Group Policy as an Attack Pathway
Learn some of the main group policy attack pathways, why they are easily exploited, and how to mitigate them in this article by Darryl Baker.
November 14, 2022
Latest Articles
Five ways to Keep Active Directory Secure
Although we live and work in a cloud-first world, on-premises Active Directory (AD) remains a vital component of many companies' IT infrastructure. This article goes over five ways to keep Active Directory secure.
November 7, 2022
Practical Protection: Fernando Corbató’s Nightmare Legacy
This week on Practical Protection, Paul discusses the history of passwords and the many problems they pose in the modern cloud-based world.
October 31, 2022
Practical Protection: Security Principles for your Exchange Environment
Welcome to the first installment of Practical Protection with Paul Robichaux. Paul illustrates four general security principles and talks about how you can practically apply them to your Exchange environment.
October 18, 2022
Why a Potential Autodiscover Flaw is Just the Tip of an Iceberg
It's often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange - however, the Autodiscover protocol isn't flawed in the way they describe. Even though the issue is hard to replicate, it shouldn't distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.
September 28, 2021
Hot Air and Publicity for Purported Autodiscover Security Flaw
Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don't think a problem exists with Exchange Online, but it's possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.
September 23, 2021
The Practical 365 Update: S2, Ep 16 – Critical Exchange patches, new Teams and OneDrive features and we deep-dive on Information Barriers
On the show this week, Steve is joined by Patrick van Bemmelen to talk about how you can stop internal sharing with Information Barriers., And in important news we discuss the latest Exchange Server updates you need to apply TODAY, how the FBI have been accessing Exchange Servers - and we cover the latest updates available for Microsoft Teams, OneDrive, Outlook and more.
April 16, 2021
One comment
Drowning in Microsoft Cloud App Security email alerts
Flash Flood Warning! You Just Setup MCAS
Microsoft MVP Amy Babinchak reveals how Office365 administrators can turn Microsoft Cloud App Security (MCAS) into a manageable and indispensable tool for organizations. This is achieved with several simple, tried and true methods that will reduce the amount of information alerts while highlighting severe, actionable alerts which are detailed in this article.
April 6, 2021
Microsoft Issues Critical Security Updates for Exchange Server
Microsoft has issued critical security updates for Exchange on-premises servers. The fixes close off four known vulnerabilities which expose Exchange to day-zero attacks. It's important to apply these updates ASAP.
March 2, 2021
How to prevent Data Leaks using MCAS and PowerAutomate – Part Two
Part Two: How to use MCAS and PowerAutomate to prevent malicious activity when employees extract confidential corporate information from cloud repositories.
June 5, 2020
How to Prevent Data Leaks with MCAS & PowerAutomate – Part One
Part One: How to use MCAS and PowerAutomate to prevent malicious activity when employees extract confidential corporate information from cloud repositories.
June 3, 2020
First look at the new Microsoft 365 Security & Compliance portals
MVP Vasil Michev takes a first look at the new Security and Compliance Centers released for public preview and shares his thoughts.
February 21, 2019