SECURITY

Hi All, On Ignite there was the anouncement, that Azure DNS finally supports DNSSEC (in public Preview). DNSSEC overview (Preview) How to sign your Azure Public DNS zone with DNSSEC (Preview) Setup Bevore changing anythin i did run a check on Verisign Labs DNSSEC Let’s go to Azure Portal and navigate to a DNS Zone. You can now see a “DNSSEC” Icon. Now let’s “Enable DNSSEC” Confirm After a few Seconds you see DNSSEC delegation information

Hi All, Recently i was working together with one of my fellows (shout out to Raul Ruta) to figure out how Register Passkeys with the new Microsoft Graph Beta API’s. The only thing we found was the Article of Jan Bakker, that uses the Yubico Sample scripts based on Phyton. Register Yubikeys on behalf of your users with Microsoft Entra ID FIDO2 provisioning APIs I was looking if there is a better way that does not require Phyton and found this PowerShell Module

Hi All, I recently had a customer that still allows SMS for MFA Authentication on theyr Entra ID Tenant. We all know, that SMS and Voice, should not be used anymore for MFA Authentication. In addition, i would point out, that can lead to a very bad situation, when using Teams Phone as your Voice destination. Think of how you want to authenticate to Teams, when receiving the MFA Voice call there 😂

Hi All, A week ago, i received a Mail from Microsoft with an Entra ID recommendation. Designate more than one global admin I was a little bit confused, since there are multiple Global Admins in my tenant. All between the recomeended 2 to 4 Accounts. As you can see in the Screenshots below Global Administrator - Eligible in Privileged Identity Management (PIM) Global Administrator - Active in Privileged Identity Management (PIM)

Hi All, Yesterday the Exchange Team has anouced the Announcing Public Preview of Inbound SMTP DANE with DNSSEC for Exchange Online. Our target dates for upcoming roadmap items are: August 2024 – Inbound SMTP DANE with DNSSEC and MTA-STS report in the Exchange admin center October 2024 – General Availability of Inbound SMTP DANE with DNSSEC End of 2024 Deploying Inbound SMTP DANE with DNSSEC for all Outlook domains Transition provisioning of mail records for all newly created Accepted Domains into DNSSEC-enabled infrastructure underneath *.

Hi All, Recently i was playing around with some M365 Audit Log Querys. There are many ways how you can query the M365 Audit Log: The Audit Log search Microsoft Purview compliance portal Search-UnifiedAuditLog Management Activity API Preview Microsoft.Graph API Note: Update on the Deprecation of Admin Audit Log Cmdlets The Admin Audit Log cmdlets will be deprecated on September 15, 2024. The Mailbox Audit Log cmdlets will have a separate deprecation date, which will be announced early next year.

Hi All, Recently i have been stumbled upon a new Version of the Microsoft Purview Information Protection client Microsoft Purview Information Protection client Microsoft Purview Information Protection client - Release management and supportability Installation of the *.msi file Started the Information Protection Viewer client List commands from the PowerShell Module PurviewInformationProtection Get-Command -Module PurviewInformationProtection Regards Andres Bohren M365 Logo Security Logo

Hi All, While looking into Enable passkeys in Microsoft Authenticator (preview) i figured, it is a good Idea tho have a List of FIDO2 AAGUID’s of all Users if enabled. This Article shows you how to Export the FIDO2 Keys and the AAGUID of all Users in a M365 Tenant. During my research i also found some AAGUID Lists on the Internet YubiKey Hardware FIDO2 AAGUIDs FIDO2 AAGUID lists Passkey Provider AAGUIDs Here you can see a registered FIDO2 Key in the M365 Security Info

Hi All, What is MTA-STS Mail Transfer Agent Strict Transport Security (MTA-STS) makes sure that Emails are Transfered over a secured TLS Connection but has lower requirements than DNS based Authentification of Named Entities (DANE). “Mail Transfer Agent Strict Transport Security (MTA-STS)” has been defined in 2018 in the following RFC rfc8461 SMTP MTA Strict Transport Security (MTA-STS) MTA-STS benefits: Emails are transfered over a secure TLS connection Must use TLS-Version 1.

Hi All, While writing the Blog Article that Microsoft is moving to New cloud.microsoft Domain for M365 i’ve been stumbled across something very interesting. In the Article from the Exchange Team Blog from Septemer 2023, they have anounced that Inbound DANE will be available between March and July 2024 using a new Domain *.mx.microsoft Implementing Inbound SMTP DANE with DNSSEC for Exchange Online Mail Flow I’ve decided to test DNSSEC with MXToolbox