Microsoft Tenant Hardening
Are you looking for information about Microsoft Tenant Hardening? In this archive you will find all our posts about Microsoft Tenant Hardening.
Setting up SPF, DKIM and DMARC in Exchange Online
SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain based Message Authentication, Reporting and Conformance) are used to check email messages. In combination, the three procedures achieve a high level of security with regard to the authenticity of the sender and content of an email. This guide sets up SPF, DKIM and DMARC for Exchange Online.
Protect Azure resources from accidental deletion with Azure Resource Locks
Azure Resource Locks can be used to easily and effectively protect Azure subscriptions, resource groups or individual resources from accidental deletion. The lock overrides any user permissions. This guide shows how to enable Azure Resource Locks and which properties can be configured.
Passwordless Sign In with Microsoft Entra ID (Azure AD) and YubiKey (FIDO2)
Passwordless Sign In with a FIDO2-enabled security key such as a YubiKey in conjunction with Microsoft Entra ID (Azure AD) provides high security while maintaining ease of use. There is no longer any need to enter a username and password. For users with private mobile devices who do not want to install the Microsoft Authenticator app, a security key from YubiKey offers a good alternative. This tutorial sets up a YubiKey 5 security key for passwordless sign in to Microsoft Azure and Microsoft 365 services.
Azure AD B2B Direct Connect for shared channels in Microsoft Teams
Microsoft offers with Azure AD B2B Direct Connect for shared channels in Microsoft Teams a feature that simplifies management for collaboration with external partners in teams. Until the release of Azure AD B2B Direct Connect, an external partner was invited to the tenant as a guest and authorized in Microsoft Teams (Azure AD B2B Collaboration). The external partner then received an email with instructions for further steps. When looking in to the own Azure Active Directory everyone notes: each external user gets a guest account in our own Azure Active Directory. Whether the guest account is still in use or not, it will always remain in Azure Active Directory until…
Exchange Online: Mail encryption with Information Rights Management (IRM)
Confidential information such as contracts, financial reports, employee or customer data is often exchanged via email. These emails are mostly not encrypted. With Information Rights Management (IRM), encrypted emails can be sent and received between people inside and outside your organization. Sent emails and their replies are encrypted automatically with transport rules or manually from Exchange Online email client (Outlook and Outlook.com). Information Rights Management (IRM) ensures that only intended recipients can open and read the message. It is also possible to prevent emails from being forwarded, printed or parts of them copied. Message encryption works with Outlook, Outlook.com, Gmail and many other popular email services.