Scenario 1: You are part of the IT team that is responsible for moving to the cloud. Your company/organization has chosen Microsoft’s cloud services as the provider of choice, for your new virtual datacenter. During the planning phase to migrate your current solutions to Azure and Microsoft 365, your risk department requests information about security and compliance, and how the shift from your current “private” datacenter to a public center will impact security. You end up Googling and stumble upon a Microsoft post that talks to Security defaults and what it is.
Azure & Active Directory Center
ENow Software's Azure & Active Directory blog built by Microsoft MVPs for IT/Sys Admins.
Microsoft Ignite was held on October 12 to 14th 2022, and was a truly hybrid event, with in-person sessions held at the Seattle conference center as well as pre-recorded content and Teams live-event style sessions being streamed around the world. The big catch phrase of the conference this year was “Do more with less”. As organizations adapt to new challenges, they are looking to have more choice in the way they work and to get better results with less friction. The updates to products revealed at Microsoft Ignite were aimed at helping customers get the full value of Microsoft’s technologies.
When you’re in your own data center and your security model is based on perimeter security and passwords, you’re not cloud ready. Security models that only leverage firewalls and passwords, leave organizations exposed as soon as cloud services start to be consumed. However, many organizations don’t realize just how exposed they are.
Previously, MVP Nicolas Blank wrote an interesting article "Having an Identity Crisis" and it talked about all kinds of attacks on your environment. One such attack is on user email. Users tend to choose a password that is easy for them to remember and this makes the password weak and easy to guess by others. Even with some social engineering, user passwords are easy to retrieve, as can be seen on this YouTube clip What is your password?
What a great time to be an IT pro. I mean really, who has it better than us? On any given day there is so much going on, so much to learn, so much to improve, and that's why I do really enjoy my job(s). As I think about how to open this blog post, it occurs to me that I’ve had some great opportunities in my career. Sort of a “as one door closes, another one opens” sort of thing.
Microsoft 365 offers a wide variety of services beyond the full stack of services like Exchange Online, Microsoft Teams, etc. In particular, you can use Azure Active Directory as your primary Identity Provider (IdP). This allows you to move authentication of your legacy applications from on-premises to Azure.
Last week I shared part one of my Microsoft 365 Security Assessment where we took a deep dive into securing things related to Azure Active Directory. If you haven’t had a chance to read through it yet, take a few minutes and read it here.
Now that we’re all on the same page, lets dive into part two, where we’ll cover security settings in the Microsoft 365 Admin Center.
As a Microsoft 365 certified Security Administrator, and Microsoft certified Azure Security Engineer I have recently done a number of Microsoft 365 security assessments. Some of them have been post-breach assessments. A lot of companies had to enable remote workers in a hurry at the start of the COVID-19 pandemic, and as a result have realized security configuration and protection is more critical than ever.
My email address is my identity
In Active Directory on-premises or Azure Active Directory (AAD), used by Office 365, our User Principal Name (UPN) is often the same as our email address. These days, we often log in with our email addresses, which means that whatever we’re “using under the hood” from an authentication point of view is the same as our email address. This convention of making our email address the same as our UPN is common practice and even advocated by Microsoft.
Want to learn more about Active Directory?
Active Directory Administration Cookbook, 2nd Edition
In this book, Microsoft MVP & Technical Editor of ENow's Azure & Active Directory Center, Sander Berkouwer will share the intricacies of managing Azure AD, Azure AD Connect as well as Active Directory for administration in the cloud and on Windows Server 2022.