18May2020
09May2020
Building your Security Practice with Microsoft Threat Protection and Azure Sentinel
I have some exciting news today. I have a new publication available covering Microsoft 365 E5 Security and Microsoft Threat Protection, with a bonus section at the end featuring Azure Sentinel (which is a separate product, not included with Microsoft 365). The document is available here if you want to...
06Apr2020
Inventory and Control of Apps within and beyond the perimeter with Microsoft 365
Managing devices is a topic I have probably burnt my readers out on by this point, so it's time we move into the next stage: wrangling all those crazy third-party applications hiding out in your environment! To build up a foundation of good security, we must identify our apps and...
24Mar2020
Limiting privilege is a process, not an event
In some past blogs I have highlighted the importance of devices in your security, management and compliance journey. Why do I harp on that? Because it is the starting point. The mantra takes various forms, but basically you cannot protect what you cannot see. This applies to devices of course, but...
09Mar2020
New Updates to the Office 365 Security Checklist and Guide, including Free eBook
With more years comes more wisdom (and more reader feedback helps)! As such, it was time to polish up the guide that kicked off this whole journey. This is a big update, and in a much more consumable format, I think. I am even renaming it to "The NEW Office...
04Feb2020
How to customize permissions in Teams
Okay, I admit: the title of this post was a bit of trickery on my part. But it is based on the fact that I run into this question constantly. Customers or readers who write to me will phrase it in different ways, but it always boils down to this:...
22Jan2020
Why you should take a real hard look at upgrading from Office 365 to Microsoft 365 this year
Readers of this blog are probably already familiar with the differences between Office 365 and Microsoft 365 plans. But I still run into plenty of folks out there who think these are the same thing, or who believe this is for "cloud only" customers, and there are still others who...
01Dec2019
2020 Edition of the Recommended Conditional access policy design guide is available now
I just finished updating the Conditional access design guide, part of the Microsoft 365 Best practices checklists. The new updates reflect some carefully considered feedback from my clients (real-world scenarios), as well as some new additions and a better organizational structure, in three major groups: Authentication Baseline policies – Replaces the Security...
21Oct2019
No more excuses: 5 Tips & tricks to make Office 365 MFA easier on people
As I'm sure you are aware by now, Multi-factor Authentication reduces your risk of identity compromise by 99.9%. Requiring so called "strong passwords," by contrast, doesn't make that much difference at the end of the day. And yet, we're still beneath 10% of even just admin accounts in Azure AD...
05Oct2019