#cswrld — Public Fediverse posts

𝐇𝐨𝐰 𝐭𝐨 𝐜𝐫𝐞𝐚𝐭𝐞 𝐚 𝐖𝐏𝐀3 𝐖𝐢-𝐅𝐢 𝐩𝐫𝐨𝐟𝐢𝐥𝐞 𝐟𝐨𝐫 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐈𝐧𝐭𝐮𝐧𝐞

Microsoft Intune still cannot natively create a Wi-Fi profile with WPA3-Personal security at this time. Within the configuration templates, there is only Wi-Fi with WPA/WPA2 security, but WPA3 is missing.

If you have a Wi-Fi where WPA3 is enforced without hybrid mode with WPA2, then if you create a profile as WPA2, the device will not connect to it. So, if you have WPA3 enforced, you need to configure Wi-Fi using a custom profile and OMA-URI.

https://www.cswrld.com/2026/03/how-to-create-a-wpa3-wi-fi-profile-for-windows-in-microsoft-intune/

#cswrld #microsoft #intune #wifi #wpa3

𝐇𝐨𝐰 𝐂𝐨𝐧𝐝𝐢𝐭𝐢𝐨𝐧𝐚𝐥 𝐀𝐜𝐜𝐞𝐬𝐬 𝐏𝐨𝐥𝐢𝐜𝐢𝐞𝐬 𝐀𝐫𝐞 𝐄𝐯𝐚𝐥𝐮𝐚𝐭𝐞𝐝 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃

Understanding how Conditional Access policies are evaluated in Microsoft Entra ID is absolutely essential if you are involved in their creation or management.

I often encounter fundamental misunderstandings regarding how the evaluation of Conditional Access policies takes place. Many administrators are accustomed to systems like firewalls, where there is an order or priority for evaluating created rules. However, it does not work this way with Conditional Access policies in Microsoft Entra ID. Applying the same principle to Conditional Access policies will very likely lead to significant security risks.

Read my blog post bellow 👇 👇
https://www.cswrld.com/2026/02/how-conditional-access-policies-are-evaluated-in-microsoft-entra-id/

#cswrld #entraid #securitytips #conditionalaccess

𝐇𝐨𝐰 𝐭𝐨 𝐮𝐬𝐞 𝐚𝐜𝐜𝐞𝐬𝐬 𝐩𝐚𝐜𝐤𝐚𝐠𝐞𝐬 𝐭𝐨 𝐦𝐚𝐧𝐚𝐠𝐞 𝐠𝐫𝐨𝐮𝐩 𝐦𝐞𝐦𝐛𝐞𝐫𝐬𝐡𝐢𝐩𝐬

Access packages allow you to dynamically manage group, Teams, application, and SharePoint site membership based on user requests.

It works by creating an access package and then publishing it to users – either all users or a select group of users. Users can then activate the package from the My Access portal after meeting defined conditions.

https://www.cswrld.com/2026/02/how-to-use-access-packages-to-manage-group-memberships/

#cswrld #entraid #entitlementmanagement #identitygovernance #accesspackage

𝐇𝐨𝐰 𝐭𝐨 𝐠𝐞𝐭 𝐮𝐧𝐥𝐢𝐦𝐢𝐭𝐞𝐝 𝐦𝐚𝐢𝐥𝐛𝐨𝐱 𝐬𝐢𝐳𝐞 𝐢𝐧 𝐄𝐱𝐜𝐡𝐚𝐧𝐠𝐞 𝐎𝐧𝐥𝐢𝐧𝐞

Exchange Online Plan 1 licenses generally have a primary mailbox capacity of 50 GB. Exchange Online Plan 2 licenses have a capacity of 100 GB. However, this capacity can be extended by using Online Archive. With Exchange Online Plan 2, this capacity is unlimited. Technically speaking, the capacity is limited to 1.5 TB.

An interesting fact is that Microsoft 365 Business Premium licenses, which by default include Exchange Online Plan 1, are also entitled to this feature.

https://www.cswrld.com/2026/01/how-to-enable-auto-expanding-archive-in-exchange-online-and-get-unlimited-mailbox-capacity/

#cswrld #exchangeonline #mailbox #archive

𝗛𝗼𝘄 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆 𝘂𝗽𝗱𝗮𝘁𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗰𝗼𝗺𝗽𝘂𝘁𝗲𝗿𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗜𝗻𝘁𝘂𝗻𝗲

Microsoft Intune does not have any built-in options for updating installed applications on Windows computers.

If you want to update applications on managed computers, you must manually create a new version of the given application and deploy it to all computers. However, this is quite a lot of manual work, and you also have to monitor the availability of new versions of installed applications, which is another lot of manual work.

Read more in the article on my blog 👇 👇
https://www.cswrld.com/2025/08/how-to-update-applications-using-patch-my-pc/

#cswrld #cybersecurityworld #blog #intune #applicationmanagement #appupdates #patchmypc

𝗛𝗼𝘄 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆 𝘂𝗽𝗱𝗮𝘁𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗰𝗼𝗺𝗽𝘂𝘁𝗲𝗿𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗜𝗻𝘁𝘂𝗻𝗲

Microsoft Intune does not have any built-in options for updating installed applications on Windows computers.

If you want to update applications on managed computers, you must manually create a new version of the given application and deploy it to all computers. However, this is quite a lot of manual work, and you also have to monitor the availability of new versions of installed applications, which is another lot of manual work.

Read more in the article on my blog 👇 👇
https://www.cswrld.com/2025/08/how-to-update-applications-using-patch-my-pc/

#cswrld #cybersecurityworld #blog #intune #applicationmanagement #appupdates #patchmypc

𝗛𝗼𝘄 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆 𝘂𝗽𝗱𝗮𝘁𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗰𝗼𝗺𝗽𝘂𝘁𝗲𝗿𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗜𝗻𝘁𝘂𝗻𝗲

Microsoft Intune does not have any built-in options for updating installed applications on Windows computers.

If you want to update applications on managed computers, you must manually create a new version of the given application and deploy it to all computers. However, this is quite a lot of manual work, and you also have to monitor the availability of new versions of installed applications, which is another lot of manual work.

Read more in the article on my blog 👇 👇
https://www.cswrld.com/2025/08/how-to-update-applications-using-patch-my-pc/

#cswrld #cybersecurityworld #blog #intune #applicationmanagement #appupdates #patchmypc

𝗛𝗼𝘄 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆 𝘂𝗽𝗱𝗮𝘁𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗰𝗼𝗺𝗽𝘂𝘁𝗲𝗿𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗜𝗻𝘁𝘂𝗻𝗲

Microsoft Intune does not have any built-in options for updating installed applications on Windows computers.

If you want to update applications on managed computers, you must manually create a new version of the given application and deploy it to all computers. However, this is quite a lot of manual work, and you also have to monitor the availability of new versions of installed applications, which is another lot of manual work.

Read more in the article on my blog 👇 👇
https://www.cswrld.com/2025/08/how-to-update-applications-using-patch-my-pc/

#cswrld #cybersecurityworld #blog #intune #applicationmanagement #appupdates #patchmypc

𝗛𝗼𝘄 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆 𝘂𝗽𝗱𝗮𝘁𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗰𝗼𝗺𝗽𝘂𝘁𝗲𝗿𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗜𝗻𝘁𝘂𝗻𝗲

Microsoft Intune does not have any built-in options for updating installed applications on Windows computers.

If you want to update applications on managed computers, you must manually create a new version of the given application and deploy it to all computers. However, this is quite a lot of manual work, and you also have to monitor the availability of new versions of installed applications, which is another lot of manual work.

Read more in the article on my blog 👇 👇
https://www.cswrld.com/2025/08/how-to-update-applications-using-patch-my-pc/

#cswrld #cybersecurityworld #blog #intune #applicationmanagement #appupdates #patchmypc

𝗛𝗼𝘄 𝘁𝗼 𝗰𝗼𝗹𝗹𝗲𝗰𝘁 𝗰𝘂𝘀𝘁𝗼𝗺 𝗲𝘃𝗲𝗻𝘁 𝗜𝗗𝘀 𝘁𝗼 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗻𝘁𝗶𝗻𝗲𝗹

Microsoft Sentinel is Microsoft's SIEM/SOAR. It is used to collect and evaluate logs.

If you choose to collect security logs from Windows Server, Microsoft Sentinel can collect predefined log sets using the built-in settings. By default, you have the option to select from the predefined sets All Security Events, Common, or Minimal.

However, if you need to collect some custom Event IDs that do not belong to the above built-in categories, or simply want your own set of Event IDs to collect, you can define your own Event IDs using XPath queries.

XPath (XML Path Language) is a query language used for selecting nodes from an XML document. It allows you to navigate through elements and attributes in XML documents, making it a powerful tool for extracting specific pieces of information. XPath is commonly used in combination with XML parsers to filter and locate data based on complex conditions.

Read my blog post bellow 👇 👇
https://www.cswrld.com/2025/06/how-to-collect-custom-event-ids-to-microsoft-sentinel/

#cswrld #sentinel #eventid #logcollection #custom

𝗛𝗼𝘄 𝘁𝗼 𝗱𝗶𝘀𝗮𝗯𝗹𝗲 𝗦𝗲𝗹𝗳-𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗣𝗮𝘀𝘀𝘄𝗼𝗿𝗱 𝗥𝗲𝘀𝗲𝘁 𝗳𝗼𝗿 𝗮𝗱𝗺𝗶𝗻𝗶𝘀𝘁𝗿𝗮𝘁𝗼𝗿𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗻𝘁𝗿𝗮 𝗜𝗗

Self-service password reset can be a useful feature that allows users to access their account in case they forget their password.

On the other hand, it is potentially risky, as a potential attacker may target the self-service password reset feature to gain access to the account. Especially for privileged accounts, this is very risky and therefore I would generally recommend disabling self-service password resets for privileged accounts.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/KIlRPx_9XRA

#cswrld #videotutorial #sspr #passwordreset #entraid #administrators

𝗛𝗼𝘄 𝘁𝗼 𝗯𝗹𝗼𝗰𝗸 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰 𝗲𝗺𝗮𝗶𝗹 𝗳𝗼𝗿𝘄𝗮𝗿𝗱𝗶𝗻𝗴 𝗶𝗻 𝗢𝗳𝗳𝗶𝗰𝗲 𝟯𝟲𝟱

Automatic email forwarding is very risky. First, it can lead to exfiltration of sensitive internal information outside the corporate environment. But it can also cause account compromise, for example through password reset whose code arrives at some external address that may be under the control of an attacker.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/sdjG-gl6Xxs

#cswrld #videotutorial #email #forwarding #office365 #exchangeonline

𝗛𝗼𝘄 𝘁𝗼 𝗯𝗮𝗰𝗸𝘂𝗽 𝗢𝗳𝗳𝗶𝗰𝗲 𝟯𝟲𝟱 𝗱𝗮𝘁𝗮

Right off the bat, you might be wondering why I should back up data from Office 365 when it's a cloud service. Microsoft assures you of high data availability, but the service itself has no built-in backup mechanisms. And that's something to keep in mind.

