https://campbell.scot/tags/conditional-access/ Recent content in Conditional-Access on Ru Campbell MVP Hugo en-gb Fri, 09 Feb 2024 17:30:41 +0000 https://campbell.scot/microsoft-defender-for-cloud-apps-common-microsoft-security-mistakes-series/ Fri, 09 Feb 2024 17:30:41 +0000 https://campbell.scot/microsoft-defender-for-cloud-apps-common-microsoft-security-mistakes-series/ <p>Defender for Cloud Apps (MDA) is such a hidden gem. When talking with Microsoft 365 E5 customers, it&rsquo;s amazing how few of them really grab MDA and squeeze all they can out of it. It&rsquo;s often classified as a cloud access security broker (CASB) but that&rsquo;s an oversimplication: the product can do so much more such as SaaS security posture management (SSPM) and, most topical in light of <a href="https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/">recent events</a>, OAuth app governance.</p> https://campbell.scot/entra-id-protection-common-microsoft-365-security-mistakes-series/ Wed, 07 Feb 2024 17:54:59 +0000 https://campbell.scot/entra-id-protection-common-microsoft-365-security-mistakes-series/ <p>Signals from across Microsoft&rsquo;s services and ecosystems inform Entra ID Protection to detect risk. The risk detections can alert administrators or, better still, combine with other Entra and Defender XDR capabilities to perform remediation and prevention. The most obvious example of this may be preventing a risky sign in. Contrary to popular understanding, not all of Entra ID Protection&rsquo;s detections are limited to the Entra ID P2 license: the nonpremium risks listed <a href="https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks#sign-in-risk-detections">here</a> don&rsquo;t require P2.</p> https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/ Sun, 19 Nov 2023 14:01:41 +0000 https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/ <p>Entra ID&rsquo;s P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader <em>identity governance</em> features, and is most known for enabling just-in-time admin rights. For example, you are <em>eligible</em> to become an administrator for a maximum of <em>X</em> hours, at which point the permissions expire and you need to reactivate.</p> <p>This blog covers five of the common misconfigurations and misunderstandings I see with customers. Intuitive as PIM may appear, there are some gotchas you need to be aware of. It is a follow up from my previous <a href="https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/">Conditional Access – Common Microsoft 365 Security Mistakes Series</a> article.</p> https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/ Thu, 05 Oct 2023 21:11:27 +0000 https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/ <p>Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you&rsquo;ve spent any time securing your tenant and Entra resources, you&rsquo;ll know what Conditional Access is by now, so we&rsquo;ll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes I see when helping folks out with it.</p> <p>These aren&rsquo;t listed in any particular order, and the devil&rsquo;s in the details, so make sure you read the full post instead of just skimming the bullet points! There are also <em>way</em> more than five mistakes you can make with Conditional Access, but let&rsquo;s start with these.</p>