The Ultimate Guide to Securing Microsoft 365!
Рет қаралды 19,951
Күн бұрынIn this episode I’ll take you from Zero to Hero in my latest security guide designed to bulletproof your environment. Hacking unfortunately is a multi million dollar industry that’s focussed on one thing. Ruining your life or your business. Well I say no more! It’s time to fight back and in this episode I’ll show you some simple tips and tricks that you can use that will vastly improve your security in Microsoft 365. From identity tips including multi factor authentication to conditional access. We’ll then look at securing your devices with Defender for Endpoint and then onto ensuring that those nasty phishing emails, attachments and links have nowhere to go. So as I say enough is enough. It’s time to fight back.
Today’s sponsor is Bluetally. The Ultimate in IT asset management. For more details visit Bluetallyapp.com
For more on me visit me on LinkedIn or at Andymalone.org
If you want access to exclusive content and more why not consider supporting me and join me on Patreon. / andymalonemvp
Timecodes
00:00 Introductions
02:04 Hunting for Bad Guys Using Sign In Logs
08:09 Fix the Anonymous Reporting Feature
07:48 How to easily Deploy Multi factor Authentication in Microsoft 365
11:30 How to Deploy MFA with Conditional Access
24:08 How to Protect your devices with Defender for Endpoint
29:00 How to Use Secure Score
30:09 How to stop Hackers sending you Malicious email Attachments
32:40 How to stop Hackers sending you Malicious Web Links
34:25 Session Conclusions
@oliverreithage5590 4 ай бұрын
Genius Andy! More Security Best Practices PLZ
@maluc21 4 ай бұрын
Great quick key points to check, very clear, thanks
@TheB1nary 3 ай бұрын
Always helpful - thank you!
@StamosTee 4 ай бұрын
Excellent content. Thanks for sharing.👍
@harrylumsdon6773 4 ай бұрын
Great info. Thank you. Esp w license info. Good job.
@amoprince4353 10 күн бұрын
Educative! Thanks!
@traciekeane9802 4 ай бұрын
Great video Andy! Very informative and really helpful for all levels of competency, even if you just want to polish up those policies! Thanks again!
@AndyMaloneMVP 4 ай бұрын
Thanks and you’re very welcome 😊👏
@driver288 4 ай бұрын
Oh. You got to passkeys here. So they are a bit delayed I guess. YES! I agree! Always show geo location for login requests as well as the requesting app! And educate your users on why this is important. It minimizes the risk of unintentionally letting someone else in
@ACrispiels 3 ай бұрын
Thank you Andy for this new, very interesting video, with a price on the P1 subscribers ;-)
@d7oomy5500 4 ай бұрын
Is there video explain incident and investigation at Defender portal?
@AndyMaloneMVP 4 ай бұрын
Take a look in my Defender playlist
@C.Tag76 4 ай бұрын
As you’ve described in the video - would you rate the conditional access settings a ‘phishing resistant’? Or it’s more we should be really implementing policies that target based on whether the request is coming from a compliant and non compliant device and ensure browser tokens or similar are expired.
@AndyMaloneMVP 4 ай бұрын
No. Conditional access is a technology that enforces additional checks when a user logs in. These "signals" if met can be enforced with additional authentication methods. For example you can create a policy that enforces phishing resistant MFA which includes a yubikey, (FIDO 2 Key), or biometric using windows Hello for Business for example.
@driver288 4 ай бұрын
Hey Andy! Being a Mac guy, or user at least, do you know if Microsoft has released the synchronized password experience for Sonoma yet? I use both a PC and a Mac for work since I do intune configurations and software distribution on both platforms for customers and test them. When enrolling Macs in intune you get an M365 login to start with and then you have to create a local account to log into your Mac. At some point with Sonoma this was going to change and the enrollment would be able to create the user account off of the M364 login and then keep password changes in sync. Though I read something about having to create one local account first for it to work which doesn’t really make much sense. Do you know if this is released yet? And also, it’s February now and still no passkey support for M365 accounts.. you talked about out this in a previous video, that FIDO2 keys would change to reflect this in EntraID when that was supported. Haven’t seen that rolled out to any tenants I manage yet.
@AndyMaloneMVP 4 ай бұрын
I do believe they are in the process of releasing an SSO client for Mac. I’ve not personally seen it yet but I’m looking forward to trying it. 👍
@driver288 4 ай бұрын
@@AndyMaloneMVP well Platform SSO is released already and works well. But the missing piece is not having to create a local account and password. That is not there yet afaik
@jstump1972 25 күн бұрын
Hey Andy, with regards to the methods a user can enroll in MFA, if you have several checked, and you only want to lock it down to authenticator app, what happens to all of the users that are currently set up with text message as example they get forced to the app as soon as they try to authenticate next time?
@AndyMaloneMVP 25 күн бұрын
They will be forced to change
@jstump1972 25 күн бұрын
@@AndyMaloneMVP thanks I was afraid of that, our leadership will not accept that because of the potential thousands of people calling the helpdesk with problems :(
@MegaNatebreezy 4 ай бұрын
biggest fear with conditional access is causing user disruption. For example: when I turned on MFA, I didnt realize it would sign users Outlook settings and we had a lot of calls. Report only sounds somewhat promising but doesnt necessarily show if the user will be receiving any prompts on their end. Is there a recommended way of approaching this to have the least amount of unexpected interruptions?
@AndyMaloneMVP 4 ай бұрын
I wonder if it’s a conflict with your settings and perhaps MS managed settings. Hmm not sure other than testing on small groups of users until you find the right formula. Good luck😆
@TheB1nary 3 ай бұрын
I had to enable it for a school Trust - imagine the chaos when students were prompted for their Authenticator application!!
@kunalzshah 4 ай бұрын
Is this for business accounts only? Does it apply to Home users?
@AndyMaloneMVP 4 ай бұрын
Business and enterprise only I’m afraid. Home users get exchange online protection pre configured and you do not have access to the admin portals.
@kunalzshah 4 ай бұрын
@@AndyMaloneMVP Thanks!!!
@gabiflorensa 4 ай бұрын
Hello friend, were you able to definitively solve the invalid traffic issue? I would appreciate an answer, I am Spanish (you know how it feels)
@AndyMaloneMVP 4 ай бұрын
The issue is at Google. There is nothing you can do and it will resolve itself with 2 to 3 weeks.
@Zachsnotboard 4 ай бұрын
thank you for going over the report settings, and SIM swapping does not require physical access they just need to know your phone number and they socially engineer the phone company. Is there any way to see who are the most active users ? report is hard to filter when you have so many users
@AndyMaloneMVP 4 ай бұрын
There are filters in the admin centre that you can use, and you can also create your own filters. You can also export the files as a CSV file into Microsoft Excel and analyse it here with Power BI
@are-vitasbjorklund3739 4 ай бұрын
I would go with log analytics. Then you can use a workbook with a heatmap of your most actice users. Search for „Conditional Access insights and reporting“ in MS Docs.
@nickfmt 3 ай бұрын
Enjoying the video... I wanted to give a "Like" but the count is currently at 420, and I don't want to be the one to ruin everyone's fun. I'll circle back after some other spoilsport does.
OneFile UK
Рет қаралды 10
Peter Rising MVP
Рет қаралды 7 М.