Azure – Define a security baseline for Azure AD Administrators

A new security feature has been delivered in preview for Azure AD; a security baseline for any Azure AD Administrator. This baseline will be enabled by default (during the preview you HAVE to enable it) and is going to request multi-factor authentication (MFA) for any privileged account like: Global Administrator Service Administrator SharePoint Administrator Exchange Administrator Conditional Access Administrator Security Administrator To enable/disable (while not recommended) the security baseline go…

Read More

Azure – Manage Azure AD Password Protection

So, you have deployed and registered your Azure AD Password Protection agents on your on-premises environment (see https://t.co/PnWZiWbWic). Now you can manage this feature by controlling how it is going to work – aka manage your own banned passwords list, enforce the feature or enable the Smart Lookout (to restrict the risk of getting your AD account locked because somebody is trying to guess your password). To manage Azure AD…

Read More

Azure – Use Azure AD Password Protection with your on-premises Active Directory

You may already know that Azure AD is using advanced technologies to protect your credentials, especially your password. It even detects if the password you are trying to use (when you have to change it due to expiration) has been used too much or has been compromised (or banned). This is a huge security feature but until now this was only available if you use Azure AD for authentication. Starting…

Read More

Exchange Online – Update in Office 365 Message Encryption for attachments

An update is going to be rolled out (and disabled by default) for Office 365 Message Encryption. With this update administrators will be able to allow/deny the opening of an attachment outside of an Office 365 service (like Gmail or Outlook) were not able to open attachments send using Office 365 Message Encryption. As of today (and until your administrators enable it), attachments can not be opened when sent through…

Read More

Azure – Azure AD delegated application management roles are in preview

Good news, new Azure AD delegated management roles are available in preview: Application Administrator: This role provides the ability to manage all applications in the directory, including registrations, SSO settings, user and group assignments and licensing, Application Proxy settings, and consent. It does not grant the ability to manage conditional access. Cloud Application Administrator: This role grants all the abilities of the Application Administrator, except it does not grant access…

Read More

Office – Flash, Silverlight or Shockwave controls are disabled

​If you are using Office 2016 or Office 365 you may be impacted when using PowerPoint, Excel or Word. For security reasons new builds of Microsoft Office for Office 365 block activation of Flash, Silverlight, and Shockwave controls. Most users won’t be impacted, but for some users this may cause one of the following issues: When you click on an embedded Flash movie in PowerPoint Slide Show, nothing happens even…

Read More

Office 365 – Alert policies are coming on Office 365

For those who are using Office 365 (E1, E3, E5 and Advanced ATP), a interesting update is coming on Office 365 Security & Compliance center: alert policies As a first stage deployment, these new default alerts will let you when: an elevation of privileges has been done on Exchange Online emails are being delayed for delivery a user is creating a forward/redirect rule To take advantage and configure these alert…

Read More

Azure – New version of Azure MFA Server

A new version of the Azure MFA Server (8.0.0.3) is available for download here https://aka.ms/mfadownload?download=mfa&clcid=0x9 This new version includes few improvements, like: Improved interaction with AD Sync Support for TLS 1.2 for LDAP, User Portal to Web Service SDK, and SChannel replication Accessibility improvements to User Portal, MFA Server management, and installation Compliance with General Data Protection Regulation The GDPR tool (MultiFactorAuthGdpr.exe) is available in the C:\Program Files\Multi-Factor Authentication Server…

Read More

Office 365 – Advanced Threats tracker

If you are using Office 365 E5 plan (or if you have the Advanced Threats Protection) you can take advantage of a new capability to help you protect your data on Office 365 called Advanced Threats Tracker This functionality is an advanced dashboard showing you all threats against your organization to help you assess the situation. You can access it from the Security and Compliance portal within the Threat Management\Threat…

Read More

Azure – New Azure Information Protection Client released

A new version (1.27.48.0) of the Azure Information Protection (Azure AIP) client has been released and available for download at https://www.microsoft.com/en-us/download/details.aspx?id=53018 (as usual one as self install executable and one as MSI package for enterprise wide deployment). The main updates focus on the AIP Scanner: You can define (add/remove) specific file extension using the Add-AIPScannerScannedFileTypes/Remove-AIPScannerScannedFileTypes commands Set a default label (without inspecting the content) using the MatchPolicy of the Set-AIPScannerRepository…

Read More

Azure – Azure AD External Collaboration Policy is now available

After few months in preview, the Azure AD External Collaboration policy is now available in GA with easier way to manage. In preview mode you had to use PowerShell to setup and manage the external collaboration policy, with the GA you can now use the Azure Administration portal, making things a little bit easier. To enable and manage Azure AD External Collaboration policy go to Azure AD management portal (https://aad.portal.azure.com)…

Read More

Security – Microsoft Authenticator will support backup and restore

A long awaited feature for the Microsoft Authenticator is coming soon on iOS first. With this new feature, the Microsoft Authenticator app will be able to backup (and so restore) your accounts added onto the app. This will be less painful when you have to re install the app either on a new device or after your device has been reset. The functionality is currently under preview – aka beta.…

Read More

Security – The new Azure Information Protection (AIP) client is available

The new Azure Information Protection (AIP) client is now available in version 1.26.6 You can download it from https://www.microsoft.com/en-us/download/details.aspx?id=53018 As part of the usual bug fixes, some new features are also available. The first one the integration of the AIP scanner (see https://t.co/RIvT261b7O); this means you do not need to download anymore the specific installation package for the AIP scanner (even if this is still available). If you use AIP…

Read More

Office 365 – You can simulate an attack on your Office 365 (preview)

UPDATE March 10, 2018 – I have been informed the invitation code to join the preview portal is no longer valid Even if we all know Office 365 is quite secure by design, you may want to evaluate by yourself the security level of your tenant. While you already have the Secure Score (https://securescore.office.com/) functionality available, this will basically just help you to identify best practices to implement. Today, you…

Read More

Azure – New role available in Azure AD for Azure Information Protection management

A new Directory Role is now available (in preview) to delegate Azure Information Protection management. This new role – Information Protection Administrator – allow you the delegation of the AIP management, granting permissions to configure policies labels and settings, configure and manage AIP templates or activate/deactivate AIP functionality. As usual you can grant this role from the Azure AD\Users management blade or even better using the Azure AD Privileged Identity…

Read More