The last couple of years we have seen several security breaches in IT, leading to serious impact and financial losses. Not only in the United States, but also in the rest of the world. Last year here in Holland we have seen two respected companies in a lawsuit, where one company was compromised, leading to a financial loss of a 7-digit number of the other company. The first company was running their environment in Office 365, but because of a weak password, the mailbox of a financial controller was compromised. It could easily have been prevented by using Multi-Factor Authentication (MFA). In my own customer base there are also examples of security breaches, including CFO fraud which resulted in a financial loss which also could have been prevented easily.
Azure & Active Directory Center
ENow Software's Azure & Active Directory blog built by Microsoft MVPs for IT/Sys Admins.
Want to learn more about Active Directory?
Active Directory Administration Cookbook, 2nd Edition
In this book, Microsoft MVP & Technical Editor of ENow's Azure & Active Directory Center, Sander Berkouwer will share the intricacies of managing Azure AD, Azure AD Connect as well as Active Directory for administration in the cloud and on Windows Server 2019.
Previously, MVP Nicolas Blank wrote an interesting article "Having an Identity Crisis" and it talked about all kinds of attacks on your environment. One such attack is on user email. Users tend to choose a password that is easy for them to remember and this makes the password weak and easy to guess by others. Even with some social engineering, user passwords are easy to retrieve, as can be seen on this YouTube clip What is your password?
Office 365 allows for various authentication mechanisms, which includes federated authentication through Active Directory Federation Services. Federated authentication in Office 365 is configured per domain. However, if you register multiple subdomains in your Office 365 tenant, those subdomains will automatically inherit the authentication settings from the parent domain IF you registered the subdomains in the tenant after the parent domain.
For instance, if you have added child1.domain.com and child2.domain.com after registering domain.com, both subdomains will be converted to use federated authentication if you convert the parent domain.
One of the pieces of feedback we received from a previous ENow post (integrating your temporary COVID tenant with your on-premises environment), was the fear of introducing errors and interrupting processes that now rely on the Azure AD tenant. This, indeed, may be the case when you rely solely on Azure AD Connect’s soft matching capabilities and wield a narrow scope for synchronization of objects.
Getting ready for 'Day One' of a merger or acquisition is a unique challenge. There’s often a lot of complexity to think through—and not a lot of time to do it. So the top IT priority for Day One should be to set systems up so the organizations can start working together. In this post, we focus on setting up a unified directory.
Welcome to part 3 of "Addressing the Office 365 Monitoring Gaps". In part 1, we discussed the differences in monitoring cloud-based systems vs traditional on-premises deployments. In part 2, we discussed admins least favorite thing, outages.
Almost a year ago, in March 2020, I wrote an article called Microsoft stops basic authentication, now what on this site about Microsoft’s plan to decommission Basic Authentication in Office 365. The Covid-19 pandemic took over the world and a lot of projects were postponed. This was also the case of the Basic Authentication project at Microsoft, but the decommissioning is still planned although there are some serious changes in Microsoft’s planning. Time for an update.
Microsoft 365 tenant to tenant migrations happen very often. There are merger and acquisitions, e. g. when a company buys another company, and there are divestitures, e. g. when a company gets partially outsourced to another company. This three-part blog series covers all things you should be aware of when you, as an admin, get involved in tenant to tenant migrations.- Part 1 covers the discovery of identities, workloads, data, and security.
AAD Roles for EXO Administrators
In one of my other articles “Accessing Exchange Online Objects” I outlined how you can interact with these objects. When you need to scope apps with application permissions to a subset of mailboxes, we can use ApplicationAccessPolicies as outlined here by Microsoft.
Last week I shared part one of my Microsoft 365 Security Assessment where we took a deep dive into securing things related to Azure Active Directory. If you haven’t had a chance to read through it yet, take a few minutes and read it here.
Now that we’re all on the same page, lets dive into part two, where we’ll cover security settings in the Microsoft 365 Admin Center.