Office 365 has two levels of recycle bins in it. The first level is user level, and data from this recycle bin can be restored directly by the user. The second level is admin and only an administrator can restore data from this level. You can have litigation hold and in-place hold set up, but that is not available in all plans, and you probably won't activate it on all mailboxes, SharePoint sites and teams in Teams.

📺 Learn more how to backup Office 365 data in my today's video 👇 👇
https://youtu.be/BBEjAKeaRCQ

#videotutorial #cswrld #backup #office365

𝗛𝗼𝘄 𝘁𝗼 𝗯𝗹𝗼𝗰𝗸 𝘀𝗽𝗲𝗰𝗶𝗳𝗶𝗰 𝗳𝗶𝗹𝗲 𝘁𝘆𝗽𝗲𝘀 𝗶𝗻 𝗲𝗺𝗮𝗶𝗹 𝗮𝘁𝘁𝗮𝗰𝗵𝗺𝗲𝗻𝘁𝘀

A very common source of infection is email. Everyone uses email and threat actors take advantage of it. Either in the form of phishing or in the form of malicious attachments.

There are very advanced protection options within Office 365. Whether it be within Exchange Online Protection, which is included in all Office 365 / Exchange Online plans, or within Safe Attachments, which is an extension within Microsoft Defender for Office 365.

But a very effective protection is the very simple blocking of unwanted file types within email attachments. You simply block what is unwanted, making it very easy and effective to block many potentially malicious files.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/dFlD_CH5Kp8

#cswrld #videotutorial #email #attachments #filter #office365 #exchangeonline

𝗛𝗼𝘄 𝘁𝗼 𝗯𝗹𝗼𝗰𝗸 𝘂𝗻𝗸𝗻𝗼𝘄𝗻 𝗽𝗹𝗮𝘁𝗳𝗼𝗿𝗺𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗻𝘁𝗿𝗮 𝗜𝗗

Under conditional access policies, it is possible to block individual device platforms. In general, it is a good idea to eliminate all ways that a potential threat actor could use to compromise the environment. In other words, block everything that is not needed.

This also applies to device platforms within Microsoft Entra ID. For example, if your organization only uses Windows, iOS, and Android, it's a good idea to disable all other platforms. If you also use macOS, you need to add macOS as well, of course.

What I would definitely recommend blocking is Windows Phone and other unknown platforms. Unrecognized / unknown platforms are usually spoofed User Agents, which is mainly used by threat actors.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/vFhQgwXmqTo

#cswrld #videotutorial #entraid #conditionalaccess #platforms #blocking

𝗛𝗼𝘄 𝘁𝗼 𝗯𝗹𝗼𝗰𝗸 𝗻𝗲𝘄𝗹𝘆 𝗿𝗲𝗴𝗶𝘀𝘁𝗲𝗿𝗲𝗱 𝗱𝗼𝗺𝗮𝗶𝗻𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁

Newly registered domains can of course be legitimate. Every domain is new at some point. But usually there isn’t any content on new domains right away – the content is still being developed, and the launch of the site won’t happen for some time.

But newly registered domains are often a tool for phishing attacks. Such domains are usually used in phishing attacks immediately after registration and usually disappear again after a short time, for example because they are cancelled or blocked by the registrar.

Blocking access to newly registered domains is a relatively popular and effective way of eliminating phishing.

It is possible to block newly registered and parked domains within Microsoft Defender for Endpoint. Domains within the first 30 days of registration are considered newly registered.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/oYtDHK90P1M

#cswrld #videotutorial #mde #defender #phishing #newdomains

𝗛𝗼𝘄 𝘁𝗼 𝗿𝗲𝗾𝘂𝗶𝗿𝗲 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝘁 𝗱𝗲𝘃𝗶𝗰𝗲 𝗳𝗼𝗿 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗮𝗰𝗰𝗲𝘀𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗻𝘁𝗿𝗮 𝗜𝗗

Requiring a managed device to access Microsoft 365 services (or generally any apps/services integrated with Microsoft Entra ID) is a very effective method of phishing protection.

This is because in such a case it is not enough for a threat actor to obtain, for example, login credentials through phishing. It is not even enough to somehow obtain or bypass MFA. In such a case, the threat actor would also have to have a managed device from the organization’s tenant. Which should be unrealistic to obtain.

Thus, requiring access from a managed device is a very effective and powerful method of protecting corporate identity. And yet it shouldn’t be too complicated to deploy, since corporate devices should be managed anyway.

📺 Watch my YouTube video on how to require compliant devices via conditional access policies in Microsoft Entra ID 👇 👇
https://youtu.be/mH-8x29xdW0

#cswrld #videotutorial #entraid #devicecompliance #applications

𝐒𝐡𝐨𝐮𝐥𝐝 𝐈 𝐭𝐫𝐮𝐬𝐭 𝐞𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐌𝐅𝐀 𝐨𝐫 𝐧𝐨𝐭 𝐈𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃?

