Browsed by
Month: September 2020

A million ways to implement ISO 27001 controls.

A million ways to implement ISO 27001 controls.

After being inspired by Alexander Fields about the CIS framework and Microsoft 365, I took a deep dive into mapping ISO 27001 to a zero-trust modern workplace. I’ll try to show you how Microsoft 365 Business can help you with your ISO 27001 adventure. The ISO 27001 Framework has many CIS controls included. You can check out the mapping of CIS controls to ISO 27001 right here: I’ve created the ultimate Visio flow to help our customers transform their organizations…

Read More Read More

The Wolf of Azure Active Directory Sync Errors

The Wolf of Azure Active Directory Sync Errors

This blog will be about a weird error when trying to remove an email alias: “An azure active directory call was made to keep object in sync between azure active directory and exchange online” Sometimes an easy question can result in taking away much of your time. We got a simple question: Could you remove an email alias and create a shared mailbox with this email address? So you have got 2 options here. The GUI and PowerShell. So I…

Read More Read More

Continuous Access Evaluation: Rise of the Claim challenge

Continuous Access Evaluation: Rise of the Claim challenge

Hi, Refresh tokens, Hi lag when Terminating users or setting a new password. Welcome continuous access evaluation (CAE), bye lag (1 hour refresh token) Claim challenge is a mechanism to indicate the token was rejected and a new token needs to be issued. So what are the benefits: User termination or password change/reset: User session revocation will be enforced in near real time. Network location change: Conditional Access location policies will be enforced in near real time. Token export to…

Read More Read More

MCAS: Judgement Day

MCAS: Judgement Day

This blog will be about how I broke my own Microsoft Cloud App Security instance. Cloud App Security is a fantastic product, it can help you discovering and protecting all that’s in your Microsoft 365 tenant. Some time ago I wrote an article on how to automate your Cloud App Security Enrollment. It can come in handy when you want to deploy all your custom made alerts to a new tenant. In the mean time I added a lot more…

Read More Read More

The Man Who Shot Office Hardware acceleration

The Man Who Shot Office Hardware acceleration

This simple blog will be about why Outlook can be seriously lagging while typing. And I mean seriously lagging. Some letters will pop up 10/15 seconds after typing.  The probability this issue will be resolved by buying a new laptop is very small. I have seen this happen on all kinds of devices, old and new devices. Open your Task Manager and look at gpu-engine. You will notice: GPU 0 – 3D This means Outlook is using hardware graphics acceleration. …

Read More Read More

Guardians of the Local Admin rights

Guardians of the Local Admin rights

Granting your users local admin permissions when deploying Windows 10 is really really best practice…I’m joking, no it’s not! I must be saying this a lot lately. You need to be certain all of your endpoints are managed, so you can make sure your users don’t have local admin permissions. You don’t believe me that your endpoints need to be managed? Take a look at these two examples (Alex Fields): Removing local admin permissions mitigates a lot of critical Microsoft…

Read More Read More

The never-ending Command Prompt

The never-ending Command Prompt

Some time ago I showed you the options you have to block the administrative tools like CMD and Regedit. Within the latest insider preview 20185 I noticed a new ADMX file So? We can block cmd and regedit by configuring a CSP, right? I enrolled a new Window 10 Enterprise VM and updated to the last insider preview update. After my new VM was configured, I tried to configure this CSP by creating a new device configuration profile like this:…

Read More Read More

Lost in monitoring Onedrive

Lost in monitoring Onedrive

In this blog, I will be showing you why it’s very important to monitor OneDrive and how to set up Onedrive Monitoring on your endpoints. When you enabled KFM and mounted some Team sites as I showed in one of my blogs, you have to make sure OneDrive is always working and your files are up-to-date. Monitoring your users OneDrive can be a Bitch, because there are no event logs or register values you can monitor to make sure OneDrive…

Read More Read More

The Place Beyond the Guests

The Place Beyond the Guests

Restricting guest access is very important. Normally you don’t want a guest user to see the membership of any groups. Of course, there are some situations you don’t want to change this setting. You can simply change this in the user manage external collaboration settings inside the azure ad portal. https://aka.ms/AADRestrictedGuestAccess Or just use PowerShell. Add this setting to your Enrollment template so when enrolling a new customer, this setting will not be forgotten. get-AzureADMSAuthorizationPolicy | Set-AzureADMSAuthorizationPolicy -GuestUserRoleId ‘2af84b1e-32c8-42b7-82bc-daa82404023b’ Conclusion:…

Read More Read More

Thank you for Application Guard for Office apps.

Thank you for Application Guard for Office apps.

In this blog, I will show you, how to start testing with Application Guard for Office apps. To make sure Malware can’t get their foot in the door, you have to protect your endpoint. Hardening your Office apps is the first step. Some time ago Microsoft created the possibility to isolate your Office app documents you open from an untrusted location… First you have to meet the minimum software and license requirements Windows 10 Enterprise edition, Client Build version 2004…

Read More Read More