Office 365 – Privileged Access Management is available to Office 365

As announced at the Ignite 2018 conference, a new access management capability is now available to Office 365. This new feature, called Privileged Access Management (PAM), will help you granting on a ‘just in time’ basis high level privileges to Office 365 services. PAM is currently limited to Exchange Online scope. To set it up, you will need to use a security group for the PAM access (if you are…

Read More

Azure – You can enable analytics for Azure Information Protection

This is a new capability being added to Azure Information Protection (AIP), currently in preview. You can now enable analytics for AIP. To do logon to your Azure portal (https://portal.azure.com) and reach out the Azure Information Protection configuration blade From there you should see  Configure analytics (preview) under the Manage section From this configuration blade you can use an existing Log analytics workspace or create a new one; if you…

Read More

Windows / Azure – Reset password from all Windows

You may be already aware that you can provide the ability to your end-user to reset their password (Self Service Password Reset – SSRP) directly from the logon screen for Windows 10 Azure AD Joined device (see https://t.co/LW060QqgGV if you want to know more). Well, Microsoft has announced a major improvement for this feature as you can now use it for all Windows version (from Windows 7 to Windows 10…

Read More

Exchange Online – Implement ‘Limited Access’ Conditional Access

You may already know that you can implement a ‘limited access’ conditional access for SharePoint Online and OneDrive for Business, allowing end-users to access content on SharePoint Online but not authorizing to download anything while accessing using non compliant devices. Now, you can do the same for Exchange Online to allow your end-users accessing their mailbox using Outlook on the Web (aka Outlook Web Access) while the device they are…

Read More

Azure – Secure Score is now available for Azure

You may already know Secure Score for Office 365, helping you to understand your security settings on Office 365 and providing guidance to increase it. Now, you can have Secure Score for Azure Active Directory (AAD) too The functionality is currently in preview and can be accessed either through the dedicated preview portal (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/IdentitySecureScore) or by accessing your Azure AD administration portal () or Azure portal (https://portal.azure.com/) and then reaching…

Read More

Azure – New Azure information Protection Client available

A new version (1.37.19.0) of the Azure Information Protection Client has been released. You can download it from https://www.microsoft.com/en-us/download/details.aspx?id=53018 This version includes few updates and changes: Support for the ISO standard for PDF encryption. You need to configure the below advanced configuration to enable it and then keep the PDF format for encrypted PDF files instead of using the PPDF Labels applying protection are now displayed on Office 2016 clients…

Read More

Security – The latest Threat Modeling tool is now in GA

The latest version of Microsoft Threat Modeling Tool (TMT) is now available in general availability (GA). If you were using the preview, you will be prompted to upgrade – NOTE it will mandatory to upgrade after Oct 15th. The 2016 version is still supported until Oct 1st, 2019. If you want to start using the tool go there. For those who do not know what MTM is, this is a…

Read More

Intune – You can now target specific users/devices when applying Windows Hello policy

With the latest updates on Intune, you can now define specific users/devices when you apply a Windows Hello policy. Until then, the Windows Hello policy was a tenant level settings and as such applied to all users/devices. To define the Windows Hello policy, go to your Intune configuration blade and reach out the Device configuration\Profiles and create an Identity Protection profile, then you will be able to define the targeted…

Read More

Azure/Office 365 – Multi Factor Authentication app available in preview for Apple Watch

The Multi Factor Authentication application for Azure and Office 365 is now available in preview for use with Apple Watch. It supports both corporate (work account) and personal (Microsoft account) accounts with push notification. You can sign up at https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR68AojHg485IuWUUpl99NURUNFQ0OUpEQzFNRlBHUjc3NkxWSTQzSEhFRi4u

Read More

Azure – Azure Security Center playbooks

4 new playbooks to demonstrate Azure Security Center capabilities are available. With these 4 playbooks you can demonstrate/evaluate Azure Security Capabilities to protect your Azure resources against virus attack, SQL injection, DDoS on public IP or cross site scripting. You can deploy the playbooks from the following URL to your Azure tenant: Virus attack playbook – https://aka.ms/ASCPlaybooksVAttack – deploys 2 virtual machines, OMS and associated network resources. One of the…

Read More

Office 365 – New anti-phishing capabilities added to Advanced Threat Protection

A new default policy is being deployed for Office 365 ATP (Advanced Threat Protection) to protect you against phishing. The new policy is/will be available through the Security and Compliance administration portal (https://protection.office.com/) From there, reach out the Threat Management\Policy section and then click on ATP anti-phishing option Then the Default policy is not displayed in the list of policy; it is displayed using the button Default policy By clicking…

Read More

Azure – An updated interface for Azure AD Roles management

The Azure Active Directory Roles configuration blade has been updated to provide more details and management option for Azure AD Roles. Connect to your Azure administration portal (https://portal.azure.com) or Azure AD administration portal (https://aad.portal.azure.com) and reach out your Azure Active Directory blade or Then reach out the Roles and administrators blade At first sight it does not seems to had some changes but it has been updated; first, if you…

Read More

Azure – Azure AD Conditional Access sign-ins reports in preview

You may already be aware of this security feature called Azure AD Conditional Access helping you protecting and securing access to your resources published through Azure AD. A new capability to this feature has been added (in preview) to provide a better reporting and troubleshooting capabilities: Azure AD Conditional Access Sign-Ins Report To start using it, logon to your Azure AD administration portal – either from the Azure portal (https://portal.azure.com)…

Read More

Azure – A new security feature available in preview in Azure: Azure Firewall

Microsoft has introduced a new security feature in Azure, in preview, called Azure Firewall. Azure Firewall is going to help you protect your Azure vNET. Like with other on-premises firewall solutions, Azure Firewall supports: FQDN filtering Traffic filtering rules SNAT support Integration with Azure Monitor logging (diagram courtesy Microsoft)   As this is a preview, there is still few things: If a network security group (NSG) is applied on the…

Read More