Trust or do not trust external MFA in Microsoft Entra ID? There are different opinions, and I will talk about the pros and cons in this video.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/xjmUay482Mk

#cswrld #videotutorial #mfa #externaltrust #entraid

𝐇𝐨𝐰 𝐭𝐨 𝐭𝐮𝐫𝐧 𝐨𝐧 𝐢𝐧𝐛𝐨𝐮𝐧𝐝 𝐒𝐌𝐓𝐏 𝐃𝐀𝐍𝐄 𝐢𝐧 𝐎𝐟𝐟𝐢𝐜𝐞 365

Inbound SMTP DANE (DNS-Based Authentication of Named Entities) is a security protocol designed to secure email communication by ensuring the authenticity of the receiving mail server's encryption certificates when emails are delivered via the Simple Mail Transfer Protocol (SMTP).

By default, SMTP doesn't guarantee encryption, which makes it vulnerable to man-in-the-middle attacks. To secure email communication, SMTP can use STARTTLS, which upgrades a plain text connection to an encrypted one. However, STARTTLS by itself doesn't verify the authenticity of the receiving mail server's certificate, leaving it vulnerable to attacks where a malicious entity might impersonate the server.

DANE addresses this issue by enabling domain owners to publish their mail server’s encryption certificates in DNS records, which are protected by DNSSEC (Domain Name System Security Extensions). This allows sending mail servers to verify the authenticity of the receiving mail server's certificate before establishing an encrypted connection.

When an email is received, the receiving mail server uses DANE to publish its certificate in the DNS, allowing the sending server to check the certificate's validity before establishing a secure TLS connection. This ensures that emails are delivered over an encrypted connection and that the encryption certificate is trustworthy and has not been tampered with.

📺 Watch my YouTube video bellow on how to run on inbound SMTP DANE in Office 365 👇 👇
https://youtu.be/UEAlyU3CTHk

#cswrld #videotutorial #smtp #inbound #dane #office365

SharePoint sites are used to share data within an organization. Typically, this data is shared within teams or projects.

If it’s data that multiple people work with on a regular basis, then it’s ideal to automatically connect these SharePoint sites to all users who work with the data so that they don’t have to find the SharePoint site themselves and manually set it to sync to their computer.

Automatic synchronization can be easily set up using Microsoft Intune.

📺 Watch my YouTube video bellow on how to automatically map SharePoint sites via Microsoft Intune 👇 👇
https://youtu.be/gAjn6_hb80Y

#cswrld #videotutorial #intune #sharepoint #sitemapping

𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐓𝐚𝐦𝐩𝐞𝐫 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐞𝐱𝐩𝐥𝐚𝐢𝐧𝐞𝐝

Tamper Protection in Microsoft Defender for Endpoint is protection that protects selected settings, such as virus and malware protection. With tamper protection, you cannot disable selected components of Microsoft Defender for Endpoint or change their settings.

In fact, disabling or changing settings on a security product is usually what a threat actor is trying to do. If they were able to deactivate the protection, it would make their subsequent work much easier. This is why it is extremely important to keep tamper protection active.

📺 Watch my YouTube video bellow on Microsoft Defender for Endpoint protection 👇 👇
https://youtu.be/xnC6Ufl025I

#cswrld #mde #videotutorial #defender #tamperprotection

𝐁𝐥𝐨𝐜𝐤𝐢𝐧𝐠 𝐮𝐬𝐞𝐫 𝐜𝐨𝐧𝐬𝐞𝐧𝐭 𝐭𝐨 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃 𝐞𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞 𝐚𝐩𝐩𝐬

Microsoft Entra ID is primarily an identity system for Microsoft applications and services. However, you can also integrate other applications and services with Microsoft Entra ID. And it’s even highly recommended, because you get single sign-on using corporate identity, you don’t have to maintain another separate user account system, you have the ability to apply conditional access policies to these external applications and services, etc.

But the problem is that by default, even a regular user can give consent to an external application to access Microsoft Entra ID and other services tied to it. This is very risky as it can lead to leakage of sensitive internal information as such applications can have arbitrary permissions that the user gives the application access to.

📺 Watch my YouTube video bellow on how to block user consent to Enterprise Apps in Microsoft Entra ID 👇 👇
https://youtu.be/Ht-zcZt9nzM

#cswrld #entraid #enterpriseapps #userconsent #block

𝐁𝐥𝐨𝐜𝐤𝐢𝐧𝐠 𝐮𝐬𝐞𝐫 𝐜𝐨𝐧𝐬𝐞𝐧𝐭 𝐭𝐨 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃 𝐞𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞 𝐚𝐩𝐩𝐬

Microsoft Entra ID is primarily an identity system for Microsoft applications and services. However, you can also integrate other applications and services with Microsoft Entra ID. And it’s even highly recommended, because you get single sign-on using corporate identity, you don’t have to maintain another separate user account system, you have the ability to apply conditional access policies to these external applications and services, etc.

But the problem is that by default, even a regular user can give consent to an external application to access Microsoft Entra ID and other services tied to it. This is very risky as it can lead to leakage of sensitive internal information as such applications can have arbitrary permissions that the user gives the application access to.

