Browsed by
Month: June 2020

The curse of the IPV6 and conditional access.

The curse of the IPV6 and conditional access.

Imagine this scenario:  Your customer who wants to migrate to Office365, but without compliant devices. You still want to protect their data. One of the conditional access rules you’ll probably implement: blocking access from foreign countries. It’s not the best conditional access policy out there, but hey… It creates another barrier. Beware of the IPV6 curse though. Conditional access and IPV6 don’t go well together. When you implement this policy without your devices being compliant, there is a possibility users…

Read More Read More

Conditional Access, the good, the bad and the ugly

Conditional Access, the good, the bad and the ugly

What do I mean by this?  Conditional access is a powerful tool within the Microsoft 365 environment. Even when you implement just the basics it provides your tenant with a security baseline. There are some quirks and flaws that I’ll cover in this blog:  The good: You can control the IF and THEN conditions. For example, IF an end-user tries to connect to portal.office.com from a non-compliant device, THEN it should prompt you for MFA. There are a lot of other possible conditional access rules you could implement giving you more control about things as risky…

Read More Read More

The Return of the Giphy

The Return of the Giphy

It’s time for a “funny” blog. Giphy… I never realized there’s a difference between posting GIFs in Whatsapp or Teams. Within Teams there are 2 options to allow or block GIFs. Within the team Settings. Organization-wide. It could be a part of your governance strategy. But why would you block it? Looking at the restriction options. Giphy content rating. No restriction This means that your users will be able to insert any GIF in chats regardless of the content rating. Moderate This…

Read More Read More

Secure your data like it was Fort Knox

Secure your data like it was Fort Knox

One thing is certain, you need to protect your (important) data at all cost. Otherwise it could come back to haunt you. Luckily there are multiple options to protect your data. Each option has its pro’s and con’s and you can also combine some of them for the best security. Restrict downloading files from unmanaged devices Apply sensitivity labels on all important data Apply sensitivity labels when downloading files from unmanaged devices Restrict Copy Paste on unmanaged devices 1. Restrict…

Read More Read More

Conditional Access “To Go”

Conditional Access “To Go”

Last week I published an overview of the best Conditional Access policies for the SMB. It can come in handy when deploying conditional access to your customers. Hopefully, you don’t make any mistakes when configuring the policies.  Like “oops” I just locked myself out of the Tenant. So why not creating a baseline, you can simply import in your tenant?  I have seen a lot of scripts that can do the same. You have to create an App in your…

Read More Read More

Applocker à la minute

Applocker à la minute

In one of my last blogs, I explained how to make sure access to Administrative Tools can be restricted using a GUI. It’s really simple to implement. But… you can do more, much more. What if I tell you, you can deploy a complete Applocker policy just within a few seconds? It only requires two scripts; a deployment script which makes the connection to Graph and another script which contains the JSON (config) itself Links to the Scripts (in a…

Read More Read More

Conditional Access Design Guide

Conditional Access Design Guide

Of course, you will need Conditional Access to secure your Office 365 tenant. There are many articles written about it and why you need it.  I am not going to do this. So what am I going to do?  I will give an overview of the, in my opinion, most commonly used Conditional Access rules for SMB. When to use them? When you have a customer working with Azure Ad joined / Compliant Devices and you really want to secure…

Read More Read More

Managing Apps in the Microsoft Store.

Managing Apps in the Microsoft Store.

The Microsoft Store. An ideal place to download Spotify/Netflix on a Company Owned device. Of course, you want to block this. There are several ways to block the Microsoft Store so it can’t be accessed at all. But why not only allowing certain Apps, so only Microsoft Apps or Company apps can be installed/opened. The best option is to make sure only your Private store is available. It only requires a CSP to do so. ./User/Vendor/MSFT/Policy/Config/ApplicationManagement/RequirePrivateStoreOnly But, looking at the…

Read More Read More

Blocking Administrative Apps like the Command Prompt In Intune.

Blocking Administrative Apps like the Command Prompt In Intune.

Unfortunately there is no simple GUI option to block the Command Prompt/Windows Powershell and Regedit in intune.  Guess what? That’s wrong. You can make sure these apps can be denied. To do so, open the education Intune portal instead of the normal Intune portal. https://intuneeducation.portal.azure.com/ Groups –> All Devices (or create a custom group) –> Settings –> Apps –> Block Access to administrative apps Guess what it does? It just creates a custom Applocker policy in your normal Intune Portal….

Read More Read More

Why only an Exchange Online license’s does not cut it.

Why only an Exchange Online license’s does not cut it.

Everyone is currently using Microsoft Office 365 Exchange Online. With the Corona Virus, surely Microsoft Teams has been added. We just assume that Microsoft has its security in place. But only an Exchange Online and a Microsoft Teams license, is unfortunately not enough. Why buy a license that is almost half more expensive in addition to an Exchange online license? You actually have to ask yourself a simple question. What is cheaper? Opening the newspaper to read, a hacker has had access…

Read More Read More