Fundamentals

Learn about Microsoft security concepts. It covers Identity & access management, threat protection, information protection and security managment.

Microsoft 365 security concepts
Security is a term that is currently spread alot. Microsoft makes an investment of 1 billion us dollars annually and works with over 3500 security experts. The threat landscape has become more sophisticated and maliciously. Endpoints are mobile, may connect to the company network or have access to c…
Some more security ramble
Recently I was in contact to an official Microsoft employee, talking about cybersecurity in general and of course the modern workplace. I found that topic so interesting, that I decided to dedicate a blog post to my personal opinion and some details about it. In the past I have already

Microsoft 365

Microsoft 365 architecture, products/services/features and building resilient and up-to-date security defense.

Launch with Microsoft 365: a guide
Launch your business with Microsoft 365. Increase productivity, run and manage workloads, gurantee security & compliance.
M365 security landscape
In mid 2021, Microsoft offers a lot of security oriented products and services in their cloud portfolio. But what are they capable of? Where do they even take place or protect you? I want to explain this landscape to you, mention some real world intentions and talk about their relationship

Identity & access management

Is all about securing identity & access workflows to any resource.

MFA and conditional access

MFA is key. Use conditional access to build conditions when to trigger security actions.

Important aspects to Conditional access policies
Identity protection describes concepts of securing identities for authN- (authentication) needs. Common identity provider offer federation or SSO (single sing-on) as known strategies. But all this is so much more, think of ways to secure this work flows with different signals that could be processed…
Conditional access examples
So Conditional access is one of the most fundamental and key products in any Microsoft cloud environment regarding security. Let’s be honest, if you don’t use it, you should implement it as soon as possible, together with MFA. It’s one of the easiest way to achieve a high effectiveness in

Federation

Azure Active Directory as central IdP (identity provider) to establish SSO (single sign-on) and use your Microsoft account to sign in to cloud applications.

Understanding identity federation and application management in Azure AD
Information technology applications are moving to the public cloud. We call this SaaS software as a service, that rely on a multi-tenancy architecture and provide the same instance of a software to multiple customers or users.
The way from ADFS to AzureAD authentication
Base concepts Federation services have found their journey to the cloud. Known on-premises Active Directory Federation Services (ADFS) was the origin way to provide local identities for authentication and authorization purposes. But this is not the recommended way anymore, instead using AzureAD. Th…

Miscellaneous

Manage alert policies with Security & Compliance Center PowerShell
Information is a precious good. Keep an eye on specific accounts and knowing when someone gets unauthorized access to a critical account can be your life saver. But how do you manage this within your Microsoft tenant? Therefore alert policies are exactly what is needed. You can setup a policy
Azure AD Password Protection (Hybrid)
If we talk security, we always need secrets and passwords. Though the challenge is, to use secure passwords, ideally not including public, or wide-used words. Such datasets of passwords are found in the Internet (example GitHub). Future password-less authentication The future is password-less. You …

Defender for Cloud Apps

Microsoft Cloud Access Security Broker.

A tour through Cloud App Security
Microsoft Cloud App Security (CAS). A cloud broker - probably one of the most powerful tools regarding security and compliance in the cloud cosmos. If you are completely new to all these topics, I would suggest to read about the M365 security concepts before. Here is an official Microsoft sheet
Cloud App Security alerts into Teams channels
Cloud App Security offers an alert page by design, providing an overview of detected ongoing or past identity anomalies. But why not use Microsoft Power Automate to catch these events and send them to Microsoft Teams, as your single information portal. This is a tutorial how to configure this soluti…

Threat protection

Describes all active activities against threats or attacks.

Microsoft Defender for Endpoint

Microsoft Defender: a review
A review of Microsoft Defender + Defender of Endpoint (MDATP). Technical overview of capabilities, as well as my personal opinion.
You’ve successfully subscribed to Oceanleaf
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.