📺 Watch my YouTube video bellow on how to block user consent to Enterprise Apps in Microsoft Entra ID 👇 👇
https://youtu.be/Ht-zcZt9nzM

#cswrld #entraid #enterpriseapps #userconsent #block

𝐁𝐥𝐨𝐜𝐤𝐢𝐧𝐠 𝐮𝐬𝐞𝐫 𝐜𝐨𝐧𝐬𝐞𝐧𝐭 𝐭𝐨 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃 𝐞𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞 𝐚𝐩𝐩𝐬

Microsoft Entra ID is primarily an identity system for Microsoft applications and services. However, you can also integrate other applications and services with Microsoft Entra ID. And it’s even highly recommended, because you get single sign-on using corporate identity, you don’t have to maintain another separate user account system, you have the ability to apply conditional access policies to these external applications and services, etc.

But the problem is that by default, even a regular user can give consent to an external application to access Microsoft Entra ID and other services tied to it. This is very risky as it can lead to leakage of sensitive internal information as such applications can have arbitrary permissions that the user gives the application access to.

📺 Watch my YouTube video bellow on how to block user consent to Enterprise Apps in Microsoft Entra ID 👇 👇
https://youtu.be/Ht-zcZt9nzM

#cswrld #entraid #enterpriseapps #userconsent #block

𝐁𝐥𝐨𝐜𝐤𝐢𝐧𝐠 𝐮𝐬𝐞𝐫 𝐜𝐨𝐧𝐬𝐞𝐧𝐭 𝐭𝐨 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃 𝐞𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞 𝐚𝐩𝐩𝐬

Microsoft Entra ID is primarily an identity system for Microsoft applications and services. However, you can also integrate other applications and services with Microsoft Entra ID. And it’s even highly recommended, because you get single sign-on using corporate identity, you don’t have to maintain another separate user account system, you have the ability to apply conditional access policies to these external applications and services, etc.

But the problem is that by default, even a regular user can give consent to an external application to access Microsoft Entra ID and other services tied to it. This is very risky as it can lead to leakage of sensitive internal information as such applications can have arbitrary permissions that the user gives the application access to.

📺 Watch my YouTube video bellow on how to block user consent to Enterprise Apps in Microsoft Entra ID 👇 👇
https://youtu.be/Ht-zcZt9nzM

#cswrld #entraid #enterpriseapps #userconsent #block

𝐓𝐀𝐌𝐏𝐄𝐑 𝐏𝐑𝐎𝐓𝐄𝐂𝐓𝐈𝐎𝐍 𝐅𝐎𝐑 𝐄𝐗𝐂𝐋𝐔𝐒𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓

Antivirus exclusions can do a lot of damage because what is in the exclusions is not monitored and possibly blocked. Exclusions should only be put in with great circumspection and there should be as few exclusions as possible.

Threat actors may try to create their own exclusions within various malware to allow them to run other malware and thus extend their control over the device. Therefore, exclusions need to be carefully protected and fully controlled.

📺 Watch my YouTube video bellow on how to enable tamper protection for exclusions in Microsoft Defender for Endpoint 👇 👇
https://youtu.be/8OjuGuGAXiY

#cswrld #mde #tamperprotection #exclusions #videotutorial

𝐓𝐀𝐌𝐏𝐄𝐑 𝐏𝐑𝐎𝐓𝐄𝐂𝐓𝐈𝐎𝐍 𝐅𝐎𝐑 𝐄𝐗𝐂𝐋𝐔𝐒𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓

Antivirus exclusions can do a lot of damage because what is in the exclusions is not monitored and possibly blocked. Exclusions should only be put in with great circumspection and there should be as few exclusions as possible.

Threat actors may try to create their own exclusions within various malware to allow them to run other malware and thus extend their control over the device. Therefore, exclusions need to be carefully protected and fully controlled.

📺 Watch my YouTube video bellow on how to enable tamper protection for exclusions in Microsoft Defender for Endpoint 👇 👇
https://youtu.be/8OjuGuGAXiY

#cswrld #mde #tamperprotection #exclusions #videotutorial

𝐓𝐀𝐌𝐏𝐄𝐑 𝐏𝐑𝐎𝐓𝐄𝐂𝐓𝐈𝐎𝐍 𝐅𝐎𝐑 𝐄𝐗𝐂𝐋𝐔𝐒𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓

Antivirus exclusions can do a lot of damage because what is in the exclusions is not monitored and possibly blocked. Exclusions should only be put in with great circumspection and there should be as few exclusions as possible.

Threat actors may try to create their own exclusions within various malware to allow them to run other malware and thus extend their control over the device. Therefore, exclusions need to be carefully protected and fully controlled.

📺 Watch my YouTube video bellow on how to enable tamper protection for exclusions in Microsoft Defender for Endpoint 👇 👇
https://youtu.be/8OjuGuGAXiY

#cswrld #mde #tamperprotection #exclusions #videotutorial

𝐓𝐀𝐌𝐏𝐄𝐑 𝐏𝐑𝐎𝐓𝐄𝐂𝐓𝐈𝐎𝐍 𝐅𝐎𝐑 𝐄𝐗𝐂𝐋𝐔𝐒𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓

Antivirus exclusions can do a lot of damage because what is in the exclusions is not monitored and possibly blocked. Exclusions should only be put in with great circumspection and there should be as few exclusions as possible.

Threat actors may try to create their own exclusions within various malware to allow them to run other malware and thus extend their control over the device. Therefore, exclusions need to be carefully protected and fully controlled.

