Azure AD system-preferred authentication means that users must use their strongest authentication method when they sign-into Azure AD. The change emphasizes the desirability of strong authentication methods over weak. Now in preview, Microsoft plans to make the policy effective for everyone in July 2023.
There’s a lot of debate around the need to separate Microsoft 365 administrator accounts, especially when controls such as Privileged Identity Management exist within an organization. However, even with PIM there are remaining security concerns which necessitate the operation of separate accounts. This article explains the importance of using separate accounts; details how to target different Conditional Access policies for admin and user accounts and highlights how this approach increases your security posture and limits potential attack vectors against administrator accounts.
Over the past few years, there's been an escalation in supply chain attacks where an attack on a partner company (like Kaseya or Solarwinds) has a direct effect on customers. A strong security posture is more important than ever as these attacks increase in frequency and sophistication, and this applies to Microsoft partners as well. Lately The Microsoft Threat Intelligence Center has reported seeing a significant rise in the number of attacks targeting Microsoft partners with Delegated Admin Permissions (DAP). This article unpacks the major issues around DAP and provides alternative solutions that grant your partner the level of access they need, while still maintaining a strong security posture for your tenant.
Microsoft has released two new features to help Multi-factor authentication for Azure AD accounts work smarter and better. It's possible to implement number matching and additional context for MFA challenges in 30 minutes, and the two increase the security of MFA. It's something that every Microsoft 365 tenant administrator should consider, as we explain here.
From November 1, 2021, Microsoft requires Outlook 2013 Service Pack 1 (with fixes) as the minimum client version to connect to Exchange Online. Given all the publicity about attacks against the on-premises version of Exchange earlier this year, it's a wonder why organizations continue to allow people to use outdated client software to connect to Exchange Online. In any case, the drop-dead date is November 1. If you have any old Outlook 2007, Outlook 2010, or Outlook 2013 (before SP1) clients, it's time to start upgrading.