E-mail flow.

Using Valimail to help with SPF,DKIM,DMARC monitoring with Microsoft 365

This post revolves around the e-mail concepts for SPF/DKIM and DMARC to increase your e-mail reputation as well as protecting your domain from being misused by others i.e impersonation. We will also go through the tool provided by Valimail to have this monitored, all integrated with your Azure AD for SSO.

Enabling Microsoft “Cloud enabled LAPS” (Local Admin Password Solution)

LAPS – Local Admin Password Solution, has for a long time been one of those great tools to have in the toolbox when it comes to securing your devices from lateral movement from a potential attacker. And Microsoft LAPS have been around for quite some time already.

This tool was orginally available for deployment to server/desktop devices connected to a traditional domain (on-prem) setup.

This changed as of April 2023, and Microsoft have now introduced Microsoft LAPS (Preview) with support for configuration with Intune, and saving the passwords to Azure AD, giving us – once again – a native LAPS solution to handle the local admin account.

pointing

Manageability – Part 1: Naming Conventions

When it comes to managing anything within IT, it will always be a good thing to keep things organized, in one way or another. You should also make sure that the way you organize things, is made understandable for others as well (maybe you share the responsibility of management with a group, or may do so in the future).
Make it a habit to creating an organizational model that others can jump in or out of over time, that is logical and understandable by others than yourself. Document the logic/model that is defined, and make sure not to deviate from the actual definition as time goes by.

Office 365 Splash

Security: O365 – did you remember to disable legacy authentication before October 13, 2020?

If you have kept up to date with the many announcements around 365 – spesifically Exchange Online, from Microsoft, you may remember that they announced that end of support for basic authentication were coming to various parts of Exchange Online in 365.
Subscribers of O/M365 should move to using modern authentication, as this is more secure and gives alot of other benefits.
The said date for this change was set to October 13 2020,

Security: How to enable sign-in with FIDO2 security keys on Windows 10 Devices and Azure AD

FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO allows users and organizations to leverage the standard to sign in to their resources without a username or password using an external security key or a platform key built into a device. Read the post to see how you can enable this for your Azure ad and windows 10 devices.

Citrix FAS: Sample setup leveraging FAS/ Azure iDP/ ShadowAccounts and Hybrid domain join.

Here’s an example of a usecase where Citrix FAS comes into play.
If you are not familiar with Citrix FAS and the use of it you may find this useful to get some insight to the usecases.
[…]

Guide: How to setup a network level ad and tracking blocker with a Raspberry Pi.

This setup is great if you’re tired of ads when surfing the web, and don’t want to rely on browser plugins for ad blocking.
By using a – raspberry pi – in this example, you can get a network wide blocker to deal with this.
(Can also be set up on any computer if you have one laying around, but the guide here is for the Pi).

The result of this is less ads, less tracking, and also a faster web browsing experience since your pulling/sending less data to your screen.
Since it’s network wide, all devices, xbox, tablets and phones also reap the benefits with no work needed on the device itself. […]

Changing your DNS provider to increase web speed and privacy

If you are not familiar with what DNS is, it basically the postal system of the internet.
Everything on the internet or local network consists of IP addresses – this is hard for people to relate to, and therefore we have DNS.
DNS translates the name-based addresses we use, that are easier to remember, to IP addresses – and vice versa – making sure you land on the wanted destination.

[…]

User setup guide for Azure MFA on 365/Azure AD account

Setting up Mulitfactor is an important security task on all externally available services whether its for facebook aswell as services from work. If you are using services inside Microsoft Azure like Office 365 the option exists for everyone, but is not turned on for the users by default. Each user can do this by themselves Read more about User setup guide for Azure MFA on 365/Azure AD account[…]

General guidelines for end user IT awareness

Contents include: Password awareness Points to keep in mind when creating passwords Two factor Authentication (2FA) Basic computer hygiene and security ++ will be updated   Today, a regular user has several services/websites they visit on a regular/daily basis. Several of these may be websites/services that require you to login with a username and password. Read more about General guidelines for end user IT awareness[…]

%d bloggers like this: