Microsoft Tenant Hardening
Are you looking for information about Microsoft Tenant Hardening? In this archive you will find all our posts about Microsoft Tenant Hardening.
-
Windows LAPS in Microsoft Intune
Windows LAPS (Local Administrator Password Solution) provides centralized, simple, and secure management of local administrator passwords through Microsoft Intune. Each device receives its own, time-limited local administrator password. Windows LAPS independently manages the administrator passwords in terms of expiration and rotation. The passwords are stored either in Microsoft Entra ID (formerly Azure Active Directory) or in the local Active Directory. The centralized management of all local administrator passwords simplifies control and monitoring. The time-controlled rotation of passwords significantly reduces their exposure duration. In addition, access to the stored passwords is strictly controlled, which makes unauthorized access more difficult and overall increases the security of the network environment.
-
Show First Contact Safety Tip in Email
First Contact Safety Tip is a feature in Microsoft Office 365 to better protect users from phishing attacks. First Contact Safety Tip is part of Microsoft Defender for Office 365 or Exchange Online Protection and helps users detect fake or fraudulent mails. If a suspicious email is received, the email will have a warning in the header informing the user that it may be phishing email. The warning is shown in one of the following cases:– the sender sends an email to the mailbox for the first time– the sender very rarely sends an email to this mailbox
-
Deploy Azure Bastion and shareable links
With Azure Bastion and shareable links deployment, RDP and SSH connections to virtual machines in Azure can be made quickly and securely from anywhere. The virtual machines do not need a public IP address, agents or other software, and the time-consuming management of NSGs (network security groups) or VPNs is also eliminated. Azure Bastion uses a web client based on HTML5 that uses TLS over port 443 and is a PaaS (Platform-as-a-Service) service. Regular updated and managed by Microsoft, this Azure service provides an extra layer of protection against zero-day exploits.
-
Setting up SPF, DKIM and DMARC in Exchange Online
SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain based Message Authentication, Reporting and Conformance) are used to check email messages. In combination, the three procedures achieve a high level of security with regard to the authenticity of the sender and content of an email. This guide sets up SPF, DKIM and DMARC for Exchange Online.
-
Protect Azure resources from accidental deletion with Azure Resource Locks
Azure Resource Locks can be used to easily and effectively protect Azure subscriptions, resource groups or individual resources from accidental deletion. The lock overrides any user permissions. This guide shows how to enable Azure Resource Locks and which properties can be configured.
-
Passwordless Sign In with Microsoft Entra ID (Azure AD) and YubiKey (FIDO2)
Passwordless Sign In with a FIDO2-enabled security key such as a YubiKey in conjunction with Microsoft Entra ID (Azure AD) provides high security while maintaining ease of use. There is no longer any need to enter a username and password. For users with private mobile devices who do not want to install the Microsoft Authenticator app, a security key from YubiKey offers a good alternative. This tutorial sets up a YubiKey 5 security key for passwordless sign in to Microsoft Azure and Microsoft 365 services.