Security

A first look at Administrative Units and My Staff in Azure Active Directory

Recently, Microsoft introduced Administrative Units in Azure Active Directory. At the time of writing, this feature is in preview. Today we take a first look at how this is going to help organizations managing users and groups in Azure Active Directory. But to understand why this feature is such a big deal, we need to know what the difference is between the “classic” Active Directory and the “modern” Azure Active Directory structure. Active Directory To illustrate this, I created a… 

Microsoft Secure Score Series – 12 – Turn on customer lockbox feature

Turning on the customer lockbox feature requires that approval is obtained for data center operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There’s an expiration time on the request and content access is removed after the support engineer has fixed the issue. Today we are going to talk about the Customer Lockbox feature in Office 365. Some privacy regulations like HIPAA and FEDRAMP require procedures… 

Microsoft Secure Score Series – 10 – Discover trends in shadow IT application usage

Add a data source in automatic log upload for Cloud App Security Discovery to identify applications in your organization that run without official approval. After configuration, Cloud App Security Discovery will analyze firewall traffic logs to provide visibility into cloud applications’ usage and security posture. Today, we take a look at Cloud Discovery. With Cloud Discovery you can analyze your firewall and proxies log files, to track down shadow IT and determine the risk that is coming with the use… 

Microsoft Secure Score Series – 09 – Do not allow users to grant consent to unmanaged applications

Tighten the security of your services by regulating the access of third-party integrated apps. Only allow access to necessary apps that support robust security controls. Third-party applications are not created by Microsoft, so there is a possibility they could be used for malicious purposes like exfiltrating data from your tenancy. Attackers can maintain persistent access to your services through these integrated apps, without relying on compromised accounts. Today we take a look at a serious problem in the modern IT… 

Sure, keep me signed in! And don’t prompt for MFA!

Today a short blog about MFA prompts, session lifetime, and cookies. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Session lifetime in Azure AD is often mistaken. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. The Azure AD defaults are pretty loose. When you leave every setting to default, the user experience is pretty good.… 

Going passwordless with the FEITIAN Fingerprint card

A quick word upfront. I’m not a salesperson. I’m interested in FIDO2 because it delivers passwordless and strong authentication. That means that you should be free using any FIDO2 security key or card you want. Whether it’s Yubico, FEITIAN, Solo, or any other brand. USB-A, USB-C, NFC, Bluetooth, Lightning, with or without biometrics. This blog is not what to buy and where to buy. This blog is about security. That being said: on with the show! I’ve tested a bunch… 

What admins should know about the combined registration portal for Azure MFA and Self Service Password Reset

The (long) title pretty much reveals the purpose of this blog post. This one was on my to-do list for a while now, and now the combined registration portal is General Available, the time was there. In my previous MFA related blogs, I always encouraged my readers to turn on the combined registration portal, even when it was in public preview. But if you start using this portal, there are quite some settings that can change the user experience of… 

Microsoft Secure Score Series – 08 – Use Cloud App Security to detect anomalous behavior

Cloud App Security anomaly detection policies provide User & Entity Behavior analytics (UEBA) and advanced threat detection across your cloud environment. Today we take a look at Cloud App Security. I recently wrote a blog about the new activity policies in Cloud App Security, so if your organization uses Teams, you should definitely take a look a that one. The improvement action we’re talking about has no user impact and might no increase your score right away. But if you… 

How to keep an eye on your Teams with Log Analytics and Azure Monitor?

In my previous blog post, I wrote about the new Teams activity policy templates in Cloud App Security. A great addition to easily keep an eye on your teams. Let’s take a short look a the policies before we continue. The policies will create alerts when: a team’s access level is changed from private to public an external user is added to a team a user deletes a large number of teams These templates are easy to use, and will…