Microsoft Secure Score Series – 06 – Enable policy to block legacy authentication

Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols. In this blog post, we take a look at legacy authentication and how to block it on your tenant. Legacy protocols are not… 

Secure your Azure Management portal

  • Security
  • 2 min read

Today a quick tip to secure your Azure Management Portal. By default, the inactivity timeout of the Azure Management portal is set to ‘Never’. From a security perspective, this is far from ideal. This small setting can be easily overlooked. It’s a good idea to configure this for your tenant. Administrators can set this value themselves. Global administrators are able to set this value globally. When configuring this setting, your administrators will be logged out when they are inactive for…