How to Enable “Security Defaults” in Azure and Office 365

Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS

What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to perform multi-factor authentication.
  • Blocking legacy authentication protocols.
  • Requiring users to perform multi-factor authentication when necessary.
  • Protecting privileged activities like access to the Azure portal.

Azure Active Directory security defaults | Microsoft Docs

How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save

Useful links:

Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine

Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)

MS365 – Azure AD – Dynamic Groups and Expiration Settings

Maintain groups in Azure AD with dynamic groups and set expiration settings.

Example scenario : Controlling remote access to sub contractors working on a short term project. The project owner should remove all access for sub contractors after the project completes

How to guide :

If we combine Dynamic Groups and Expiration settings, we can automatically populate groups and then invoke regular check to maintain groups are still required. Group owners will be reminded regularly to verify groups are required. Owners will have a better understanding of who has access and this help assist with your security policies.

Dynamic Group Example

Steps: Azure Active Directory > New Group > Type : Office 365 > Name, Description, Dynamic User > Owner > Dynamic user Members

Group Name : Sub Contractors    – Set the value for department equals “Sub Contractor”

Dynamic User Members    – Add Experssion

(user.department -eq “Sub Contractor”)

Configure Group lifetime / Expiration Settings

Steps: Azure Active Directory > Groups > Expiration > Days > No Owner email > Selected > Group > Save

“Renewal notifications are emailed to group owners 30 days, 15 days, and one day prior to group expiration. Group owners must have Exchange licenses to receive notification emails. If a group is not renewed, it is deleted along with its associated content from sources such as Outlook, SharePoint, Teams, and PowerBI.” Info from the portal Expiration settings.

MS-101: Microsoft 365 Mobility and Security – EXAM PASSED!!!

MS-101: Microsoft 365 Mobility and Security

EXAM PASSED!!!

#MS365 #Security #365Security #CertifiedProfessional #CloudSecurity #CloudFamily #CyberSecurity #Microsoft365 #MicrosoftCloud #Microsoft #alwaysbelearning #MS101 #EXAM #PASSED 

Outlook Credentials Flashing and Closing Constantly

Challenge : Outlook would connect to one MS365 mailbox but then started constantly flashing for authentication for the disconnected Hotmail mailbox, but the credentials window disappears before being able to click on the box to enter a password.

Cause : Unknown ? Clash of accounts? Glitch in the Matrix?

Solution : More of a workaround solution.

  • Close Outlook
  • Open Word > Create a blank document
  • File > Account > Sign Out

  • Then click sign in, Username and Password prompts. Log in and authenticate.
  • Close Word
  • Open Outlook and everything worked as normal.