context, Authenticator, Azure AD, Graph Explorer, MFA, Multi-factor authentication, Number matching

Old Versions of Outlook for Windows Stop Connecting to Exchange Online November 1

September 20, 2021 by Tony Redmond Leave a Comment

Outlook Windows Exchange Online

From November 1, 2021, Microsoft requires Outlook 2013 Service Pack 1 (with fixes) as the minimum client version to connect to Exchange Online. Given all the publicity about attacks against the on-premises version of Exchange earlier this year, it’s a wonder why organizations continue to allow people to use outdated client software to connect to Exchange Online. In any case, the drop-dead date is November 1. If you have any old Outlook 2007, Outlook 2010, or Outlook 2013 (before SP1) clients, it’s time to start upgrading.

Blog, Exchange Online Exchange Online, HAFNIUM, HTTP/2, Microsoft 365 apps for enterprise, Modern authentication, Multi-factor authentication, Outlook 2007, Outlook 2010, Outlook 2013 SP1

Recent Articles

  • Three Steps to Securing Microsoft Teams
  • Turn On MFA: Real-World Example of Fraud, Domain Stealing, and the Nearly Lost House Deposit
  • Changes in Microsoft 365 Apps Channels and Why You Should Care
  • A New Tool to Manage Exchange-related Attributes Without Exchange Server
  • Microsoft Launches Group Ownership Governance Policy

Copyright © 2022 Quadrotech Solutions AG · Disclosure · Privacy Policy
Alpenstrasse 15, 6304 Zug, Switzerland