Tag - Azure AD Premium

Deploying Conditional Access Policies via PowerShell

There is a new GitHub repository available from Microsoft: Manage Conditional Access policies like code. Similar to the infamous Intune samples repo from which I and many others have built their automated Intune setup scripts for new tenants, this repo is replete with the resources that you need for accomplishing...
Read more...

Building your Security Practice with Microsoft Threat Protection and Azure Sentinel

I have some exciting news today. I have a new publication available covering Microsoft 365 E5 Security and Microsoft Threat Protection, with a bonus section at the end featuring Azure Sentinel (which is a separate product, not included with Microsoft 365). The document is available here if you want to...
Read more...

Boost your security with Hybrid Azure AD Join: From Zero to Conditional Access in one afternoon

"Alex, I work at a non-profit and I would love to take advantage of the better security in Microsoft 365 Business (we have Business Premium now), but it sounds like it is for "cloud-only" customers? Is that right?? We are using Office 365 for Exchange, but we can't go cloud-only...
Read more...

Protecting extra-sensitive accounts and data sets in Microsoft 365, Part 1: Identity

As I have previously pointed out on this blog before, all of the best security products, like Microsoft Cloud App Security or Microsoft Defender Advanced Threat Protection, are held hostage in E5 plans. But there is a really big cost delta in the SMB space between the Business plan and...
Read more...

Updates coming soon to the Azure AD Best practices checklist

Update: The best practices checklists and guides are now available at GumRoad. I will be updating the best practices checklist and guide for Azure AD again soon, but I wanted to post a couple of notes about the coming changes--since it may be a while before I get around to...
Read more...

The Azure AD Best Practices Checklist

Update: Downloadable/printable copies of the Microsoft 365 Best practices checklists and guides are now available for purchase at GumRoad. Thanks for your support! Disclaimer: This checklist is NOT a comprehensive overview of every consideration when implementing Azure AD. For instance, the list was built with a typical SMB/SME in mind. That...
Read more...

Conditional access for the SMB, a how-to guide

**This resource was updated 09/01/2019** Unfortunately it is not yet possible to import CA policies from JSON, the way we can for Intune compliance policies or device profiles. Nevertheless, now that Conditional access is available to all Microsoft 365 Business customers, you will want a good roadmap for getting started. I have...
Read more...

Introducing the Microsoft Office 365 Email Security Checklist

Okay. I think I have had enough. Enough of what? Enough of reports like this one. And since email is still the number one attack vector in use by the bad guys, it's time we step up our game--I'm looking at you, IT pros (especially consultants). Of note, from the...
Read more...

Three ways to disable basic authentication and legacy protocols in Exchange Online

One of the most common (and often successful) attacks we see in the wild is a simple brute force / password spray against weak accounts. Especially against shared mailboxes. From that foothold, the most common next step attackers will take is to send out spam/phishing emails from the compromised account,...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.