Freshly brewed with Microsoft Azure and Microsoft 365

Tag: Microsoft Tenant Hardening Page 1 of 6

Are you looking for information about Microsoft Tenant Hardening? In this archive you will find all our posts about Microsoft Tenant Hardening.

Show First Contact Safety Tip in Email

First Contact Safety Tip is a feature in Microsoft Office 365 to better protect users from phishing attacks. First Contact Safety Tip is part of Microsoft Defender for Office 365 or Exchange Online Protection and helps users detect fake or fraudulent mails.

If a suspicious email is received, the email will have a warning in the header informing the user that it may be phishing email. The warning is shown in one of the following cases:
– the sender sends an email to the mailbox for the first time
– the sender very rarely sends an email to this mailbox

Deploy Azure Bastion and shareable links

With Azure Bastion and shareable links deployment, RDP and SSH connections to virtual machines in Azure can be made quickly and securely from anywhere. The virtual machines do not need a public IP address, agents or other software, and the time-consuming management of NSGs (network security groups) or VPNs is also eliminated.

Azure Bastion uses a web client based on HTML5 that uses TLS over port 443 and is a PaaS (Platform-as-a-Service) service. Regular updated and managed by Microsoft, this Azure service provides an extra layer of protection against zero-day exploits.

Windows LAPS in Microsoft Intune

Windows LAPS (Local Administrator Password Solution) provides centralized, simple and secure management of local administrator passwords in Microsoft Intune. Each device receives its own temporary administrator password. Windows LAPS automatically manages the administrator passwords in terms of expiration and rotation. Local administrator passwords are stored in either Azure Active Directory or local Active Directory.

Windows LAPS thus offers, for example, higher protection against pass-the-hash and lateral traversal attacks.

Setting up SPF, DKIM and DMARC in Exchange Online

SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain based Message Authentication, Reporting and Conformance) are used to check email messages. In combination, the three procedures achieve a high level of security with regard to the authenticity of the sender and content of an email.

This guide sets up SPF, DKIM and DMARC for Exchange Online.

Protect Azure resources from accidental deletion with Azure Resource Locks

Azure Resource Locks can be used to easily and effectively protect Azure subscriptions, resource groups or individual resources from accidental deletion. The lock overrides any user permissions.

This guide shows how to enable Azure Resource Locks and which properties can be configured.

Page 1 of 6

Powered by WordPress & Theme by Anders Norén