Conditional-Access on Ru Campbell MVP

Microsoft Defender for Cloud Apps - Common Microsoft 365 Security Mistakes Series

Fri, 09 Feb 2024 17:30:41 +0000

Defender for Cloud Apps (MDA) is such a hidden gem. When talking with Microsoft 365 E5 customers, it’s amazing how few of them really grab MDA and squeeze all they can out of it. It’s often classified as a cloud access security broker (CASB) but that’s an oversimplication: the product can do so much more such as SaaS security posture management (SSPM) and, most topical in light of recent events, OAuth app governance.

Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series

Sun, 19 Nov 2023 14:01:41 +0000

Entra ID’s P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader identity governance features, and is most known for enabling just-in-time admin rights. For example, you are eligible to become an administrator for a maximum of X hours, at which point the permissions expire and you need to reactivate.

This blog covers five of the common misconfigurations and misunderstandings I see with customers. Intuitive as PIM may appear, there are some gotchas you need to be aware of. It is a follow up from my previous Conditional Access – Common Microsoft 365 Security Mistakes Series article.

Conditional Access - Common Microsoft 365 Security Mistakes Series

Thu, 05 Oct 2023 21:11:27 +0000

Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you’ve spent any time securing your tenant and Entra resources, you’ll know what Conditional Access is by now, so we’ll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes I see when helping folks out with it.

These aren’t listed in any particular order, and the devil’s in the details, so make sure you read the full post instead of just skimming the bullet points! There are also way more than five mistakes you can make with Conditional Access, but let’s start with these.

Stop Making These Conditional Access Mistakes

Tue, 16 May 2023 09:14:28 +0000

Conditional Access is the most important security feature you will configure in Azure AD. You need to get this right, or most other things don’t even matter.

Compared to on-premises AD, which requires line of sight to a domain infrastructure often limited to physical or VPN access, Azure AD is wide open by default. Users can authenticate from anywhere, on any device.

Conditional Access: Skip MFA for Company Devices on the Company Network

Wed, 31 Mar 2021 07:13:29 +0000

A common Conditional Access policy is to add trusted locations as an exception to multi-factor authorisation requirements. The logic goes, if you accessing resources such as Office 365 from a location such as the corporate office, that’s an element of verification in itself that your login should be trusted, so we should improve your user experience by removing MFA. Personally, I support the use of MFA regardless of where you are authenticating (at the very least, if you have an Azure AD admin role assigned). However, doing something like this is a great option if you are introducing MFA from scratch: you will improve user buy in the less you change their standard experience. Then, increase the scope gradually.