Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series

Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series

Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) are the email and collaboration security services native to Microsoft 365. EOP is included at all levels of licensing for Exchange Online, with MDO bringing additional security capabilities to license levels such as Business Premium, Microsoft 365 E3, and Microsoft 365 E5. In this blog, I'll review five of the most common security mistakes I see in tenants regarding EOP and MDO. Realistically,…
Conditional Access – Common Microsoft 365 Security Mistakes Series

Conditional Access – Common Microsoft 365 Security Mistakes Series

Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you've spent any time securing your tenant and Entra resources, you'll know what Conditional Access is by now, so we'll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes I see when helping folks out with it. These aren't listed in any particular order, and the devil's in the details,…
Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities

Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities

In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to configure endpoint settings. In this blog, we'll look at what that change is, why it was necessary, initial impressions, and what you might want to do next. Historic management architecture needed simplifying MDE (and it's Windows client, Microsoft Defender Antivirus (MDAV)) always stood out from the crowd of endpoint…
Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System

Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System

It's been about 5 months since I last updated my comparison of Defender for Endpoint features by OS.  This is a "matrix" of the tons of features, services, and important components that make up Microsoft Defender for Endpoint. Three months later, it's overdue an update.  So here it is :)  I've also decided to rename it to The Ultimate Comparison of MDE Features by OS... because renaming's what we do, right? Changes include but…
Exploring Microsoft 365’s NOBELIUM Defence Capabilities

Exploring Microsoft 365’s NOBELIUM Defence Capabilities

I recently read through an excellent article by Mandiant, which recently split with FireEye, on their findings and analysis of the continued actions of suspected nation-state actor NOBELIUM.  This group appeared on most IT pro's radar because of their SolarWinds' software supply chain.  You are probably familiar with it by now, but if not, the tl;dr is that SolarWinds' Orion IT software was "trojanised" via an attack on their software supply chain.  Orion is…
Updated October 2021: Availability of Defender for Endpoint Features by Operating System

Updated October 2021: Availability of Defender for Endpoint Features by Operating System

In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS).  This was a "matrix" of the tons of features, services, and important components that make up Microsoft Defender for Endpoint. Three months later, it's overdue an update.  So here it is :) The headline news is that, in preview anyway, there's a bunch of additions to Windows Server 2012…
The Big Comparison of Defender for Endpoint Features by Operating System

The Big Comparison of Defender for Endpoint Features by Operating System

Microsoft Defender for Endpoint (MDE) is a massive platform.  It's not a single product, and it's more than just a service.  It's a platform of tons of security features, portals, services, and controls.  The more you dig in, the more elements of general Microsoft security have been included in the MDE "branding".  It's not only endpoint detection and response (EDR), but also Windows 10 security settings.  It's not just the security software on the…
Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)

Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)

Office 365, or Microsoft 365 Apps for Enterprise, or whatever it's called this month, can be deployed by Intune to Windows 10 devices using a built-in wizard.  The advantage of this is you don't need to package anything: you fill out some nice drop-downs and options in a GUI, assign it like any other app, and Microsoft takes care of the rest. In the background, this is using the Office CSP to deploy the…
Three Cool Things To Do With Azure Information Protection

Three Cool Things To Do With Azure Information Protection

In my last blog, I wrote about three considerations for your Azure Information Protection deployments and commented on often overlooked potential downsides, or at least areas with which to be cautious. In hindsight, it all feels a bit negative.  I am, for the record, an advocate of Microsoft 365 customers using AIP (sensitivity labels) in basically any circumstance it's appropriate to do so.  So in this blog, I'll counter the earlier post with three…
Three Considerations for Azure Information Protection Deployments

Three Considerations for Azure Information Protection Deployments

Azure Information Protection (AIP) - more accurately exposed to Microsoft 365 now as sensitivity labels - is close to the top of my favourite wins for securing your data in a Microsoft ecosystem.  While designing a detailed labelling and classification system is far from quick, it is quick to get up and running with baseline policies that protect your confidential company data from getting read outside the company.  Simply by applying a sensitivity label…