📺 Watch my YouTube video bellow on how to enable tamper protection for exclusions in Microsoft Defender for Endpoint 👇 👇
https://youtu.be/8OjuGuGAXiY

#cswrld #mde #tamperprotection #exclusions #videotutorial

𝐇𝐎𝐖 𝐓𝐎 𝐓𝐔𝐑𝐍 𝐎𝐍 𝐑𝐄𝐏𝐎𝐑𝐓 𝐌𝐎𝐃𝐄 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓 𝐖𝐄𝐁 𝐂𝐎𝐍𝐓𝐄𝐍𝐓 𝐅𝐈𝐋𝐓𝐄𝐑𝐈𝐍𝐆

Web Content Filtering in Microsoft Defender for Endpoint allows you to filter content based on categories. There are a number of predefined categories to choose from. But first, you need to turn on report mode in Microsoft Defender for Endpoint.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/lg3VhjS564k

#cybersecurityworld #cswrld #mde #defender #wcf #contentfiltering #report

𝐇𝐎𝐖 𝐓𝐎 𝐀𝐋𝐋𝐎𝐖 𝐏𝐈𝐍 𝐑𝐄𝐒𝐄𝐓 𝐅𝐎𝐑 𝐖𝐈𝐍𝐃𝐎𝐖𝐒 𝐇𝐄𝐋𝐋𝐎 𝐅𝐎𝐑 𝐁𝐔𝐒𝐈𝐍𝐄𝐒𝐒

PIN is one of the login options in Windows Hello for Business. If a user forgets their PIN, they can reset it. Windows Hello for Business allows two types of PIN reset:
- Destructive PIN reset, which deletes everything in the Windows Hello for Business container. This is a forced reset, but it requires no additional configuration and works by default.
- Non-destructive PIN reset, which requires additional configuration but does not delete the existing Windows Hello for Business container and the keys stored in it.

📺 Watch my YouTube video bellow on how to configure it 👇 👇
https://youtu.be/XdHrajCf-Tk

#cswrld #videotutorial #pinreset #windowshello #whfb

𝐇𝐎𝐖 𝐓𝐎 𝐀𝐋𝐋𝐎𝐖 𝐏𝐈𝐍 𝐑𝐄𝐒𝐄𝐓 𝐅𝐎𝐑 𝐖𝐈𝐍𝐃𝐎𝐖𝐒 𝐇𝐄𝐋𝐋𝐎 𝐅𝐎𝐑 𝐁𝐔𝐒𝐈𝐍𝐄𝐒𝐒

PIN is one of the login options in Windows Hello for Business. If a user forgets their PIN, they can reset it. Windows Hello for Business allows two types of PIN reset:
- Destructive PIN reset, which deletes everything in the Windows Hello for Business container. This is a forced reset, but it requires no additional configuration and works by default.
- Non-destructive PIN reset, which requires additional configuration but does not delete the existing Windows Hello for Business container and the keys stored in it.

📺 Watch my YouTube video bellow on how to configure it 👇 👇
https://youtu.be/XdHrajCf-Tk

#cswrld #videotutorial #pinreset #windowshello #whfb

𝐇𝐎𝐖 𝐓𝐎 𝐀𝐋𝐋𝐎𝐖 𝐏𝐈𝐍 𝐑𝐄𝐒𝐄𝐓 𝐅𝐎𝐑 𝐖𝐈𝐍𝐃𝐎𝐖𝐒 𝐇𝐄𝐋𝐋𝐎 𝐅𝐎𝐑 𝐁𝐔𝐒𝐈𝐍𝐄𝐒𝐒

PIN is one of the login options in Windows Hello for Business. If a user forgets their PIN, they can reset it. Windows Hello for Business allows two types of PIN reset:
- Destructive PIN reset, which deletes everything in the Windows Hello for Business container. This is a forced reset, but it requires no additional configuration and works by default.
- Non-destructive PIN reset, which requires additional configuration but does not delete the existing Windows Hello for Business container and the keys stored in it.

📺 Watch my YouTube video bellow on how to configure it 👇 👇
https://youtu.be/XdHrajCf-Tk

#cswrld #videotutorial #pinreset #windowshello #whfb

𝐇𝐎𝐖 𝐓𝐎 𝐀𝐋𝐋𝐎𝐖 𝐏𝐈𝐍 𝐑𝐄𝐒𝐄𝐓 𝐅𝐎𝐑 𝐖𝐈𝐍𝐃𝐎𝐖𝐒 𝐇𝐄𝐋𝐋𝐎 𝐅𝐎𝐑 𝐁𝐔𝐒𝐈𝐍𝐄𝐒𝐒

PIN is one of the login options in Windows Hello for Business. If a user forgets their PIN, they can reset it. Windows Hello for Business allows two types of PIN reset:
- Destructive PIN reset, which deletes everything in the Windows Hello for Business container. This is a forced reset, but it requires no additional configuration and works by default.
- Non-destructive PIN reset, which requires additional configuration but does not delete the existing Windows Hello for Business container and the keys stored in it.

