I’ve been doing a bit of work recently with URL/Domain Indicators in “block execution” mode and thought it might be usefult to share my experience here. I found a website that isn’t blocked in Chrome and I suspect that my experience may not be unique. This article briefly covers how to use Indicators to block… Read More »
I came across something quite surprising (to me at least) the other day, so I thought I would share it here in case others come across the same behaviour. What I found is that that the Entra ID audit log doesn’t always show an entry for removal of a member from a group. Specifically, if… Read More »
When something runs in Audit mode, you generally expect it not to block anything, right? I recently found an anomaly with Microsoft Defender Application Control runing in Audit mode causing .hta files not to open. An HTML Application (HTA) is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or… Read More »
SharePoint Online offers a nifty security feature known as “app-enforced restrictions”. In this article, I will briefly describe the feature and show you how to enable it. I will also point out why there is a need to be aware of what is happening in the background in case turning it on causes issues for… Read More »
If you’ve ever needed to do some troubleshooting with Exchange Online (EXO) message delivery, you’ll know how useful the Extended Report capability can be. One thing I noticed recently is that while the Summary Report is typically available within a few minutes of the message being handled by EXO, it can take considerably longer for… Read More »
You may have heard recently that Microsoft has rebranded their Advanced Threat Protection (ATP) offerings. I’m putting this up here because I keep forgetting their new names. This is what they look like: Microsoft 365 Defender (previously Microsoft Threat Protection)Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)Microsoft Defender for Office 365 (previously Office… Read More »
With about six weeks to go until Microsoft starts to deprecate versions of Azure AD Connect released more than 18 months ago, it’s a good time to check which version you’re running. The version release history site for AAD Connect is displaying the statement below. It’s not immediately clear what the word “deprecation” actually implies… Read More »
If you are using Microsoft Authenticator for MFA or for signing in to your accounts then you should give some thought to enabling the App Lock feature. App Lock requires you to authenticate (using biometric or PIN) before opening the app for use. This is a very handy feature given the potentially sensitive information the… Read More »
If, like me, you regularly lose track of what features exist where in the plethora of Microsoft cloud portals, hopefully this list will help you find your way. Or at least give you a URL as a starting point. I’ll attempt to keep this up-to-date, so if you see something missing please leave a comment… Read More »
One of my customers is using Password Hash Synchronisation (PHS) as their Azure Active Directory authentication method for users synced from on-premises AD. Not having had much experience with PHS, I was a little surprised to learn recently that PHS users have cloud passwords that do not conform to the default AAD 90 day expiry.… Read More »