09Dec
26Jun
Password sync in the age of COVID-19
This is something I have been seeing and hearing a lot from customers. So I thought it would be a good time to address the age-old topic of Directory Synchronization. Azure AD Connect is usually the best way to get up and running quickly in the Microsoft 365 cloud, especially...
21Oct
No more excuses: 5 Tips & tricks to make Office 365 MFA easier on people
As I'm sure you are aware by now, Multi-factor Authentication reduces your risk of identity compromise by 99.9%. Requiring so called "strong passwords," by contrast, doesn't make that much difference at the end of the day. And yet, we're still beneath 10% of even just admin accounts in Azure AD...
17Sep
Devices still matter, Part 1: Why you need a device management strategy
The Center for Internet Security (CIS) publishes 20 controls in their cyber-security framework. If you want to understand what good management looks like, then start here. The first six controls are considered the "basics"--the first and most important steps that any organization should be taking as they work to secure...
04Sep
Windows Hello for Business: Azure AD Join vs. Hybrid Join
Windows Hello for Business replaces a traditional password when signing into your workstation, with a stronger two-factor authentication. One factor being some kind of local gesture such as a PIN, fingerprint or facial recognition, and the other being a key or certificate that is bound to the device itself. When you...
24Jul
How to manage and secure service accounts in Microsoft Office 365 (without MFA)
Okay, so hopefully everyone knows by now that MFA is not an "optional" thing that you can decide to turn on, or not, depending on your "feelings." It isn't a choice, and your feelings about it don't matter. You need to turn it on. I would recommend requiring MFA...
03Dec
How to require MFA for Azure AD Join, and enable Enterprise State Roaming
Hey folks! We have already covered a few posts on Azure AD Premium and Conditional access; and that's great--because you do things like enforce requirements like Multi-factor Auth, but only in situations where devices are unmanaged. This provides a way better user experience than enabling MFA across the board, and without...
26Nov
Coming soon to an Azure AD/Microsoft 365 subscription near you: Life without passwords?!
I previously commented when Microsoft released new password guidance, which is backed by their own research as well as that of NIST. A quick recap of that: Require passwords have at least 8 characters. Longer isn't necessarily better, as they cause users to choose predictable passwords, save passwords in files,...
21Nov
How to enforce the use of managed applications (e.g. the Outlook app for Exchange Online) using Conditional Access in Azure AD Premium
In a previous post I demonstrated how easy it is to create a Mobile Application Management policy in Microsoft 365. With the addition of Azure AD Premium P1, we can also leverage Conditional Access polices that will require users to interact with corporate data through the Microsoft applications such as...
20Nov