Microsoft 365: The Essential 10 Security Considerations
Posted inEntra ID (Azure Active Directory) Microsoft 365 Microsoft Defender Microsoft Intune Microsoft Purview Windows

Microsoft 365: The Essential 10 Security Considerations

When we talk about Microsoft 365 security, we are talking about two things: Securing Microsoft 365 the platform, such as Exchange Online, SharePoint Online, Microsoft 365 Copilot; ensuring they are hardened and monitored in proportion to risk appetite. Using Microsoft 365 security tooling, such as Defender, Purview, Entra, and Intune; ensuring they are deployed, well configured, and you're not paying for capabilities gathering dust. The latter can be used to achieve the former, as well…
Thoughts on Copilot for Security’s Early Days
Posted inCopilot for Security

Thoughts on Copilot for Security’s Early Days

April 1, 2024, seen the release of Microsoft Copilot for Security to general availability (GA). It is a generative AI solution integrating with Defender XDR, Entra, Purview, and Intune. Just over a month later, it's time to write down some thoughts. In cybersecurity, we face the challenge of scarce resources — time, finances, attention, will — to identify, protect, and respond to threats and vulnerabilities. There's an old joke. One economist asks another, "How's…
[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS
Posted inMicrosoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS

Finally, it's time for a refresh.  It's been a while!  Due to personal circumstances, I haven't been able to keep the Ultimate Comparison of MDE by OS updated.  I've had time to dive into the changes since v5 and it's really been amazing to see MDE grow in scope.  What is MDE and why do we need an 'ultimate comparison'? Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint…
Entra ID Protection – Common Microsoft 365 Security Mistakes Series
Posted inEntra ID (Azure Active Directory) Entra ID Protection (Identity Protection)

Entra ID Protection – Common Microsoft 365 Security Mistakes Series

Signals from across Microsoft's services and ecosystems inform Entra ID Protection to detect risk. The risk detections can alert administrators or, better still, combine with other Entra and Defender XDR capabilities to perform remediation and prevention. The most obvious example of this may be preventing a risky sign in. Contrary to popular understanding, not all of Entra ID Protection's detections are limited to the Entra ID P2 license: the nonpremium risks listed here don't…
Microsoft Defender Vulnerability Management – Common Microsoft 365 Security Mistakes Series
Posted inMicrosoft Defender for Cloud Microsoft Defender for Endpoint Microsoft Defender Vulnerability Management Microsoft Defender XDR

Microsoft Defender Vulnerability Management – Common Microsoft 365 Security Mistakes Series

Microsoft Defender Vulnerability Management (MDVM) is an often overlooked service that can be licensed standalone or is included in other Microsoft Defender licenses. In my experience, I've never seen it licensed standalone, but customers with Defender for Endpoint (MDE) P2, Defender for Servers  (MDS) P1, and Defender for Business (MDB) benefit from it's core capabilities.  In addition to the core capabilities, add-on capabilities are available in the standalone license, Defender for Servers P2, or as…
Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series
Posted inExchange Online Exchange Online Protection Microsoft 365 Microsoft Defender Microsoft Defender for Office 365 Microsoft Defender XDR

Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series

Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) are the email and collaboration security services native to Microsoft 365. EOP is included at all levels of licensing for Exchange Online, with MDO bringing additional security capabilities to license levels such as Business Premium, Microsoft 365 E3, and Microsoft 365 E5. In this blog, I'll review five of the most common security mistakes I see in tenants regarding EOP and MDO. Realistically,…
Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series
Posted inConditional Access Entra ID (Azure Active Directory) Identity Governance Privileged Identity Management

Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series

Entra ID's P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader identity governance features, and is most known for enabling just-in-time admin rights. For example, you are eligible to become an administrator for a maximum of X hours, at which point the permissions expire and you need to reactivate. This blog covers five of the common misconfigurations and misunderstandings I see with customers. Intuitive as…
Conditional Access – Common Microsoft 365 Security Mistakes Series
Posted inAccess Reviews Conditional Access Entitlement Management Entra ID (Azure Active Directory) Microsoft 365 Microsoft Defender for Cloud Apps Privileged Identity Management

Conditional Access – Common Microsoft 365 Security Mistakes Series

Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you've spent any time securing your tenant and Entra resources, you'll know what Conditional Access is by now, so we'll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes I see when helping folks out with it. These aren't listed in any particular order, and the devil's in the details,…
Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR

Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities

In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to configure endpoint settings. In this blog, we'll look at what that change is, why it was necessary, initial impressions, and what you might want to do next. Historic management architecture needed simplifying MDE (and it's Windows client, Microsoft Defender Antivirus (MDAV)) always stood out from the crowd of endpoint…
[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS
Posted inMicrosoft Defender Microsoft Defender XDR

[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS

Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities.  It integrates with Microsoft 365 Defender (the broader XDR platform) and is available for almost any OS you'll find in an enterprise.  This cross-platform nature of MDE makes it difficult to understand and track what features and capabilities are available on each OS.  It's not always intuitive, and you may be in for some surprises. …