Select Page

Microsoft brings FIPS 140 Compliance to Authenticator supporting Federal Agencies

Many customers work in environments with security and compliance concerns requiring authenticators to use cryptography validated by the Federal Information Processing Standards (FIPS) 140 (reference NIST SP 800-63B). We're excited that Microsoft Authenticator on iOS is now FIPS 140 compliant (Android ... continue reading
Training, guides & assistance snippet from Microsoft 365 tenant

Creating MFA Policies with Zero Trust Advanced Deployment Guide in Microsoft 365

Overview of Advanced Deployment Guides & Assistance As you most probably know, there are Advanced deployment guides available for you on your Microsoft 365 tenant. These are basically deployment guides that help you to configure different settings and onboard services ... continue reading
New Admin Center Unifies Azure AD with Other Identity and Access Products

New Admin Center Unifies Azure AD with Other Identity and Access Products

Microsoft’s vision for identity goes beyond traditional identity management to give our customers an entire toolset to secure access for everyone and everything in multicloud and multiplatform environments. Earlier this year, we significantly advanced this vision with the launch of ... continue reading
™

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face ... continue reading
Global distribution map displaying exposed Boa web servers over the span of a week.

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially ... continue reading

How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch?

  Q: How can I determine if objects in my AD environment are impacted by the November 8th 2022 patch? A: Use a couple of queries I wrote specifically for that purpose.   November 8th, 2022 brought us a patch ... continue reading
Flowchart for Azure Active Directory issuing tokens.

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has ... continue reading
Utilizing Zero Trust architecture principles for External Identities

Utilizing Zero Trust architecture principles for External Identities

As hybrid work environments become normal and we continue to collaborate, the importance of adopting zero-trust architecture principles is more vital than ever. Zero trust architecture puts emphasis on three key principles:    Verify explicitly: Always authenticate and authorize based ... continue reading
5 tips for IIS on containers: #2 IIS App Pools and Websites

5 tips for IIS on containers: #2 IIS App Pools and Websites

The next topic in this series is IIS App Pools and Websites. Vinicius and I discuss the challenges with managing multiple application pools and how to address them with containers at our Microsoft Ignite Talk.   Scaling up an IIS app ... continue reading
Illustration of two circles coming together to illustrate two approaches to integrating the Acquisition within the organization’s IT environment. This can be to either directly connect to the IT environment of the acquisition and keep existing systems or migrate all information into the Parent organizations environment.

Microsoft Security tips for mitigating risk in mergers and acquisitions

Sixty-two percent of organizations that undertake mergers and acquisitions face significant cybersecurity risks or consider cyber risks their biggest concern post-acquisition.1 Threat actors that focus on corporate espionage often target the acquiring company, which we will refer to as the ... continue reading