Category: Zero trust

Deep dive on Copilots and Security

Microsoft Copilots Microsoft Copilot isn’t a single service, but rather a suite of AI-powered assistants designed to enhance productivity and security across various Microsoft products and services. Here’s a breakdown of the different Copilots available: Security Copilot architecture, I could…

Continue Reading Deep dive on Copilots and Security

My tenant has Security defaults enabled and I want to disable them. What to do?

First things first, Security defaults were automatically enabled for all new tenants created after October 22, 2019. This was to ensure a strong security posture right from the start for all users. Set the stage Let’s imagine this scenario. You…

Continue Reading My tenant has Security defaults enabled and I want to disable them. What to do?

Security Service Edge (SSE) in a secure access service edge Framework (SSA)

In this post I will cover two different providers for SSE and in my opinion these are the top notch ones. Let’s me explain why and then you disagree or agree, just giving my opinion. But first let’s see what…

Continue Reading Security Service Edge (SSE) in a secure access service edge Framework (SSA)

Azure AD Privileged Identity Management and new features

What is PIM? PIM has and will be a backbone for permission Just In Time access in Microsoft based environments. You can easily assign Permanent roles but also Eligible roles for admins and define timeout for the roles. They either…

Continue Reading Azure AD Privileged Identity Management and new features

Section 4 – Mitigate identity threats part 2 of 2

Identity protecting is challenging if you don’t know what you should protect and when you do, you should know how to protect it. In the second part we will be discovering more on Conditional Access as a dynamic boundary in…

Continue Reading Section 4 – Mitigate identity threats part 2 of 2

Number matching and Authentication methods why you should enable them?

Two upcoming changes coming to the tenant near you! Number matching will be enforced. Also SSPR and legacy MFA policies will be deprecated (phased). Don’t act too late on either of them. If you need to educate users, you can…

Continue Reading Number matching and Authentication methods why you should enable them?

Conditional Access templates (Preview) and other tips on the side

First, I want to mention Microsoft Entra admin center and the announcement Microsoft made about it. You should care about it because starting from 2023 new capabilities will be rolled out to Entra. Also in December Microsoft started redirects when…

Continue Reading Conditional Access templates (Preview) and other tips on the side

Section 6 – Design security for infrastructure – Design a strategy for securing SaaS, PaaS, and IaaS services

Time for the next section to my SC-100 study guide: Specify security baselines for SaaS, PaaS, and IaaS services Specify security requirements for IoT workloads Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse and Azure…

Continue Reading Section 6 – Design security for infrastructure – Design a strategy for securing SaaS, PaaS, and IaaS services

Section 5 – Design security for infrastructure – Design a strategy for securing server and client endpoints

Wednesday is here and time for the next post to my SC-100 exam cram. NOTE: includes hybrid and multi-cloud Specify security baselines for server and client endpoints Specify security requirements for servers, including multiple platforms and operating systems Specify security…

Continue Reading Section 5 – Design security for infrastructure – Design a strategy for securing server and client endpoints