Skip to content

Microsoft Secure Score Series – 03 – Enable Password Hash Sync if hybrid

Password hash synchronization is one of the sign-in methods used to accomplish a hybrid identity. Azure AD Connect synchronizes a hash, of the hash, of the user’s password from an on-premises Active Directory instance to a cloud-based Azure AD instance. Password hash synchronization helps by reducing the number of passwords your users need to maintain to just one. Enabling password hash synchronization also allows for leaked credential reporting. In this blog post, we are going to take a look at… 

How to publish on-premises applications and protect them with MFA

Using Azure Application Proxy you can publish your on-premises web applications in a secure way. Combining this with Conditional Access, you can configure MFA for example. Now Coronavirus is hitting us hard, you might have to take a look at this feature. Assume the following use case: you have Citrix or RDS available for 50% of your users, so they can work from home or elsewhere. Now, because of the Coronavirus (or any future disaster), all of your employees have… 

Microsoft Secure Score Series – 02 – Require MFA for administrative roles

Require MFA for administrative roles Requiring multi-factor authentication (MFA) for all administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, critical devices and data is open to attack. In this post, we take a look at enabling MFA for your administrators. As stated in the description, users with administrative roles are interesting targets for hackers. Of course, it is recommended to enable MFA for… 

Microsoft Secure Score Series – 01 – What is Microsoft Secure Score?

What is Microsoft Secure Score? Microsoft Secure Score offers a list of actions and recommendations to strengthen your security on your Office 365 workloads. Each completed action will impact your overall score. It covers SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Information Protection, Azure AD, Microsoft Defender ATP, and Cloud App Security among other things. It is not 100% waterproof, but it will give you a great baseline to start with. It will help you to protect your environment… 

Azure AD tenant branding; size does matter!

  • Entra
  • 3 min read

Earlier today, I read this article from Alex Simons about the change that is coming to the Azure AD sign-in experience. In this change the background image of the login screen is being replaced for a smaller one, so the page loads faster. Good news for the low bandwidth offices out there! The article states: If you’ve configured a custom background image in Company Branding for your tenant there is no change to your users. That got me thinking. When… 

Get started with web content filtering in MDATP

Update 7-7-2020: Microsoft anounced that you no longer need a Cyren subscription. Web content filtering will be offered as part of Microsoft Defender ATP without any additional partner licensing. Now you get the benefits of web content filtering without the need for additional agents, hardware, and costs.   From the article: If you joined in on the public preview, you might be in one of the following scenarios:  If your 60-day trial for the partner license has already expired, all your policies are now active and protecting your enterprise.   If you have an active 60-day trial for a partner license, all your policies will… 

Require trusted location for MFA and SSPR registration

This article shows how you can block MFA and SSPR registrations from untrusted locations using Azure AD Conditional Acces. When you want to enable MultiFactor Authentication and Self Service Password Reset for your users, they need to register their security settings first. Since the combined portal arrived, users can do this easily in just one place. Using this combined portal is also a requirement in order to make this possible. Although this portal is still in preview, it has great… 

Windows Update for Business. “Just” a free cloud service.

Since the introduction of the “Modern Workspace,” a lot is changed when we talk about updates. Let’s face it: staying current with Windows 10 is hard. But not as hard as, for example, maintaining Windows 7. Because back then we didn’t have Windows Update for Business. Luckily for you, now we have! Let’s dive in. What is Windows Update for Business? There are many different ways to keep your devices up to date. In Enterprises, the most common tools out… 

Secure your Azure Management portal

Today a quick tip to secure your Azure Management Portal. By default, the inactivity timeout of the Azure Management portal is set to ‘Never’. From a security perspective, this is far from ideal. This small setting can be easily overlooked. It’s a good idea to configure this for your tenant. Administrators can set this value themselves. Global administrators are able to set this value globally. When configuring this setting, your administrators will be logged out when they are inactive for…