Understanding Application Guard for Office, Now Generally Available

Understanding Application Guard for Office, Now Generally Available

Application Guard first appeared in Windows 10 1709 ("Fall Creators Update") to isolate Edge browser activity within a Hyper V container.  Microsoft now extends that same idea to Word, Excel, and PowerPoint in Office 365 ProPlus Microsoft 365 Apps for Enterprise on Windows 10... ... if you have Microsoft 365 E5 or E5 Security.  You knew that was coming! With Application Guard for Office, your files can open in a sandbox without access local…
Understanding Modern vs. Legacy Authentication in Microsoft 365

Understanding Modern vs. Legacy Authentication in Microsoft 365

Since October 2019, Microsoft has enabled Security Defaults by default in new Microsoft 365 tenants.  Security Defaults are a group of best-practice security settings, and one of note is the disablement of all legacy authentication, which itself has been off in Exchange Online and SharePoint Online, by default, since August 2017. The term legacy authentication doesn't refer to one particular protocol, but rather any that do not support Multi-Factor Authentication (MFA).  Protocols that support…
Store BitLocker Recovery Keys in Azure AD for Devices Already Encrypted

Store BitLocker Recovery Keys in Azure AD for Devices Already Encrypted

As you move from on-premises or third-party infrastructure to Microsoft 365 and Azure AD, you will want to keep those BitLocker recovery keys safe.  You can store those keys either in on-premises Active Directory or in the cloud with Azure AD. The behavior of the BitLocker / Azure AD relationship is that the recovery keys will only be stored against the device object in Azure AD if the encryption happens when the device is…