I guess we’ve all been there; you ran out of licenses in your Azure AD or Office 365 tenant. Despite you hang out in your admin portal every day, you were still taken by surprise when you discover an issue, caused by a license shortage. More often this is caused by the fact that the people who are responsible to buy these licenses, are not always IT admins. So it’s easy to run out of licenses. Time to get this…
Recently, Microsoft introduced Administrative Units in Azure Active Directory. At the time of writing, this feature is in preview. Today we take a first look at how this is going to help organizations managing users and groups in Azure Active Directory. But to understand why this feature is such a big deal, we need to know what the difference is between the “classic” Active Directory and the “modern” Azure Active Directory structure. Active Directory To illustrate this, I created a…
Turning on the customer lockbox feature requires that approval is obtained for data center operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There’s an expiration time on the request and content access is removed after the support engineer has fixed the issue. Today we are going to talk about the Customer Lockbox feature in Office 365. Some privacy regulations like HIPAA and FEDRAMP require procedures…
With the user risk policy turned on, Azure AD detects the probability that a user account has been compromised. As an administrator, you can configure a user risk conditional access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state. Today, we take a look at Azure AD Identity Protection. More specifically, the ability to take…
Add a data source in automatic log upload for Cloud App Security Discovery to identify applications in your organization that run without official approval. After configuration, Cloud App Security Discovery will analyze firewall traffic logs to provide visibility into cloud applications’ usage and security posture. Today, we take a look at Cloud Discovery. With Cloud Discovery you can analyze your firewall and proxies log files, to track down shadow IT and determine the risk that is coming with the use…
Tighten the security of your services by regulating the access of third-party integrated apps. Only allow access to necessary apps that support robust security controls. Third-party applications are not created by Microsoft, so there is a possibility they could be used for malicious purposes like exfiltrating data from your tenancy. Attackers can maintain persistent access to your services through these integrated apps, without relying on compromised accounts. Today we take a look at a serious problem in the modern IT…
Today a short blog about MFA prompts, session lifetime, and cookies. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Session lifetime in Azure AD is often mistaken. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. The Azure AD defaults are pretty loose. When you leave every setting to default, the user experience is pretty good.…
A quick word upfront. I’m not a salesperson. I’m interested in FIDO2 because it delivers passwordless and strong authentication. That means that you should be free using any FIDO2 security key or card you want. Whether it’s Yubico, FEITIAN, Solo, or any other brand. USB-A, USB-C, NFC, Bluetooth, Lightning, with or without biometrics. This blog is not what to buy and where to buy. This blog is about security. That being said: on with the show! I’ve tested a bunch…
Some things in the modern connected world seem so common that you just assume it’s possible by nature. Getting your Microsoft Graph API data into Microsoft Power BI for example. That must be easy peasy right? Well…. When I start looking for ways to do this, I assumed there was a builtin connector available in Power BI that I could use. Guess what? There is not (yet). There is a connector for the Microsoft Security Graph, but that one “only”…
I should start with a warning. The feature we are going to talk about is new. Brand new. Please start by reading the limitations that come with this feature, and I strongly suggest to only apply this in test or demo environments. That being said, I want to point out how psyched I am about this new functionality. Despite the limitations, this is something you should start to look in to. In the meantime, I’ll keep updating this post with…