What’s the difference between Microsoft user-based MFA and Azure MFA?
If your business relies on cloud computing services, it’s essential that you set security defaults that include multi–factor authentication (MFA) to protect your resources. Protecting your user accounts during a sign in event is vital for securing accounts that require privileged access to data and other resources in the cloud. MFA has become the standard in electronic […]
Mednax Improves Hybrid Microsoft 365 Security and Administrative Efficiency: A Cayosoft Customer Story
After moving to a hybrid Microsoft Office 365 environment, the IT team at Mednax began looking for a management solution to help the organization securely manage the environment. “We also considered how we could empower other groups within Mednax, such as the security team and the help desk, and keep individuals from going directly into […]
How Granular Delegation Can Help Avoid Security Incidents in Microsoft Environments
With so many security threats to defend against today, it’s nearly impossible for IT teams to keep up. And while each security event may be different, there are common threads that can be found across a majority of them. One of the most common is that users are simply granted too much access over […]
Azure Sentinel Solution to Find Vulnerable Netlogon Clients
Microsoft is addressing a privilege vulnerability in a two-part rollout by modifying how Netlogon handles the usage of Netlogon secure channels. Phase one, deployment, began on Aug 11. In this phase, secure Remote ProtoCol (RPC) is enforced for machine, trust and domain controller accounts. This phase also includes a new group policy object (GPO) and a […]
AMSI and Machine Learning Help to Stop Active Directory Attacks and Other Post-exploitation Behavior
Last week, Microsoft Defender ATP Research team blogged about Antimalware Scan Interface (AMSI)-driven behavior-based machine learning protections. AMSI helps security software detect malicious scripts by revealing script content and behavior. AMSI integrates with scripting engines on Windows 10 as well as Office 365 VBA to provide insights into the execution of PowerShell, WMI, VBScript, JavaScript, and Office VBA macros. So basically, AMSI’s […]
How One Organization Accidentally Erased 145K Microsoft Teams Chats — Avoid This Mistake
Microsoft recently confirmed that Teams chat data is not recoverable after an IT blunder permanently erased 145,000 users chats at KPMG. With so many remote workers now relying on Microsoft Teams, how can IT teams help protects this critical communication for their end users? While recovering chat data may not be possible, tight control […]
More than 900 VPN Passwords Leaked by Hacker
A list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers, has been published on a Russian-speaking hacker forum frequented by multiple ransomware gangs. According to a threat intelligence analyst, the list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware […]
Class-action lawsuit has accused Microsoft of sharing customer data
A lawsuit has been filed with Microsoft for allegedly sharing the content of business customers’ emails, documents, contacts, calendars, location data, audio files, and video files, among other forms of data, without consent. According to the lawsuit, Microsoft is routinely sharing business customers’ data, including personal and corporate information, with Facebook and other third parties despite publicly claiming it doesn’t. […]
4 Reasons Why the Recycle Bin Can’t Fully Protect Azure Active Directory
Let’s face it, user errors are a reality, and the threat of malicious actors breaching Active Directory –both on-premises and in Azure – is on the rise. Protecting your data has never been more important, yet no native tooling exists to tracks changes, store previous values or enable administrators to rollback those changes immediately. Microsoft […]
Azure Active Directory Security Defaults—not for everyone
Microsoft’s powerful array of cloud offerings—Microsoft Azure, Dynamics, and Office 365—offer paths to business growth without the huge capital investment. Most organizations on the cusp of implementing and experimenting with those services may not make security the first priority in the quest for productivity. The first phase of the exciting journey into the cloud is to […]