05Oct
17Sep
Devices still matter, Part 1: Why you need a device management strategy
The Center for Internet Security (CIS) publishes 20 controls in their cyber-security framework. If you want to understand what good management looks like, then start here. The first six controls are considered the "basics"--the first and most important steps that any organization should be taking as they work to secure...
14Sep
iPadOS breaks MAM-enforced Conditional Access?!
In case anyone missed it, this bombshell dropped last week: https://support.microsoft.com/en-us/help/4521038/action-required-update-conditional-access-policies-for-ipados In summary: when iPad gets updated to iOS 13+ at the end of this month, the OS will change from iOS to iPadOS. And when that happens, Azure AD will see these devices as macOS devices, not iOS...
10Sep
Revisiting Baseline Policies in Microsoft 365
Microsoft has been doing more to make secure configurations easier to implement for admins. But, from my testing and experience, I still have reservations about some of them. Let's review. Conditional Access Baseline Policies There are presently four baseline policies available under Azure AD > Security > Conditional Access. Require MFA for admins...
03Sep
PSA: Careful with MAM – there might be more to it than you think
I have written extensively on Mobile Application Management (MAM), as an alternative to Mobile Device Management (MDM). When implemented properly, it is the perfect solution for protecting company data on unmanaged devices (e.g. BYOD situations). But therein lies the rub. You need to implement it properly. I can't blame you...
13Aug
Teams, SharePoint and OneDrive best practices? Part 2: Access control and notifications
In part 1 of this series we discussed how there is really no such thing as "best practices" on a rich and flexible collaboration platform like Office 365, which includes many applications--Teams, SharePoint and OneDrive to name just a few. However, you can certainly end up with some "bad" practices...
08Aug
Teams, SharePoint and OneDrive best practices? More like considerations… Part 1: External sharing and communication
This article is part of a series. Also see Part 2, Part 3. Ever since I released the Office 365 Email Security Checklist, I have had a lot of people asking me for similar best practices checklists related to the "other" Office 365 services--especially Teams, SharePoint Online and OneDrive for Business. The...
24Jul
Updates coming soon to the Azure AD Best practices checklist
Update: The best practices checklists and guides are now available. I will be updating the best practices checklist and guide for Azure AD again soon, but I wanted to post a couple of notes about the coming changes--since it may be a while before I get around to editing and publishing...
24Jul
How to manage and secure service accounts in Microsoft Office 365 (without MFA)
Okay, so hopefully everyone knows by now that MFA is not an "optional" thing that you can decide to turn on, or not, depending on your "feelings." It isn't a choice, and your feelings about it don't matter. You need to turn it on. I would recommend requiring MFA...
18Jul