Microsoft Secure Score Series – 13 – Set automated notifications for new and trending cloud applications in your organization

Set automated notifications for new and trending cloud applications in your organization With Cloud Discovery policies, you can set alerts that notify you when new apps are detected within your organization. And again, we’re back at Cloud App Security. Earlier I showed how MCAS can help you to discover shadow IT in your organization by ingesting your firewall and proxy log files. Today, we take a look at the app discovery policies that are available. If you are new to… 

Read More »Microsoft Secure Score Series – 13 – Set automated notifications for new and trending cloud applications in your organization

Use Power Automate or Logic Apps to keep an eye on your licenses

I guess we’ve all been there; you ran out of licenses in your Azure AD or Office 365 tenant. Despite you hang out in your admin portal every day, you were still taken by surprise when you discover an issue, caused by a license shortage. More often this is caused by the fact that the people who are responsible to buy these licenses, are not always IT admins. So it’s easy to run out of licenses. Time to get this… 

Read More »Use Power Automate or Logic Apps to keep an eye on your licenses

A first look at Administrative Units and My Staff in Azure Active Directory

Recently, Microsoft introduced Administrative Units in Azure Active Directory. At the time of writing, this feature is in preview. Today we take a first look at how this is going to help organizations managing users and groups in Azure Active Directory. But to understand why this feature is such a big deal, we need to know what the difference is between the “classic” Active Directory and the “modern” Azure Active Directory structure. Active Directory To illustrate this, I created a… 

Read More »A first look at Administrative Units and My Staff in Azure Active Directory

Microsoft Secure Score Series – 12 – Turn on customer lockbox feature

Turning on the customer lockbox feature requires that approval is obtained for data center operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There’s an expiration time on the request and content access is removed after the support engineer has fixed the issue. Today we are going to talk about the Customer Lockbox feature in Office 365. Some privacy regulations like HIPAA and FEDRAMP require procedures… 

Read More »Microsoft Secure Score Series – 12 – Turn on customer lockbox feature

Microsoft Secure Score Series – 10 – Discover trends in shadow IT application usage

Add a data source in automatic log upload for Cloud App Security Discovery to identify applications in your organization that run without official approval. After configuration, Cloud App Security Discovery will analyze firewall traffic logs to provide visibility into cloud applications’ usage and security posture. Today, we take a look at Cloud Discovery. With Cloud Discovery you can analyze your firewall and proxies log files, to track down shadow IT and determine the risk that is coming with the use… 

Read More »Microsoft Secure Score Series – 10 – Discover trends in shadow IT application usage

Set additional clocks to Windows 10 using Intune

When you work for an international company, or you have to deliver support in other timezones, you might find yourself Googling for time in different timezones from time to time. At least I did. Then I start looking for a way to make this easier and I was thinking to use BGInfo do reflect the time on my background. When struggling with this for 2 hours, I accidentally stumbled upon this setting, where you can display 2 additional clocks: I… 

Read More »Set additional clocks to Windows 10 using Intune

Microsoft Secure Score Series – 09 – Do not allow users to grant consent to unmanaged applications

Tighten the security of your services by regulating the access of third-party integrated apps. Only allow access to necessary apps that support robust security controls. Third-party applications are not created by Microsoft, so there is a possibility they could be used for malicious purposes like exfiltrating data from your tenancy. Attackers can maintain persistent access to your services through these integrated apps, without relying on compromised accounts. Today we take a look at a serious problem in the modern IT… 

Read More »Microsoft Secure Score Series – 09 – Do not allow users to grant consent to unmanaged applications

Install Windows Package Manager (winget) using Intune

Microsoft released a preview of the Windows Package Manager. I’m not going into detail about the product itself, because there are a lot of (better) alternatives for this already in the market. Today, we focus on how to get this tool installed on your endpoints, so you can use it for your software distribution. In this approach I use the APPX package. Normally I would use the Business Store for this, that version does not (yet) contain the winget feature.… 

Read More »Install Windows Package Manager (winget) using Intune

Sure, keep me signed in! And don’t prompt for MFA!

Today a short blog about MFA prompts, session lifetime, and cookies. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Session lifetime in Azure AD is often mistaken. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. The Azure AD defaults are pretty loose. When you leave every setting to default, the user experience is pretty good.… 

Read More »Sure, keep me signed in! And don’t prompt for MFA!