Security

Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) 2.5 released

Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) 2.5 released

Andres Bohren
Hi All, Just a few Hours ago, the Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) 2.5 was released to the PowerShell Gallery. PowerShell Gallery ORCA 2.5 Seems like some bugs have been closed ORCA Closed Issues Check installed Module and what’s available from the PowerShell Gallery Get-InstalledModule ORCA Find-Module ORCA
Swiss Domain Security Report Q3 2022

Swiss Domain Security Report Q3 2022

Andres Bohren
Hi All, In 2015 i wanted to know how many SMTP Servers used STARTTLS, SPF, DKIM, DMARC. I’ve programmed a Webspider with PowerShell and collected about 100'000 Domains. Then made another Script that queried those domains and made SMTP Connect to find out if STARTTLS was in the ELHO Response. The Result was a Report of about 100'000 Domains from the .ch Top Level Domain. The Results from 2015: About 90% of the Domains used MX About 75% of the SMTP Servers offered STARTTLS About 28% of the Domains with MX had an SPF Record About 1% or less DKIM and DMARC was barely present In 2022 i have extracted the Open Data of Switch DNS Zone Data for the .
Windows Hello for Business - Hybrid Cloud Kerberos trust

Windows Hello for Business - Hybrid Cloud Kerberos trust

Andres Bohren
Hi All, In this Blog Article i show you how you can enable Hybrid Cloud Kerberos Trust. So you can use Windows Hello for Business (WHfB) to authenticate with Kerberos to your OnPremise Active Directory Resources. Overview An Architectual Overview can be found Here Enable passwordless security key sign-in to on-premises resources by using Azure AD Enable Cloud Kerberos Trust How SSO to on-premises resources works on Azure AD joined devices
HTTP Security Headers

HTTP Security Headers

Andres Bohren
Hi All, Recently my Colleque Tobias Asböck made me aware of the HTTP Security Headers. You can test the Security Headers with the Online Scan from Scott Helme. Ouch - that did not look good for my Website hosted on Azure App Service. So how do i add these Headers? It’s in the web.config File of the Project right afer the system.web configuration <system.
Azure Information Protection Unified Labeling (AIP UL) 2.16.73

Azure Information Protection Unified Labeling (AIP UL) 2.16.73

Andres Bohren
Hi All, A few days ago, Microsoft has released a new Version of the Microsoft Azure Information Protection labeling client. Download Microsoft Azure Information Protection 2.16.73.0 Running the Installation with the *.msi File The Installer removes the old version and installs the new Version on the Client.
Azure AD Conditional Access Token protection (Preview)

Azure AD Conditional Access Token protection (Preview)

Andres Bohren
Hi All, Recently Microsoft has anounced Conditional Access Token Protection Preview. Token protection (also known as token binding) attempts to reduce attacks using token theft by ensuring a token is usable only from the intended device. When an attacker is able to steal a token, by hijacking or replay, they can impersonate their victim until the token expires or is revoked. Token theft is thought to be a relatively rare event, but the damage from it can be significant.
Passkey with Google

Passkey with Google

Andres Bohren
Hi All, A year ago, Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins. Read more about the Passkey on the Website from FIDO Alliance What are Passkeys? Passkeys are a password replacement that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are resistant to phishing, are always strong, and are designed so that there are no shared secrets.
Purview DLP in Exchange Online now detects password protected PDF

Purview DLP in Exchange Online now detects password protected PDF

Andres Bohren
Hi All, Back in January, Microsoft has annouced that the Exchange Online Transport Rule (ETR) Condition “Attachment ist Password protected” will now also support PDF Files. You can read the Documentation: Use mail flow rules to inspect message attachments in Exchange Online If you look at a PDF (File > Properties) Security > Show details Note: Files with “Permissions Password” (Print, Edit and Copy Blocks with Password) are not affected by the Condition “Attachment ist Password protected”

AIPService PowerShell Module 2.0.0.3 released

Andres Bohren
Hi All, Just a few Hours ago, Microsoft has release a new Version of the AIPService PowerShell Module to the PowerShell Gallery. AIPService 2.0.0.3 https://www.powershellgallery.com/packages/AIPService/2.0.0.3 AIPService on Microsoft Learn https://learn.microsoft.com/en-us/powershell/module/aipservice/?view=azureipps Let's check the installed Version and what's available on the PowerShell GalleryGet-InstalledModule AIPService Find-Module AIPService Uninstall the old PowerShell Module and install the newest one Uninstall-Module AIPService Install-Module AIPService Get-Installed Module AIPService

Microsoft 365 Defender Advanced Hunting with PowerShell

Andres Bohren
Hi All, You might already know, that i am a big Fan of Defender for Office 365 Advanced Hunting. It's easy and fast to analyze the last 30 Days of your Messaging Logs. Defender for Office 365 Advanced Hunting https://blog.icewolf.ch/archive/2021/08/23/defender-for-office-365-advanced-hunting.aspx I've published some of the KQL Querys in my GitHub Rpo https://github.com/BohrenAn/GitHub_PowerShellScripts/blob/main/ExchangeOnline/EOPAdvancedHunting/AdvancedHunting.kql You can find Advanced Hunting it in de Microsoft 365 Defender Portal