Microsoft Cloud App Security (MCAS) has the capability to monitor user activity, manage cloud applications, detect suspicious activity, discover shadow-IT and force security and compliance policies for Microsoft and non-Microsoft applications. In this blog post my focus is mainly on the policies to control data exfiltration from an IT-environment. It is described how to prevent … Continue reading Block downloads with Cloud App Security and Conditional Access
New ‘My Profile Experience’
Recently Microsoft made it possible to give users an overview in which they can manage their own security information, authentication methods (Security key & MFA), identity and devices etc. This is called the enhanced security info registration experience (figure 1). Figure 1. Overview of security features from the enhanced security info registration page. Not enabled … Continue reading New ‘My Profile Experience’
Passwordless Sign-in Azure AD with FIDO2
As indicated in my previous blog post about passwordless sign-in via the Microsoft Authenticator, passwordless sign-in is becoming more and more popular. Using paswordless sign-in it is possible to authenticate with a fingerprint, face recognition or a Universal 2 Factor (U2F) open authentication standard such as the Yubikey FIDO2 (Fast IDentity Online) key, rather than … Continue reading Passwordless Sign-in Azure AD with FIDO2
Passwordless Sign-in Azure AD
Multifactor Authentication (MFA) can be used to make login more secure. In addition to MFA, passwordless sign-in becomes increasingly popular lately. Using passwordless sign-in, a password is not required at the time of logging into, for example, the Microsoft Online services. Passwordless sign-in ensures that the password is replaced by notifications that are received and … Continue reading Passwordless Sign-in Azure AD
Protect your data with Microsoft Intune – Part II
Introduction In the previous blog post the implementation and configuration of Intune on Windows devices was explained. In this part of the blog post I will describe the possibilities that Intune has, regarding to Mobile Application Management (MAM) and Mobile Device Management on Apple devices, including modern authentication. Like Part I of this blog post, … Continue reading Protect your data with Microsoft Intune – Part II
Protect your data with Microsoft Intune – Part I
Introduction Microsoft Intune is part of Enterprise Mobility + Security (EMS). Intune is known for its capabilities to manage PC’s, laptops, mobile devices and applications in large and small companies. Working with Microsoft 365, Intune facilitates securing access to applications and company data and keeps data protected, both inside and outside the company network. Intune … Continue reading Protect your data with Microsoft Intune – Part I
Remove Azure Information Protection Labels
Once you work with Azure Information Protection (AIP) labels, you may want to remove some labels you created during configuration and testing. After deleting these labels in the interface, the deleted labels will be displayed under ‘Protection Templates’, see figure 1. Figure 1. Azure Information Protection label overview. It is not possible to completely remove … Continue reading Remove Azure Information Protection Labels
Protect your data with Azure Information Protection
Data protection should always get priority and must be on top of mind in organizations that store and transfer sensitive data. Especially in these days, when it’s more important than ever before to protect data. Also, after May 25th, 2018 organizations needs to be compliant and must follow the standards of the General Data Protection … Continue reading Protect your data with Azure Information Protection
Migrate shared mailboxes to Exchange Online
Regularly I get the question from customers how to move shared mailboxes to Exchange Online and which considerations they should make before doing so. For this reason, I decided to write a little bit about this subject. What is a shared mailbox? A shared mailbox is used to send and receive email from a common … Continue reading Migrate shared mailboxes to Exchange Online
Create an Active Directory Trust
Introduction In my previous blogpost I described how to configure a Site-to-site Virtual Private Network (VPN) connection in Microsoft Azure. In this blogpost I will explain how to create an Active Directory (AD) trust. This particular trust will create the possibility for users in the external domain (on-premises) to authenticate in the Azure domain. This … Continue reading Create an Active Directory Trust