📺 Watch my YouTube video bellow on how to configure it 👇 👇
https://youtu.be/XdHrajCf-Tk

#cswrld #videotutorial #pinreset #windowshello #whfb

𝐇𝐎𝐖 𝐂𝐎𝐍𝐅𝐈𝐆𝐔𝐑𝐄 𝐆𝐑𝐀𝐃𝐔𝐀𝐋 𝐑𝐎𝐋𝐋𝐎𝐔𝐓 𝐏𝐑𝐎𝐂𝐄𝐒𝐒 𝐅𝐎𝐑 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓

Microsoft Defender for Endpoint supports gradual rollout of all update types – Security Intelligence Updates, Engine Updates, and also Platform Updates.

📺 Watch my YouTube video on how to configure gradual rollout process for the updates 👇 👇
https://youtu.be/DJ6k7BucK7Q

#cswrld #videotutorial #mde #defender #rollout #updates #microsoft

Microsoft announced via the Message Center message ID MC810406 that support is ending for User Enrollment with Company Portal for iOS devices in September 2024.

The reason for this change is that in iOS 18 Apple is no longer supporting profile-based user enrollment, which effectively means the end of support just for user enrollment through the Company Portal app. And given that most of the commonly used iOS/iPadOS devices get the update to iOS 18, it probably doesn't make sense to continue support for user enrollment through the Company Portal app.

📺 Watch my YouTube video bellow for details 👇 👇
https://youtu.be/7uBCGNrU2oA

#cswrld #videotutorial #intune #enrollment #accountdriven #ios #ipados

𝐒𝐌𝐀𝐑𝐓 𝐋𝐎𝐂𝐊𝐎𝐔𝐓𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

Smart Lockouts in Microsoft Entra ID help protect Microsoft Entra ID accounts from password attacks. And smart lockouts are also called smart lockouts because they are smart in the meaning of that they should not negatively impact regular users.

📺 Do you want to learn more about Smart Lockouts in Microsoft Entra ID? Watch my YouTube video bellow 👇 👇
https://youtu.be/7V7BJcqb5CM

#cswrld #smartlockouts #entraid #cybersecurity #videotutorial

𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐄𝐍𝐓𝐄𝐑𝐏𝐑𝐈𝐒𝐄 𝐀𝐏𝐏𝐒 𝐀𝐍𝐃 𝐀𝐏𝐏 𝐑𝐄𝐆𝐈𝐒𝐓𝐑𝐀𝐓𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators don’t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/4ljbruQOOiI

#cswrld #videotutorial #entraid #enterpriseapps #appregistrations

𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐄𝐍𝐓𝐄𝐑𝐏𝐑𝐈𝐒𝐄 𝐀𝐏𝐏𝐒 𝐀𝐍𝐃 𝐀𝐏𝐏 𝐑𝐄𝐆𝐈𝐒𝐓𝐑𝐀𝐓𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators don’t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/4ljbruQOOiI

#cswrld #videotutorial #entraid #enterpriseapps #appregistrations

𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐄𝐍𝐓𝐄𝐑𝐏𝐑𝐈𝐒𝐄 𝐀𝐏𝐏𝐒 𝐀𝐍𝐃 𝐀𝐏𝐏 𝐑𝐄𝐆𝐈𝐒𝐓𝐑𝐀𝐓𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators don’t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/4ljbruQOOiI

#cswrld #videotutorial #entraid #enterpriseapps #appregistrations

𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐄𝐍𝐓𝐄𝐑𝐏𝐑𝐈𝐒𝐄 𝐀𝐏𝐏𝐒 𝐀𝐍𝐃 𝐀𝐏𝐏 𝐑𝐄𝐆𝐈𝐒𝐓𝐑𝐀𝐓𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators don’t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/4ljbruQOOiI

#cswrld #videotutorial #entraid #enterpriseapps #appregistrations

𝐏𝐚𝐬𝐬𝐤𝐞𝐲𝐬 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐨𝐫 𝐚𝐫𝐞 𝐧𝐨𝐰 𝐠𝐞𝐧𝐞𝐫𝐚𝐥𝐥𝐲 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞!

What does it mean? Users can now enroll passkeys in Microsoft Authenticator for their Microsoft Entra ID accounts in the default authentication methods setting. No need for key restrictions anymore!

#cswrld #entraid #passkey #authenticator

𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐌𝐅𝐀 𝐀𝐍𝐃 𝐏𝐇𝐈𝐒𝐇𝐈𝐍𝐆-𝐑𝐄𝐒𝐈𝐒𝐓𝐀𝐍𝐓 𝐌𝐅𝐀

Phishing is a very popular technique of attackers. They trick the user into entering their credentials on some fraudulent site pretending to be a corporate login page, for example to log into Microsoft Entra ID. The user enters their login credentials there and sends them to the attacker.

📺 Watch my YouTube video where I show the difference between MFA and phishing-resistant MFA 👇 👇
https://youtu.be/NGx6tRKtEFI

#cswrld #video #mfa #phishing #authentication #phishingresistant #entraid

𝐇𝐎𝐖 𝐓𝐎 𝐃𝐄𝐏𝐋𝐎𝐘 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓 𝐎𝐍 𝐈𝐎𝐒 𝐕𝐈𝐀 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐈𝐍𝐓𝐔𝐍𝐄

Unlike Android, Microsoft Defender for Endpoint can be installed and configured on Apple iOS in a completely zero-touch mode for the end user via Microsoft Intune. The end user does not need to confirm any settings, permissions or anything else on their iOS/iPadOS device afterwards.

