Azure – A new security feature available in preview in Azure: Azure Firewall

Microsoft has introduced a new security feature in Azure, in preview, called Azure Firewall. Azure Firewall is going to help you protect your Azure vNET. Like with other on-premises firewall solutions, Azure Firewall supports: FQDN filtering Traffic filtering rules SNAT support Integration with Azure Monitor logging (diagram courtesy Microsoft)   As this is a preview, there is still few things: If a network security group (NSG) is applied on the…

Read More

Azure / Office 365 – New registration experience coming for Azure MFA and Azure SSPR

You may already well know the Azure Multi Factor (MFA) and Azure Self Service Password Reset (SSPR) features; if not you are missing a very good piece of your Azure AD/Office 365 services. Well, a new registration experience for Azure MFA and Azure SSPR is currently being in preview to simply the end-user registration experience. With the current experience, end-users had to register twice their details (like phone number or…

Read More

Office 365 – Threat Intelligence trackers

A new Office 365 Threat Intelligence feature is making his way to your Office 365 tenant if you are using Advanced Threat Management. This new feature, called Threat Intelligence Tracker, which is going to help you getting insights about security threats you may face. You can access the trackers from your Security & Compliance portal (https://protection.office.com/) within the Threat Management section

Read More

Azure – Define a security baseline for Azure AD Administrators

A new security feature has been delivered in preview for Azure AD; a security baseline for any Azure AD Administrator. This baseline will be enabled by default (during the preview you HAVE to enable it) and is going to request multi-factor authentication (MFA) for any privileged account like: Global Administrator Service Administrator SharePoint Administrator Exchange Administrator Conditional Access Administrator Security Administrator To enable/disable (while not recommended) the security baseline go…

Read More

Azure – Manage Azure AD Password Protection

So, you have deployed and registered your Azure AD Password Protection agents on your on-premises environment (see https://t.co/PnWZiWbWic). Now you can manage this feature by controlling how it is going to work – aka manage your own banned passwords list, enforce the feature or enable the Smart Lookout (to restrict the risk of getting your AD account locked because somebody is trying to guess your password). To manage Azure AD…

Read More

Azure – Use Azure AD Password Protection with your on-premises Active Directory

You may already know that Azure AD is using advanced technologies to protect your credentials, especially your password. It even detects if the password you are trying to use (when you have to change it due to expiration) has been used too much or has been compromised (or banned). This is a huge security feature but until now this was only available if you use Azure AD for authentication. Starting…

Read More

Exchange Online – Update in Office 365 Message Encryption for attachments

An update is going to be rolled out (and disabled by default) for Office 365 Message Encryption. With this update administrators will be able to allow/deny the opening of an attachment outside of an Office 365 service (like Gmail or Outlook) were not able to open attachments send using Office 365 Message Encryption. As of today (and until your administrators enable it), attachments can not be opened when sent through…

Read More

Azure – Azure AD delegated application management roles are in preview

Good news, new Azure AD delegated management roles are available in preview: Application Administrator: This role provides the ability to manage all applications in the directory, including registrations, SSO settings, user and group assignments and licensing, Application Proxy settings, and consent. It does not grant the ability to manage conditional access. Cloud Application Administrator: This role grants all the abilities of the Application Administrator, except it does not grant access…

Read More

Office – Flash, Silverlight or Shockwave controls are disabled

​If you are using Office 2016 or Office 365 you may be impacted when using PowerPoint, Excel or Word. For security reasons new builds of Microsoft Office for Office 365 block activation of Flash, Silverlight, and Shockwave controls. Most users won’t be impacted, but for some users this may cause one of the following issues: When you click on an embedded Flash movie in PowerPoint Slide Show, nothing happens even…

Read More

Office 365 – Alert policies are coming on Office 365

For those who are using Office 365 (E1, E3, E5 and Advanced ATP), a interesting update is coming on Office 365 Security & Compliance center: alert policies As a first stage deployment, these new default alerts will let you when: an elevation of privileges has been done on Exchange Online emails are being delayed for delivery a user is creating a forward/redirect rule To take advantage and configure these alert…

Read More

Azure – New version of Azure MFA Server

A new version of the Azure MFA Server (8.0.0.3) is available for download here https://aka.ms/mfadownload?download=mfa&clcid=0x9 This new version includes few improvements, like: Improved interaction with AD Sync Support for TLS 1.2 for LDAP, User Portal to Web Service SDK, and SChannel replication Accessibility improvements to User Portal, MFA Server management, and installation Compliance with General Data Protection Regulation The GDPR tool (MultiFactorAuthGdpr.exe) is available in the C:\Program Files\Multi-Factor Authentication Server…

Read More

Office 365 – Advanced Threats tracker

If you are using Office 365 E5 plan (or if you have the Advanced Threats Protection) you can take advantage of a new capability to help you protect your data on Office 365 called Advanced Threats Tracker This functionality is an advanced dashboard showing you all threats against your organization to help you assess the situation. You can access it from the Security and Compliance portal within the Threat Management\Threat…

Read More

Azure – New Azure Information Protection Client released

A new version (1.27.48.0) of the Azure Information Protection (Azure AIP) client has been released and available for download at https://www.microsoft.com/en-us/download/details.aspx?id=53018 (as usual one as self install executable and one as MSI package for enterprise wide deployment). The main updates focus on the AIP Scanner: You can define (add/remove) specific file extension using the Add-AIPScannerScannedFileTypes/Remove-AIPScannerScannedFileTypes commands Set a default label (without inspecting the content) using the MatchPolicy of the Set-AIPScannerRepository…

Read More

Azure – Azure AD External Collaboration Policy is now available

After few months in preview, the Azure AD External Collaboration policy is now available in GA with easier way to manage. In preview mode you had to use PowerShell to setup and manage the external collaboration policy, with the GA you can now use the Azure Administration portal, making things a little bit easier. To enable and manage Azure AD External Collaboration policy go to Azure AD management portal (https://aad.portal.azure.com)…

Read More

Security – Microsoft Authenticator will support backup and restore

A long awaited feature for the Microsoft Authenticator is coming soon on iOS first. With this new feature, the Microsoft Authenticator app will be able to backup (and so restore) your accounts added onto the app. This will be less painful when you have to re install the app either on a new device or after your device has been reset. The functionality is currently under preview – aka beta.…

Read More