MFA

Securing Admin roles in Azure Active Directory

Tuesday, July 14, 2020

I’m going to continue my recent look at securing your Office 365/Azure AD directory with a quick dive into using Conditional Access rules to protect your directory’s most prized asset - accounts with admin roles. These are roles that can be used to accomplish admin tasks within your organisation’s Office 365/Azure AD and Azure estate and they are important because they are essentially the keys to the kingdom. While you should be looking to secure all your accounts because all your users probably have access to sensitive information, systems or services; admin accounts are the accounts that give their user access to your entire estate in one or two leaps.

Continue reading →

Using Passwordless for Office 365

Sunday, July 5, 2020

As the pace of attacks continues against companies who use online services, major IAM providers such as Microsoft and Okta are looking for ways to improve theirs and your security game. I was fortunate enough to attend the 2019 Okta forum in London and one of the drums Okta beat throughout the entire presentation was Passwordless Authentication. Microsoft are also recommending this as a major improvement to Office 365/Azure security even on top of MFA.

Continue reading →

Azure Conditional Access for Chromebooks

Friday, July 3, 2020

I suspect most of you reading this article will already know this, but part of Microsoft’s Azure AD (AAD) / Office 365 Cloud directory service that you get when you pay for premium AAD is Conditional Access (CA), which can be used to allow quite sophisticated access controls for accessing Office 365 resources. Of course, you get basic Office 365 MFA with the basic Office 365 enterprise product, and you should absolutely look into enrolling your users and turning this on straight away if that is what you have.

Continue reading →