For Tuesday, December 1 we are proud to announce that Alex Verboon, Cyber Security Consultant at baseVISION in Switzerland will host a session about: “Improving your security posture – Challenges and Solutions” Session abstract: In my daily work as a cyber security consultant I support my customers with improving their security posture. In this session…
Category: Security
Conditional Access demystified: My recommended default set of policies
In August last year, I published eight articles in a series on Conditional Access, and later once finished I decided to bundle those articles in a paper which are now available on GitHub. You can find version 1.1. of the Conditional Access demystified paper there. You can expect a new version coming soon, since I…
Understanding and governing reauthentication settings in Azure Active Directory
Governing when users receive authentication prompts when authenticating to Azure Active Directory (Azure AD) is depending on more than one setting, on which functionalities are in use and also in which scenario you authenticate (Browser, Modern clients or other). Reauthentication can take place by asking for a single factor, like password, FIDO, the password less…
Mobile Application Management for Mobile Devices with Microsoft Endpoint Manager/Intune deep dive
With Microsoft Intune, there is a lot of focus on the Mobile Device Management (MDM) aspects of the product. This is logical because from a management perspective, if you manage a device using MDM, you can configure almost all settings remotely, something we as System Administrators have been doing for many years. In many situations,…
Azure AD Continuous access evaluation (CAE), a first look
In April 2020 Alex Weinert, Director of Identity Security at Microsoft announced that Microsoft was working on moving towards real time policy and security enforcement. The first implementation for this move is now available as an option you can enabled within Azure AD, called Continuous access evaluation (CAE). The functionality released in April was only…
Microsoft is making changes related to automatic email forwarding for ATP customers, here is what you need to know
In February this year I blogged about Stopping automatic email forwarding in your Exchange Online environment in a controlled way providing a structural way to disable automatic email forwarding within your organization, while still allowing exceptions. This week Microsoft announced through the message center (MC220853) they are rolling out the External Email Forwarding Controls functionality…
Assigning groups to Azure AD roles and Privileged access groups, a first look!
On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature is one of the most requested features to be found in the Azure AD feedback forum. I have been following this feature request for a while now, and up until recently…
Office 365 Templated policies and Preset security policies in Exchange Online Protection and Office 365 ATP
In my deep dive article on Office 365 Advanced Threat Protection (ATP) I mentioned that Microsoft provides best practices as described in the following article: “Recommended settings for EOP and Office 365 ATP security“. When implementing the settings in the article you either have the option to go for a “Standard” or “Strict” security level,…
Completed the Azure Solution Architect Expert Certification
After earning my Microsoft 365 Certified Enterprise Administrator Expert certification in May, I decided to continue my certification journey and earn the Azure certification. Today I completed the last exam in order to earn the Azure Solution Architect Expert certification. The Azure Solution Architect Expert Certification is earned by completing two exams: AZ-300: Microsoft Azure…
May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation spreadsheet
In August last year, I published eight articles in a series on Conditional Access, and later when finished I decided to bundle those articles in a paper which I made available on the TechNet Gallery. In March this year, Microsoft decided to retire the TechNet Gallery, so I had to find another solution to host…
Some welcome additions to the Admin consent workflow in Azure AD
Update October 7 2020: This functionality is now GA, see Publisher verification and app consent policies are now generally available In February this year, I wrote an article about Admin consent in Azure Active Directory. The article titled: “Did you already modify your Azure AD consent defaults settings? Here is why you should“, explained why…
Azure AD Identity Protection deep dive
One of the advantages of Microsoft having many customers using its services is that Microsoft can leverage data from those customers and apply some real fancy Machine Learning on that data, coming from Azure AD, Microsoft Accounts and even Xbox services. Based on all that data the Machine Learning capabilities are able to identify identity…
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
License requirements for administering Microsoft 365 services
Microsoft licensing is tough and vague but something we must deal with while implementing our solutions. I’m also aware that some of the features I describe on my blog are only available in the most expensive licensing options Microsoft provides, making some of the features I describe not usable for some of my readers. Update…
Microsoft is going to disable basic/legacy authentication for Exchange Online. What does that actually mean and does that impact me?
Update: On September 23, 2021, the Exchange Team announced that effective October 1st, 2022 basic authentication, regardless of usage will be permanently disabled in all tenants. Update: On June 17, 2021, the Exchange Team announced that they are going to turn of basic authentication for tenants not using it. Update: On February 5th, 2021, the…