Combatting Risky Sign-ins in Azure Active Directory
It is almost inevitable your organization will be targeted with malicious sign-in attempts to cloud apps. It is often the case an employee uses the same password for their work account as they do for their personal accounts. Password leaks ... continue reading

Microsoft Entra: 5 identity priorities for 2023
Welcome to 2023. After the pandemic upended how we work, learn, play, and manage our lives, we find ourselves more connected than ever, with more convenient access to an ever-wider range of online tools and experiences. But as our global ... continue reading
End user passwordless utopia
With all the different technologies available in Azure and Azure Active Directory (Azure AD), it’s easy to miss the bigger picture and how they all play into the end user experience. This includes: Azure AD Multifactor authentication (MFA) Passwordless authentication ... continue reading

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure ... continue reading
Microsoft brings FIPS 140 Compliance to Authenticator supporting Federal Agencies
Many customers work in environments with security and compliance concerns requiring authenticators to use cryptography validated by the Federal Information Processing Standards (FIPS) 140 (reference NIST SP 800-63B). We're excited that Microsoft Authenticator on iOS is now FIPS 140 compliant (Android ... continue reading
Creating MFA Policies with Zero Trust Advanced Deployment Guide in Microsoft 365
Overview of Advanced Deployment Guides & Assistance As you most probably know, there are Advanced deployment guides available for you on your Microsoft 365 tenant. These are basically deployment guides that help you to configure different settings and onboard services ... continue reading

Token tactics: How to prevent, detect, and respond to cloud token theft
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has ... continue reading
Utilizing Zero Trust architecture principles for External Identities
As hybrid work environments become normal and we continue to collaborate, the importance of adopting zero-trust architecture principles is more vital than ever. Zero trust architecture puts emphasis on three key principles: Verify explicitly: Always authenticate and authorize based ... continue reading

Microsoft Security tips for mitigating risk in mergers and acquisitions
Sixty-two percent of organizations that undertake mergers and acquisitions face significant cybersecurity risks or consider cyber risks their biggest concern post-acquisition.1 Threat actors that focus on corporate espionage often target the acquiring company, which we will refer to as the ... continue reading
Azure AD Certificate-based Authentication (CBA) on Mobile
At Ignite 2022 we announced general availability of Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA) as a part of Microsoft’s commitment to Executive Order 14028, Improving the Nation’s Cybersecurity. Now, we’re thrilled to announce the public preview of Azure ... continue reading