The Alert policies in O365 are an often overlooked or underestimated security feature for indicators of compromise (IOC). They enable especially administrators for smaller tenants to supervise their environments on a critical level in terms of security events. As part of a multilevel defense the O365 Alerts add a lot value, as they are easy to setup and part of every O365 and therefore free of additional costs.
Read more...At Microsoft Build 2020 lots of new updates and services were announced. Today we will take a look at a specific one that I am pretty excited about, Static Web Apps. Read on to learn what it is, how to use it and and why it helps us to reduce effort when deploying web applications to Microsoft Azure.
Read more...In this part of the series I want to talk about the most obvious and meaningful security measure for O365 – Multifactor authentication (MFA). The well-established technology can significantly reduce the attack surface of your organization and is easy to implement for O365 administrators. It should be your first line of defense against phishing and replay attacks in your security environment. In this article I want to talk about the technical/mathematical concept of the standard and show you how to activate the tool and its features in your tenant.
Read more...This part is focused once again on mail traffic and its attack vectors. Specifically, I wanted to tag all incoming mails in Office 365 Exchange, which are not coming from trusted domains. This is really easy to implement with Exchange Online rules and doesn’t even require any kind of powershell knowlegde, so every O365 should have implemented this policy in their environment.
Read more...How you do implement basic security policies for your company’s Office 365 system? As mail systems are usually the main target for your average cyber criminals, a quick strategy was needed to harden the first line of defense against this attack vector. The measures I came up with are luckily not any kind of rocket science and easy to implement even by not so experienced O365 admins, as they are well established and around for quite a while by now. But they are a great way to harden your network and protect your users against cyber criminals with just a few hours of work. This is a three part series, starting with how to implement DMARC for your Office 365 Exchange Server.
Read more...Azure Sentinel is Microsoft’s security information and event management (SIEM) and security orchestration, automation and response (SOAR) offering for modern SecOps. Now with the announced General Availability of Azure Sentinel, we will take a look and the current features, what changed from the preview and where there is still room for improvement.
This Post is Azure CloudShell compatible
Learn how to redirect custom domain traffic for HTTP and HTTPS (with free valid certificate) to another domain with Azure Functions.
Read more...Azure CDN is a great service to add functionality to your website. In this post we will setup a Azure CDN resource, add a custom domain, activate free SSL and take a look at the CDN rules engine.
Read more...If you want to use Azure resources for website hosting, one of the essential services is DNS. In this blog post we will migrate a DNS zone to Azure DNS and prepare it for usage with an Azure hosted static website.
Read more...In this blog we will learn how setup an Azure Storage Account for static website usage and what the limitations of Azure storage accounts for static websites are.
Read more...