Troubleshooting
Are you looking for information about troubleshooting in Microsoft Azure and Microsoft 365? In this archive you will find all our posts about force configuration.
Windows LAPS in Microsoft Intune
Windows LAPS (Local Administrator Password Solution) provides centralized, simple, and secure management of local administrator passwords through Microsoft Intune. Each device receives its own, time-limited local administrator password. Windows LAPS independently manages the administrator passwords in terms of expiration and rotation. The passwords are stored either in Microsoft Entra ID (formerly Azure Active Directory) or in the local Active Directory. The centralized management of all local administrator passwords simplifies control and monitoring. The time-controlled rotation of passwords significantly reduces their exposure duration. In addition, access to the stored passwords is strictly controlled, which makes unauthorized access more difficult and overall increases the security of the network environment.
Azure AD B2B Direct Connect for shared channels in Microsoft Teams
Microsoft offers with Azure AD B2B Direct Connect for shared channels in Microsoft Teams a feature that simplifies management for collaboration with external partners in teams. Until the release of Azure AD B2B Direct Connect, an external partner was invited to the tenant as a guest and authorized in Microsoft Teams (Azure AD B2B Collaboration). The external partner then received an email with instructions for further steps. When looking in to the own Azure Active Directory everyone notes: each external user gets a guest account in our own Azure Active Directory. Whether the guest account is still in use or not, it will always remain in Azure Active Directory until…
Exchange Online: Mail encryption with Information Rights Management (IRM)
Confidential information such as contracts, financial reports, employee or customer data is often exchanged via email. These emails are mostly not encrypted. With Information Rights Management (IRM), encrypted emails can be sent and received between people inside and outside your organization. Sent emails and their replies are encrypted automatically with transport rules or manually from Exchange Online email client (Outlook and Outlook.com). Information Rights Management (IRM) ensures that only intended recipients can open and read the message. It is also possible to prevent emails from being forwarded, printed or parts of them copied. Message encryption works with Outlook, Outlook.com, Gmail and many other popular email services.
Disabling Basic Auth: Microsoft 365 SMTP Relay for Non-TLS Devices
As of October 1, 2022, basic athentication (legacy authentication) will be disabled for EWS, RPS, POP, IMAP, MAPI, RPC, OAB, SMTP AUTH, and EAS protocols in Exchange Online. The basic authentication is a big security issue, since a user name and password are already sufficient for sign in. After deactivating basic authentication, modern authentication (based on OAuth 2.0) becomes active. Modern authentication requires a second factor (multi-factor authentication).
Passwordless Sign In with Microsoft Authenticator App
Passwordless sign in with the Microsoft Authenticator App makes sign in to Azure and Microsoft 365 cloud services more secure and convenient for the user. The typing of a password is replaced by a modern method, e.g. the Microsoft Authenticator app. Passwordless sign-in to cloud apps can be achieved using various methods: For a significant increase of identities security, the cost-effective variant with the Microsoft Authenticator App is the best choice.