How to Enable “Security Defaults” in Azure and Office 365

Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS

What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to perform multi-factor authentication.
  • Blocking legacy authentication protocols.
  • Requiring users to perform multi-factor authentication when necessary.
  • Protecting privileged activities like access to the Azure portal.

Azure Active Directory security defaults | Microsoft Docs

How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save

Useful links:

Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine

Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)

MS-101: Microsoft 365 Mobility and Security – EXAM PASSED!!!

MS-101: Microsoft 365 Mobility and Security

EXAM PASSED!!!

#MS365 #Security #365Security #CertifiedProfessional #CloudSecurity #CloudFamily #CyberSecurity #Microsoft365 #MicrosoftCloud #Microsoft #alwaysbelearning #MS101 #EXAM #PASSED 

EXO V2 Module – Microsoft 365 Exchange Online – PowerShell Module

EXO v2 Exchange Online PowerShell Module download here

Some PowerShell commands to help you manage your Microsof 365 Exchange. 

More information on the Microsoft Site here

How to load the EXO v2 Module

Run PowerShell ( I used the ISE) as Administrator    (+ be connected to the Internet)

Install-Module -Name ExchangeOnlineManagement    #Execute this command

You will need to say “Yes to All” on Trust the repository prompt (Well that’s what I needed to do)

How do you connect to Exchange Online

Connect-ExchangeOnline -EnableErrorReporting -LogDirectoryPath C:\temp\logs –LogLevel All

Enter your tenancy credentials

(This will work and prompt for MFA enabled accounts.)

Example EXO V2 PowerShell Commands

Example 1 – Return Mailbox details for a specific user command (Settings you might see in Active Directory)

Get-EXOMailbox -Identity <ENTER EMAIL ADDRESS HERE> -Properties DisplayName,EmailAddresses,Alias

Example 2 – Return Mailbox details for a specific user command ( Settings like MAPI & POP status, Email Addresses)

Get-EXOCASMailbox -Identity “< ENTER EMAIL ADDRESS HERE >” 

Example 3 – Check User Permissions

Get-EXOMailboxPermission -Identity “< ENTER EMAIL ADDRESS HERE >”


Example 4 – What Devices have accessed the mailbox.

This showed multiple devices and which supported remote wipe. If you are reviewing security footprint and what devices have access corporate email, this is a good starting point.

Get-EXOMobileDeviceStatistics -Mailbox “< ENTER EMAIL ADDRESS HERE >” -ActiveSync


Then finally how to Disconnect

DisConnect-ExchangeOnline

Then select “Yes to All”

Disconnected Successfully

Office 365 – Alert Policy – Detected Malware in File – OneDrive or SharePoint

Security and Compliance Admin Center in Office 365 you can create alert policys.

Todays challenge was to setup an Alert Policy so an admin is notifed if a user adds a file to OneDrive or SharePoint containing Malware.

Start in “Office 365 Security & Compliance > Alerts Dashboard > New Alert Policy

I started by creating an Alert, selecting Threat Management & High Severity

Set the Trigger “Detected malware in file”

Select the Admins to be notified. I set a daily limit notification limit of 5 so I’m not get overloaded with the same alert.

Then “Finish” you have the option to turn the policy on or off

View “Alert polices”