Category: Zero trust

Graph activity logs is now generally available

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 11/04/2024
Posted in Azure, Entra ID, Microsoft Graph, Microsoft Purview, Security, Zero trust

What you do with it? Privileges To access the Microsoft Graph activity logs, you need the following privileges. What information is available? Column Type Description AadTenantId string The Azure AD tenant ID. ApiVersion string The API version of the event….

Continue Reading Graph activity logs is now generally available

Deep dive on Copilots and Security

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 23/03/2024
Posted in Azure, Entitlement management, Identity, Microsoft Purview, Security, Zero trust

Microsoft Copilots Microsoft Copilot isn’t a single service, but rather a suite of AI-powered assistants designed to enhance productivity and security across various Microsoft products and services. Here’s a breakdown of the different Copilots available: Security Copilot architecture, I could…

Continue Reading Deep dive on Copilots and Security

My tenant has Security defaults enabled and I want to disable them. What to do?

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 10/03/2024
Posted in Azure, Conditional access, Entra ID, IAM, Identity, Security, Zero trust

First things first, Security defaults were automatically enabled for all new tenants created after October 22, 2019. This was to ensure a strong security posture right from the start for all users. Set the stage Let’s imagine this scenario. You…

Continue Reading My tenant has Security defaults enabled and I want to disable them. What to do?

Security Service Edge (SSE) in a secure access service edge Framework (SSA)

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 14/09/2023
Posted in Application Proxy, Azure, Entra, Entra GSA, Identity, Security, Zero trust

In this post I will cover two different providers for SSE and in my opinion these are the top notch ones. Let’s me explain why and then you disagree or agree, just giving my opinion. But first let’s see what…

Continue Reading Security Service Edge (SSE) in a secure access service edge Framework (SSA)

Azure AD Privileged Identity Management and new features

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 08/03/2023 0 Comments on Azure AD Privileged Identity Management and new features
Posted in Authentication methods, Azure, Azure AD, Conditional access, Identity, Identity Platform, Microsoft Purview, PIM, Security, Zero trust

What is PIM? PIM has and will be a backbone for permission Just In Time access in Microsoft based environments. You can easily assign Permanent roles but also Eligible roles for admins and define timeout for the roles. They either…

Continue Reading Azure AD Privileged Identity Management and new features

Section 4 – Mitigate identity threats part 2 of 2

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 05/03/2023 0 Comments on Section 4 – Mitigate identity threats part 2 of 2
Posted in Active Directory, ADFS, Authentication methods, Azure, Azure AD, Certificates, Conditional access, Cross-tenant, Defender, Entra, Hybrid, Identity, On-premises, SC-200, Security, Zero trust

Identity protecting is challenging if you don’t know what you should protect and when you do, you should know how to protect it. In the second part we will be discovering more on Conditional Access as a dynamic boundary in…

Continue Reading Section 4 – Mitigate identity threats part 2 of 2

Number matching and Authentication methods why you should enable them?

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 02/02/2023 0 Comments on Number matching and Authentication methods why you should enable them?
Posted in Azure, Azure AD, Entra, Identity, Migrate, Security, Zero trust

Two upcoming changes coming to the tenant near you! Number matching will be enforced. Also SSPR and legacy MFA policies will be deprecated (phased). Don’t act too late on either of them. If you need to educate users, you can…

Continue Reading Number matching and Authentication methods why you should enable them?

Conditional Access templates (Preview) and other tips on the side

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 07/12/2022 0 Comments on Conditional Access templates (Preview) and other tips on the side
Posted in Authentication methods, Azure, Azure AD, Identity, Microsoft 365, Security, Zero trust

First, I want to mention Microsoft Entra admin center and the announcement Microsoft made about it. You should care about it because starting from 2023 new capabilities will be rolled out to Entra. Also in December Microsoft started redirects when…

Continue Reading Conditional Access templates (Preview) and other tips on the side

Section 7 – Design a strategy for data and applications – Specify security requirements for applications and design a strategy for securing data

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 07/09/2022 0 Comments on Section 7 – Design a strategy for data and applications – Specify security requirements for applications and design a strategy for securing data
Posted in Azure, Azure AD, Azure Policy, DevOps, Exchange, Identity, Identity Platform, Key vault, Microsoft 365, Microsoft Purview, Microsoft Sentinel, Security, Storage, Zero trust

And there you have it, this is the last section in my study guide. This time made longer posts, hopefully they weren’t too long to read. Stay tuned for more! Specify priorities for mitigating threats to applications. Specify a security…

Continue Reading Section 7 – Design a strategy for data and applications – Specify security requirements for applications and design a strategy for securing data

Section 6 – Design security for infrastructure – Design a strategy for securing SaaS, PaaS, and IaaS services

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 31/08/2022 0 Comments on Section 6 – Design security for infrastructure – Design a strategy for securing SaaS, PaaS, and IaaS services
Posted in Azure, Defender, Key vault, Security, SQL, Zero trust

Time for the next section to my SC-100 study guide: Specify security baselines for SaaS, PaaS, and IaaS services Specify security requirements for IoT workloads Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse and Azure…

Continue Reading Section 6 – Design security for infrastructure – Design a strategy for securing SaaS, PaaS, and IaaS services