Category Conditional Access

Block Downloads In MS TEAMS Thick Client For Non Managed Computers

How to remove the download, save as or print option from the MS Teams thick client application on unmanaged device, logged into your corporate tenancy via a conditional access policy.

  1. Create a group : Block_Teams_Thick_Client_Downloads
  2. Add users to the group you want to block access to download, save as or print.
  3. Create a new conditional access policy – Example : Block Teams Thick Client Downloads
    1. Users and Groups add “Block_Teams_Thick_Client_Downloads”
    2. Cloud Apps or Actions – Select Apps – MS Teams
    3. Conditions – Select Client Apps> Configure >Yes> Tick : Mobile Apps, Exchange and Other Clients. Untick Browser.
    4. Device state (Currently in preview) > Set exclude > Tick : Hybrid Azure AD joined and Device marked as compliant
    5. Grant – Select > Block Access and For Multiple controls > “Require one of the selected controls”

Useful links:

Block Access From Unmanaged Devices To SharePoint or Specific Sites

Block Access From Unmanaged Devices To SharePoint

From SharePoint Admin Center > Polices > Access Control

Click Unmanaged Devices

Note “To use this setting, get a subscription to Enterprise Mobility + Security and assign a license to yourself. ” See Microsoft Endpoint Manager | Microsoft 365 for more information

Select Block Access > Save

Block Access From Unmanaged Devices To SharePoint Specific Sites and Limit access using PowerShell.

Examples block download, save and print on unmanaged devices for a specific SharePoint site (SharePoint, OneDrive)

  • Limit access to a single site: Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site or OneDrive account> -ConditionalAccessPolicy AllowLimitedAccess

     

  • Block access to a single site: Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site or OneDrive account> -ConditionalAccessPolicy BlockAccess

     

  • Update multiple sites at once: (Get-SPOSite -IncludePersonalSite
    $true -Limit all -Filter
    “Url -like ‘-my.sharepoint.com/personal/'”) | Set-SPOTenant -ConditionalAccessPolicy AllowLimitedAccess

How to Enable “Security Defaults” in Azure and Office 365

Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS

What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to perform multi-factor authentication.
  • Blocking legacy authentication protocols.
  • Requiring users to perform multi-factor authentication when necessary.
  • Protecting privileged activities like access to the Azure portal.

Azure Active Directory security defaults | Microsoft Docs

How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save

Useful links:

Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine

Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)

Microsoft Azure Security – Study Notes

A collection of all my study notes and lab work while working towards passing the badge Microsoft Certified Security Engineer Associate by passing the AZ-500 exam

These notes are in no order and are not focused towards any exam content other than sharing my experience of configuring and automating security within Azure in the run up to the final exam.

  1. Azure – Setup Azure Blueprints
  2. Azure – Advisor
  3. Azure – AD Identity Protection
  4. Azure – Install and Configure Antimalware On A Virtual Machine
  5. Creating Security Baselines In Microsoft Azure
  6. Azure – Log Analytics Workspace and AzureVirtual Machine Agent Install
  7. Azure – Access Control and Role Assignment
  8. Azure – Configure Management Locks – Prevent Accidental Deletion Of Core Resources
  9. AZURE – Control Storage Access by Networks
  10. Azure – Update Management
  11. Azure – Monitoring Alert On Virtual Machine CPU Usage
  12. Azure – Register An Application in AD and Generate App Password
  13. Azure – Activity Log
  14. Azure – Route Tables – How To Force Traffic Down A Specific Route
  15. Azure – Content Trust in ACR and Roles
  16. Azure – Creating Key Vaults
  17. Azure – Create Kubernetes Cluster with ACR Integration
  18. Azure – Monitor / Alerts – Create Action Group to Notify Admin/User by SMS & Email
  19. Azure – Security Center and Pricing
  20. Azure Conditional Access Policies – Greyed Out
  21. Azure – Configure Web App Custom Domain and TLS
  22. Azure – Configure Web App and Licenses
  23. AZ-500: Microsoft Azure Security Technologies – EXAM PASSED!!!

Azure Conditional Access Policies – Greyed Out

Problem : Azure Conditional Access + “New policy” is greyed out.

Reason : To use Azure Conditional Access Policies, you require “Azure AD Premium”

Solution : License and Setup Azure AD Premium. You are able to setup Azure AD Premium on a 30 Day trial before incurring additional costs

Activate using Free 30 day trial option shown below.

AZ-103: Microsoft Azure Administrator – EXAM PASSED!!!

Jan 16, 2020

AZ-103: Microsoft Azure ADMINISTRATOR

EXAM PASSED!!!

#Azure #Administrator #CertifiedProfessional #MicrosoftAzure #MicrosoftCloud #Microsoft #alwaysbelearning #AZ103 #EXAM #PASSED