The 10 Technical IT Books of Most Influence on Me
Posted inBooks Miscellaneous

The 10 Technical IT Books of Most Influence on Me

In the name of transparency, or maybe stating the bleeding obvious, I confess I am that guy who can happily read an IT reference book or something like docs.microsoft.com or Practical 365 in the way someone else would read a popular fiction book.  It's partly an inability to turn off from the job, and partly just because I like learning how everything works.  I've digested a ton of them over the last decade, so…
Posted inExchange Online Office 365 PowerShell

PowerShell: Run Cmdlet If Another Was Successful (And Keep Trying Until It Is)

Today I'm sharing a useful bit of PowerShell I gracelessly punt from script to script whenever I need to make sure a prerequisite it met before running something and to keep checking until it's met, then run what I need: "do X when Y is ready and keep checking Y until it's ready". The original use for this was my script to create a new Microsoft 365 user, but hold off on some parts…
The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Cloud Apps Office 365

The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)

Microsoft Cloud App Security (MCAS), Redmond's cloud app security broker (CASB) offering, is a powerful tool for investigating and pro-actively controlling your SaaS estate.  It includes tools such as reverse proxying to control sessions and sits inside the Microsoft Threat Protection stack alongside Defender ATP, Office 365 ATP, and Azure ATP.  MCAS started life as Adallom prior to Microsoft's acquisition of that company in 2015.  It's included in Microsoft 365 E5 and numerous other…
Getting Started with Azure AD Identity Governance – Part 3: Privileged Identity Management (PIM)
Posted inEntra ID (Azure Active Directory) Identity Governance Microsoft 365 Privileged Identity Management

Getting Started with Azure AD Identity Governance – Part 3: Privileged Identity Management (PIM)

This blog is the last in a small series on Azure AD Premium P2's Identity Governance toolkit. Part 1: Entitlement Management Part 2: Access Reviews Part 3: Privileged Identity Management (PIM) (this post) PIM is an Azure AD P2 feature that enables just-in-time (JIT) admin rights in Azure and Azure AD.  Historically, best practice has been for users to have a separate account for admin tasks, as protection against the primary account if breached. …
Getting Started with Azure AD Identity Governance – Part 2: Access Reviews
Posted inAccess Reviews Entra ID (Azure Active Directory) Identity Governance Microsoft 365

Getting Started with Azure AD Identity Governance – Part 2: Access Reviews

This blog is the second in a small series on Azure AD Premium P2's Identity Governance toolkit. Part 1: Entitlement Management Part 2: Access Reviews (this post) Part 3: Privileged Identity Management (PIM) Historically, the apps, groups, and rights a user had were all under central and constant management by IT.  Azure AD and modern management have pushed this towards 'self-service', including guest users, which improves productivity.  The goal of Azure AD access reviews…
Getting Started with Azure AD Identity Governance – Part 1: Entitlement Management
Posted inEntitlement Management Entra ID (Azure Active Directory) Identity Governance Microsoft 365

Getting Started with Azure AD Identity Governance – Part 1: Entitlement Management

This blog is the first in a small series on Azure AD Premium P2's Identity Governance toolkit. Part 1: Entitlement Management (this post) Part 2: Access reviews Part 3: Privileged Identity Management (PIM) Azure AD entitlement management is a bit of an overlooked gem.  It's a feature that automates the processes for giving users access to resources. The typical scenario is a user has just joined a new department or is a new employee. …
Microsoft Defender for Endpoint Web Content Filtering – Migrate Rules from Existing Security Software
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Endpoint

Microsoft Defender for Endpoint Web Content Filtering – Migrate Rules from Existing Security Software

In my last blog, I wrote about web content filtering in MDATP and how it now allows you to block website categories on the client across all apps.  Category blockers are great because, with one easy checkbox, you ban hundreds of thousands of dangerous on inappropriate websites.  Nothing is perfect, though, and anyone who's ever worked a helpdesk or SOC will attest that false positives and false negatives are common. The engine for MDATP…
Microsoft Defender for Endpoint Web Content Filtering – Administration, Limitations, and User Experience
Posted inConfiguration Manager Microsoft 365 Microsoft Defender Microsoft Defender for Endpoint Microsoft Intune

Microsoft Defender for Endpoint Web Content Filtering – Administration, Limitations, and User Experience

Historically, one of the big features missing "out of the box" with MDATP was web content filtering.  Customers typically look at MDATP as an option when their existing endpoint security is due for license renewal, and compare their existing solution against it.  They would be moving from one of the big security vendors such as Sophos, Norton, and McAfee, which all supported web content filtering.  Higher lever stakeholders often listed the ability to block…
Sign In to Azure AD Using Google with Azure AD External Identities
Posted inEntra ID (Azure Active Directory) External Identities Microsoft 365

Sign In to Azure AD Using Google with Azure AD External Identities

External Identities is a new public preview feature of Azure AD which allows external users to authenticate with a non-Microsoft account such as their Google or Facebook identity.  This has been available in Azure AD B2C for some time, but that solution is really targetted at highly customised applications with potentially millions of users.  External Identities opens up that idea to you ordinary Azure AD tenant so that any SAML or WS-Fed IdP can…
The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance
Posted inMicrosoft 365 Office 365

The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance

There are currently three separate admin consoles in Microsoft 365 for administrators to view or configure security and compliance policies, alerts, and reports.  Believe it or not, this is down from four at the peak of just-tell-me-where-to-go-to-do-this.  This doesn't even include consoles such as Microsoft Cloud App Security (MCAS).  The direction things are heading is good, as I'll explain in this blog, but the situation does highlight Microsoft's relatively new culture and position of…