Skip to main content

Announcing #WMUG_NL Tuesdays Webinar 10 featuring Ronny de Jong on Tuesday September 15th

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call WMUG_NL Tuesdays Webinars.

We hope you enjoyed your holiday even in these strange times, we from the WMUG_NL did and are looking forward to organize meetings again for our still growing community.

For tomorrow, September 15th we are proud to announce that Ronny de Jong, lead consultant and Enterprise Mobility & Security MVP at InSpark will host a session about: “Improve the user experience of your workplace with “Insight-driven IT” Endpoint Analytics, a first impression!”

Session abstract:

Read More

Are you already synchronizing your Message Center messages to Planner? Here is why you should

Microsoft 365 changes regularly, changes are implemented almost on a daily basis and as an Admin responsible for the service you must be aware of which changes are coming to your tenant.

In order to inform administrators Microsoft uses the Message Center. From within the message center administrative users are also automatically subscribed to weekly digest and major update emails. Within the message center message are categorized in the following categories:

Read More

Microsoft is making changes related to automatic email forwarding for ATP customers, here is what you need to know

In February this year I blogged about Stopping automatic email forwarding in your Exchange Online environment in a controlled way providing a structural way to disable automatic email forwarding within your organization, while still allowing exceptions.

This week Microsoft announced through the message center (MC220853) they are rolling out the External Email Forwarding Controls functionality for customers with Office 365 Advanced Threat Protection (ATP) licensed.

Update August 31, 2020: Microsoft has now communicated the following in the message center: For organizations that have some users externally forwarding prior to September 1st 2020 the setting “Automatic” will default to “On” and we will contact you separately when this will change for your tenant. The setting in my own tenant is still set to automatic though, perhaps it will change tomorrow (September 1). I’m for sure will test whether this has impact.

Read More

How to prevent your users from downloading and installing Office via the Office portals

If your goal is to restrict the usage of Office applications on non-managed devices and only allow Web access in limited mode (as explained in my article: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions) you might ask yourself if you want the Office applications to be downloadable from the different portals.

You should ask yourself, do I want my users to able to download the Office Apps on devices on which they have rights to install software and use Office Apps on those devices consuming one of the licenses the user has? Of no keep reading.

Read More

Assigning groups to Azure AD roles and Privileged access groups, a first look!

On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature is one of the most requested features to be found in the Azure AD feedback forum.

I have been following this feature request for a while now, and up until recently Microsoft stated that implementing Azure AD role assignment for Azure AD groups wasn’t the issue, the issue was more related to who is able to manage those groups. For example, if enabled how can we circumvent that someone with the “User Administrator” role (capable of adding users to groups) is capable of adding someone to the group used to assign Global Administrator rights. When implemented incorrectly, this new “feature” could then introduce a new security risk in your environment.

Assigning groups to Azure AD roles requires an Azure AD Premium P1 license at minimum, for the Privileged Identity Functionality an Azure AD Premium P2 license is needed.

Disclaimer: This post reflects the status of assigning groups to Azure AD roles as of August 20, 2020. Functionality may change, even right after this post has been published.

So, let’s walk through on what was announced and see..

Read More

Self Service Purchasing for Power Platform, Visio and Project, should you keep it enabled or disable the functionality?

In October 2019, Microsoft announced that it would enable end users to buy and manage their own licenses within their corporate account. At that time this “feature” was announced for the Power Platform: PowerApps, Flow (now Power Automate) and Power BI.

After that announcement Microsoft received critical feedback from tenant administrators where eventually Microsoft allowed tenant administrators to disable this functionality using PowerShell, the self-service feature is enabled by default in every tenant though.

Last week, on August 12th Microsoft announced that they will expand this functionality and also allow end users to buy Visio and Project licenses in the same way starting September 15th 2020 (at time of writing in less than a month).

Read More

Office 365 Templated policies and Preset security policies in Exchange Online Protection and Office 365 ATP

In my deep dive article on Office 365 Advanced Threat Protection (ATP) I mentioned that Microsoft provides best practices as described in the following article: “Recommended settings for EOP and Office 365 ATP security“. When implementing the settings in the article you either have the option to go for a “Standard” or “Strict” security level, and you can check your environment towards these best practices using the Office 365 ATP Recommended Configuration Analyzer (ORCA).

After returning from my holiday this year, I noticed a welcome addition to the Threat Management Policy page in the Office 365 Security & Compliance center called “Templated Policies”, for now the section Templated policies contains one section called “Preset security policies”

Read More

Announcing #WMUG_NL Tuesdays Webinar 9 featuring Derk van der Woude on Tuesday July 7th

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call WMUG_NL Tuesdays Webinars.

For next week, July 7th we are proud to announce that Derk van der Woude, Principal consultant Security and Compliance at InSpark will talk about “Azure Sentinel Brute Force RDP Attack”

Read More

Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions

One of the scenario’s we can build with Conditional Access, is the scenario where we restrict access inside the web application itself. By doing so, you could for example limit the functionality of the web applications on non-managed devices, or when accessing the web application from a country where your company normally doesn’t operate. The web applications can be configured to behave differently if the user is applicable for a Conditional Access policy where App Enforced restrictions are configured.

Within the Office 365 suite of applications, the following web applications are supported for App Enforced Restrictions:

  • Outlook Web Access
  • SharePoint and OneDrive

In this post I will go into detail on how to setup these app enforced restriction and what the expected behavior will be from an end-user perspective.

Read More

Completed the Azure Solution Architect Expert Certification

After earning my Microsoft 365 Certified Enterprise Administrator Expert certification in May, I decided to continue my certification journey and earn the Azure certification. Today I completed the last exam in order to earn the Azure Solution Architect Expert certification. The Azure Solution Architect Expert Certification is earned by completing two exams: AZ-300: Microsoft Azure Architect Technologies and AZ-301: Microsoft Azure Architect Design.

Machine generated alternative text:
Microsoft 
CERTIFIED 
AZURE SOLUTIONS 
ARCHITECT 
EXPERT
Microsoft Certified Azure Solutions Architect Expert

From the description about an Azure Solutions Architect Expert:

Read More