Staying on the pre-breach side of things is the main goal in IT security. How can you achieve this state on Windows clients? A large amount of malicious software relies on unpatched vulnerabilities or misconfiguration that can be abused. A few months back, Microsoft added Threat & Vulnerability Management to Microsoft Defender Advanced Threat Protection…
Defending against obfuscated malicious content via e-mail
When it comes to cyber attacks, e-mails are still in most cases the initial point of compromise. Users are either lured to enter their credentials on a spoofed website or malware is attached in an obfuscated way. For example, by leveraging Office macros or making the user to “Enable content” which is disabled by default…
Microsoft Cloud App Security – 5 reasons to start using it
As a Cloud Access Security Broker (CASB), Microsoft Cloud App Security – or MCAS as I will call it in this post – is a central cloud security tool that let’s you gain visibility and control over your cloud services. It also offers a variety of ways to analyse cloud usage and potential threats like…
From the field: forced password reset in Azure AD Identity Protection
Azure AD Identity Protection is one of the most sophisticated features in Azure Active Directory (Premium P2). Based on Microsoft’s Intelligent Security Graph it detects users and sign-ins at risk and responds at a level you select. If you have the required licenses it should be part of every cloud security baseline. It features different…
Cloud configuration of AppLocker using Intune and MDATP
In this post I will give you a quick overview about cloud configuration of AppLocker using Intune and MDATP. AppLocker has been with us for quite some time now reaching back all the way to good old Windows 7. Although it is not the best solution from a technical point of view (there’s Windows Defender…
Going passwordless with Azure Active Directory
Passwords are not ideal A world without passwords! Passwordless – seems to be the dream for anyone that has to manage a number of accounts. Who even likes passwords? Well, I know who doesn’t: IT admins don’t like passwords Why passwords are a major pain point for many organizations: reused credentials across multiple services increase…
Microsoft 365 E5 security baseline
As a license bundle, Microsoft 365 E5 combines Office 365 E5, Enterprise Mobility + Security (EM+S) E5, and Windows 10 Enterprise E5. Regarding security it offers even more advanced features compared to M365 E3. This post builds upon the E3 version that was also published on my blog: https://chrisonsecurity.net/2019/01/27/microsoft-365-e3-security-baseline/ What you get (security related) Office…
Microsoft 365 E3 security baseline
As a license bundle, Microsoft 365 E3 combines Office 365 E3, Enterprise Mobility + Security (EM+S) E3, and Windows 10 Enterprise E3. It’s the way to go if you want to add advanced security features to you O365 workloads and you also need a Windows 10 Enterprise license anyway. If you want to get to…
New Microsoft licenses: Microsoft 365 Security & Compliance
Yep, there’s Microsoft 365 E5 with all its security features. However, most companies are hesitant to choose this license mainly due to financial reasons. Luckily, Microsoft just announced new packages that include the most useful security tools at lesser cost: Microsoft 365 E5 Security & Microsoft 365 E5 Compliance. However, please keep in mind that…
Getting started with Microsoft Cloud App Security Conditional Access App Control
Microsoft Cloud App Security Conditional Access App Control – phew, what a name. A good reason to keep the technology behind it as simple as possible. So, what does it do? Basically, Microsoft Cloud … ok ok I’ll keep it a bit shorter, MCASCAAC is a reverse proxy architecture that allows you to actively control…