Microsoft brings FIPS 140 Compliance to Authenticator supporting Federal Agencies
Many customers work in environments with security and compliance concerns requiring authenticators to use cryptography validated by the Federal Information Processing Standards (FIPS) 140 (reference NIST SP 800-63B). We're excited that Microsoft Authenticator on iOS is now FIPS 140 compliant (Android ... continue reading
Creating MFA Policies with Zero Trust Advanced Deployment Guide in Microsoft 365
Overview of Advanced Deployment Guides & Assistance As you most probably know, there are Advanced deployment guides available for you on your Microsoft 365 tenant. These are basically deployment guides that help you to configure different settings and onboard services ... continue reading
New Admin Center Unifies Azure AD with Other Identity and Access Products
Microsoft’s vision for identity goes beyond traditional identity management to give our customers an entire toolset to secure access for everyone and everything in multicloud and multiplatform environments. Earlier this year, we significantly advanced this vision with the launch of ... continue reading
Microsoft supports the DoD’s Zero Trust strategy
The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face ... continue reading
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially ... continue reading
How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch?
Q: How can I determine if objects in my AD environment are impacted by the November 8th 2022 patch? A: Use a couple of queries I wrote specifically for that purpose. November 8th, 2022 brought us a patch ... continue reading
Token tactics: How to prevent, detect, and respond to cloud token theft
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has ... continue reading
Utilizing Zero Trust architecture principles for External Identities
As hybrid work environments become normal and we continue to collaborate, the importance of adopting zero-trust architecture principles is more vital than ever. Zero trust architecture puts emphasis on three key principles: Verify explicitly: Always authenticate and authorize based ... continue reading
5 tips for IIS on containers: #2 IIS App Pools and Websites
The next topic in this series is IIS App Pools and Websites. Vinicius and I discuss the challenges with managing multiple application pools and how to address them with containers at our Microsoft Ignite Talk. Scaling up an IIS app ... continue reading
Microsoft Security tips for mitigating risk in mergers and acquisitions
Sixty-two percent of organizations that undertake mergers and acquisitions face significant cybersecurity risks or consider cyber risks their biggest concern post-acquisition.1 Threat actors that focus on corporate espionage often target the acquiring company, which we will refer to as the ... continue reading