📺 Watch my YouTube video bellow for more details 👇 👇
https://youtu.be/QHJCDr49RhY

#cswrld #intune #videotutorial #mde #defender #ios

𝐇𝐎𝐖 𝐓𝐎 𝐔𝐒𝐄 𝐓𝐄𝐌𝐏𝐎𝐑𝐀𝐑𝐘 𝐀𝐂𝐂𝐄𝐒𝐒 𝐏𝐀𝐒𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

When an organization uses passwordless authentication, they need to figure out how to onboard users. In other words, you need to solve the chicken/egg problem. If a user has not registered any passwordless authentication method, how can they authenticate to register a passwordless authentication method?

Temporary Access Pass (TAP) solves this problem.

📺 Watch my YouTube video bellow on how to use Temporary Access Pass in Microsoft Entra ID 👇 👇
https://youtu.be/AqqvMqNcXRU

#cswrld #entraid #temporaryaccesspass #authentication #tap #videotutorial

𝐇𝐎𝐖 𝐓𝐎 𝐌𝐀𝐍𝐀𝐆𝐄 𝐁𝐑𝐄𝐀𝐊-𝐆𝐋𝐀𝐒𝐒 𝐀𝐂𝐂𝐎𝐔𝐍𝐓𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

When you start tightening the requirements for access to your corporate cloud, it can be easy to accidentally lock yourself out and cut yourself off from access to the admin interface.

Alternatively, some part of Microsoft Entra ID may fail. For example, there have been a couple of times in the past where multi-factor authentication in Microsoft Entra ID has had a failure and you couldn’t authenticate.

That is why you need break-glass accounts.

📺 Watch my YouTube video bellow on how to manage break-glass accounts 👇 👇
https://youtu.be/Q2vicBapspg

#cswrld #breakglass #entraid #accountmanagement

𝐇𝐎𝐖 𝐓𝐎 𝐑𝐄𝐒𝐄𝐓 𝐃𝐎𝐌𝐀𝐈𝐍 𝐀𝐃𝐌𝐈𝐍 𝐏𝐀𝐒𝐒𝐖𝐎𝐑𝐃 𝐎𝐍 𝐀𝐍 𝐀𝐙𝐔𝐑𝐄 𝐕𝐌

There are cases when you forget the local admin password of a machine. Or worse, someone changes your password, such as a threat actor in a cybersecurity incident. This happens, and I’ve been there a few times, where a threat actor started resetting all the admins’ passwords to effectively cut them off so they couldn’t stop the ongoing attack.

With Azure VMs, it is possible to reset passwords directly from the Azure portal. Either by using a PowerShell script or by directly entering a command from the Azure portal. This works for both a local admin account and also a domain admin account if the VM in question is a domain controller.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/Lmug9xI3h24

#cswrld #videotutorial #azurevm #admin #password #reset

Authentication Strengths in Microsoft Entra ID allows you to granularly define authentication requirements for different situations.

Before authentication strengths were available, authentication requirements were defined globally for the entire tenant, and then conditional access policies could just say that multi-factor authentication was required, for example. But it was not possible to define what type of multifactor authentication was required. So anything that was available globally could be used by all users in all situations.

Which was not optimal. There are situations where a less secure authentication method like SMS or TOTP might be enough. But there are situations where we only want to use very secure authentication methods like FIDO2 when someone is logging into a global admin account for example.

Such granularity was not possible before. If SMS authentication was enabled for a given tenant, even the global admin could use SMS for authentication.

Watch my YouTube video bellow for more details 👇 👇
https://youtu.be/8sIX19pbdho

#cswrld #cybersecurity #entraid #authentication #authenticationstrength #conditionalaccess

HOW TO BLOCK TOP-LEVEL DOMAINS VIA MICROSOFT INTUNE

There are multiple ways to block specific domains. The easiest way to do this is within Microsoft Defender for Endpoint using Indicators. However, Indicators does not allow you to block top level domains (TLDs). But what if you want to block the entire top level domain, for example everything on the .ru domain?

In that case, you can use firewall rules in Microsoft Intune.

📺 Watch my YouTube video bellow 👇 👇
https://youtu.be/fRDlsPh1C0g

#cswrld #intune #firewall #domainblock

RECOMMENDED CONDITIONAL ACCESS POLICIES IN MICROSOFT ENTRA ID

Conditional access policies in Microsoft Entra ID allow for very granular security management. The problem is that organizations usually do not have conditional access policies properly defined. There tend to be blind spots, policies don’t cover all applications, all users, and all scenarios.

Many organizations have conditional access policies defined but do not think about them properly. This is because they often target only specific applications or specific users. And when I ask them why the MFA policy only targets Office 365 for example, they tell me they don’t use anything else. Or when I ask why they only target one group of users, they tell me that other users don’t use cloud services.

But that’s just the wrong approach. You are not primarily protecting the services from your users, but from attackers. And just because you don’t use anything other than Office 365 doesn’t mean an attacker will not use it. Or just because some users don’t use cloud services doesn’t mean those accounts can’t be exploited by an attacker. If those apps or accounts exist in the cloud, they need to be protected whether regular users use them or not. Attackers are looking for the most insecure places, the weakest links.

📺 Watch my YouTube video bellow where I talk about the conditional access policies that I recommend implementing 👇 👇
https://youtu.be/LtIgFBDJzXs

#cswrld #videotutorial #entraid #conditionalaccess #recommendation