Retirement of RBAC Application Impersonation Role in Exchange Online

Microsoft’s announcement about the retirement of the application impersonation role in Exchange Online is the response to the Midnight Blizzard attack. Initially, the attackers got in using a password spray attack in a legacy test non-production system that lacks MFA configuration. Then, they compromised a test OAuth app with elevated access in the non-production tenant. Adding…

Control Authentication Flows Using Conditional Access Policy

In this digital world, we can access data from anywhere using any device. Consider accessing an application from your device that asks you to enter your credentials. Some devices have complex authentication processes to enter your credentials which is truly frustrating! Here comes authentication flows in Conditional Access that streamline the authentication process and make it…

Microsoft 365 Copilot – Privacy & Security Impact on User Data

On Day 18 of cybersecurity awareness month, learn how Microsoft addresses the privacy and security concerns when using Microsoft 365 Copilot and how it safeguards user data. Stay tuned for the upcoming blogs in our Cybersecurity blog series. Imagine the digital world with AI where there is no need for taking notes, composing emails, writing creative…

Best Practices to Prevent Security Risks in Azure Shared Access Signatures

On Day 9 of cybersecurity awareness month, learn the best practices and recommendations to prevent security risks associated with Shared Access Signatures in Azure AD. Stay tuned for the upcoming blogs in our Cybersecurity blog series. A few days back, Microsoft made a public disclosure that Microsoft AI researchers had exposed 38TB of private data through…

Reporting Suspicious Messages in M365 Shared and Delegated Mailboxes

Dear admins, the long wait is over! Microsoft announced the extension of support for reporting junk and phishing emails from shared & delegated mailboxes in the Outlook Web App soon. Reporting suspicious emails in Outlook is one of the most prominent features to identify phishing or junk emails received in your organization. Also, reporting suspicious messages…

Password Spray Attack Detection with New Microsoft 365 Defender Alert

Microsoft continues to updating its tools and features to deliver customers the utmost security they can. As a part of this, a new alert for ‘password spray attack originating from single ISP’ has been added in Microsoft 365 Defender portal. Threat actors use various techniques to identify account passwords. One among them is a password…

A Guide to Microsoft 365 Forensic Investigation

On Day 31 of Cybersecurity awareness month, learn how Microsoft helps in forensic investigation and where to find the forensic artifacts today. Stay tuned for more blogs in the Cybersecurity blog series. As Cyberattacks are arising day-by-day, every organization needs to be secure enough to fight against them. Besides all the security measures, attackers can still enter…

Microsoft 365 Alerting – Detect and React to Threats Instantly

On Day 22 of Cybersecurity awareness month, learn to utilize the Microsoft 365 alerting to effectively secure your organization today. Stay tuned for more blogs in the Cybersecurity blog series. Should admins stay up to date? Do they really need to know what’s going on in the organization?   Of course, yes! Nowadays, cyber threats are…

Prohibit Unmanaged Devices Accessing SharePoint and OneDrive to Prevent Data Exposure

On Day 15 of Cybersecurity awareness month, learn to protect your organizations’ data from unmanaged devices today. Stay tuned for more blogs in the Cybersecurity blog series. Every organization wants to protect its data securely from cyber criminals. For securing data, the organization implements various security measures, enforces policies, and more. Coming to Microsoft 365,…

A Guide to SPF, DKIM, and DMARC to Prevent Spoofing

On Day 11 of Cybersecurity awareness month, learn to secure your domain from being spoofed today. Stay tuned for more blogs in the Office 365 Cybersecurity blog series. Nowadays, impersonation attacks like phishing, spoofing, etc., have become more common. As the usage of third-party tools has become massive, there are more chances of our identity…

Follow us!