Category: Security and Compliance
Episode 103 – Microsoft 365 Unified Audit Log
In this episode, we take a comprehensive plunge into the Microsoft Purview Unified Audit log, unraveling its capacity to enable organizations in vigilant monitoring and meticulous activity tracking. Our dialogue encompasses the significance of Microsoft Purview Audit Premium, set to be free with E3 or E5 this September. We also discuss the Storm-0558 threat that took place in July 2023, and how Microsoft responded to mitigate this issue. Moreover, we outline the distinct divergences within the Audit logs, contingent on the utilization of either an E3 or E5 license.
Important links:
- Analysis of Storm-0558 techniques for unauthorized email access: https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/
- Microsoft Blog announcing the new change to audit events that are available with standard licenses: https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-HD0Iy8FEe1Ypa.QDOprQkQ&epi=TnL5HPStwNw-HD0Iy8FEe1Ypa.QDOprQkQ&irgwc=1&OCID=AIDcmm549zy227_aff_7593_1243925&tduid=%28ir__cevxmjhgxskfdzrubqrmalsqxe2xepde1rz1h9g900%29%287593%29%281243925%29%28TnL5HPStwNw-HD0Iy8FEe1Ypa.QDOprQkQ%29%28%29&irclickid=_cevxmjhgxskfdzrubqrmalsqxe2xepde1rz1h9g900
- Microsoft’s Threat Intelligence Blog: https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/?sort-by=newest-oldest&date=any
Episode # 85 – What’s the best way to manage Azure Conditional Access Policies?
In this episode, we discuss what is Azure Conditional Access Policies, how to manage them and the best way to deploy them. We talk about how you can test your policies before you make them active, how to keep your tenant clean and Antonio’s top three policies.
Episode # 79 – What is Microsoft Defender?
In this episode we go deep dive answering a question from our audience about what does Microsoft Defender do? Antonio gives it a great overview of the Microsoft Defender family: Defender of Office 365, Defender for endpoint, Defender for identity, Defender for Cloud Apps, Defender for cloud, and Defender for IoT. Then we go in details explaining each service for Defender.
Episode # 69 – How do you protect Global Admin accounts ?
In this episode, we discuss the best practices managing Global Admin accounts, how to properly secure them and steps to make sure you protect confidential information from Global Admins. We review few secure methods that can prevent illegal access to your tenant, and you can control this privileged access to your content.
Episode # 68 – How often do you re-certify/re-attest your content in M365
In this episode we discuss re-certifying or re-attesting your content in Microsoft 365 to meet compliance or regulation within your organization. Often, companies would like to have the content owners to re-validate their content permission, to make sure the content is only accessible by the right people. We discuss the options to re-attest the content and what options are taken against old content.
Episode # 67 – Should we use OneDrive, Teams or SharePoint to share important corporate documents
In this episode we address this question from one of our listeners: We are just beginning to use office365. We have our important documents in OneDrive. We wish to share these files with others. Should we jump to teams? Or can we start sharing the files on SharePoint.
We review the options of sharing files from OneDrive or SharePoint, and where is the best to collaborate and co-author documents. We discuss the pros and cons of each option, and we give our recommendation, taken into consideration compliance around the documents.
Episode # 63 – Manage offline document with sensitivity label/MIP enabled of a terminated employee
A common question from our listener is how to protect offline documents downloaded by the users after they no longer work for the organization. We discuss in this episode options with security labels with Microsoft Information Protection and what is the best way to protect the company’s content. We review different scenarios and of course we recommend a process to control and protect sensitive information whether it is in an online or offline mode.
Episode #51 – Discussing security with Matt Soseman
In this episode, we are excited to have Matt Soseman, Senior Security Architect at Microsoft , to discuss Security within Microsoft 365. Lots of great information from Matt regarding best practices, how to approach securing your tenant, and how you need to think your security settings. We talked about MCAS, MIP labels, DLP policies and many other goodies around security guidelines.
Episode # 46 – Using Default Labels in Microsoft Information Protection
In this episode we are answering a question whether organizations user a default label when using Microsoft Information Protection. We dive into the details of MIP, what are the most commonly deployed labels, how to configure them and more information on how you can secure your data with MIP.
Episode # 45 – Discussing Compliance with Joanne Klein
We are excited to host Joanne Klein, Microsoft MVP, Advanced Compliance Specialist, and part of the Microsoft Blackbelt team, to discuss compliance in M365. In this episode, Joanne shares with us her thoughts and experience about the M365 compliance platform. We talk in detail about Information Protection, Retention, Records Management, File plan, and best practices to deploy compliance at a large scale.