Browsed by
Category: Conditional Access

Continuous Access Evaluation: Rise of the Claim challenge

Continuous Access Evaluation: Rise of the Claim challenge

Hi, Refresh tokens, Hi lag when Terminating users or setting a new password. Welcome continuous access evaluation (CAE), bye lag (1 hour refresh token) Claim challenge is a mechanism to indicate the token was rejected and a new token needs to be issued. So what are the benefits: User termination or password change/reset: User session revocation will be enforced in near real time. Network location change: Conditional Access location policies will be enforced in near real time. Token export to…

Read More Read More

Basic Authentication and the Last Crusade

Basic Authentication and the Last Crusade

In this blog I’ll show you a new option to disable basic authentication protocols. Like most of you probably know, Microsoft is going to disable basic authentication for ActiveSync, PowerShell, Exchange Web Service, POP3 and IMAP4. You should especially disable POP3 and IMAP basic authentication as soon as possible. Of course, implementing conditional access rules is the way to go. Read my other blog to learn how to automate your conditional access deployment. When not having the proper licensing for…

Read More Read More

The curse of the IPV6 and conditional access.

The curse of the IPV6 and conditional access.

Imagine this scenario:  Your customer who wants to migrate to Office365, but without compliant devices. You still want to protect their data. One of the conditional access rules you’ll probably implement: blocking access from foreign countries. It’s not the best conditional access policy out there, but hey… It creates another barrier. Beware of the IPV6 curse though. Conditional access and IPV6 don’t go well together. When you implement this policy without your devices being compliant, there is a possibility users…

Read More Read More

Conditional Access, the good, the bad and the ugly

Conditional Access, the good, the bad and the ugly

What do I mean by this?  Conditional access is a powerful tool within the Microsoft 365 environment. Even when you implement just the basics it provides your tenant with a security baseline. There are some quirks and flaws that I’ll cover in this blog:  The good: You can control the IF and THEN conditions. For example, IF an end-user tries to connect to portal.office.com from a non-compliant device, THEN it should prompt you for MFA. There are a lot of other possible conditional access rules you could implement giving you more control about things as risky…

Read More Read More

Conditional Access “To Go”

Conditional Access “To Go”

Last week I published an overview of the best Conditional Access policies for the SMB. It can come in handy when deploying conditional access to your customers. Hopefully, you don’t make any mistakes when configuring the policies.  Like “oops” I just locked myself out of the Tenant. So why not creating a baseline, you can simply import in your tenant?  I have seen a lot of scripts that can do the same. You have to create an App in your…

Read More Read More

Conditional Access Design Guide

Conditional Access Design Guide

Of course, you will need Conditional Access to secure your Office 365 tenant. There are many articles written about it and why you need it.  I am not going to do this. So what am I going to do?  I will give an overview of the, in my opinion, most commonly used Conditional Access rules for SMB. When to use them? When you have a customer working with Azure Ad joined / Compliant Devices and you really want to secure…

Read More Read More

Why only MFA  doesn’t “pay the bills”? 

Why only MFA  doesn’t “pay the bills”? 

There are a lot of people telling you MFA is very important and of course, they are right to tell you so… About 99.9% of compromised accounts aren’t equipped with MFA. And when an “attacker” gets access to the mailbox they will abuse the Mailbox. For example, they could send more phishing emails to the users contacts. The attacker could also create a mailbox rule to either forward or simply delete all incoming mail.   Turning MFA on is not very difficult to do. All it requires is the Microsoft Authenticator app. After you’ve installed the app just go through the steps at: https://aka.ms/mfasetup   When MFA is active, security is 50% regulated, 50% you ask? Yes, 50%…  Often the…

Read More Read More

My first blogpost :)

My first blogpost :)

I have been thinking a lot about creating a website and to start blogging. The time is now. This a video (in dutch…) how I configured one of my test office365 tenants. The setup of this tenant took about a half-hour. Below the video are some details of what I have done in about a half-hour (after waiting a long time for the Microsoft 365 Business License to be activated on the tenant) Some stuff I had to do manually….

Read More Read More