-
Burnout in IT consultancy
Throughout my work for Upheads and then for Atea, I’ve been taking on too much work and responsibilities. In Upheads, I had more than 150 customers where I was the primary consultant. In Atea, I joke that I have too many responsibilities and roles that I have no idea how to present myself to customers.…
-
DNS to DND
After a discussion with my colleagues about how DNS actually works, I figured as a companion to a course I’m holding it would be fun to create a game like ZORK, but delivered entirely through DNS – TXT record lookups! You get a short demonstration on how it works in the beginning and can download…
-
Password Protection – Made easy
Azure Active Directory Password Protection is a solution protecting your users from creating insecure passwords, but most companies fail at implementing the solution properly. In this article I will explain the implementation pitfalls and misconceptions and give you a quick and easy configuration explanation on how to set it up the proper way. Unleash the…
-
May I have your password?
What’s a temporary access pass in the Microsoft world? The temporary access pass is built to allow for easier onboarding and recovery. Onboarding often required from IT professionals to set up end user devices and IT equipment. This often includes having to ask the end user for their passwords, and having them sent over non-encrypted…
-
A public endpoint problem
Public and private endpoints create a problematic relationship with what is an accessible resource and what is not in public clouds. How does information move from one place to another? Is simply using TLS 1.2 enough to protect your data, or is access to the data stream itself something we should protect? As a public…
-
Straight PIMping
One of the greatest risks in modern identity governance structures are stale administrator assignments. Microsoft has provided a system called Privileged Identity Management to combat it in the cloud enterprise. But how to configure it, and what does it mean for your internal IT teams using it? The most commonly provided administrative role in the…
-
Sharing and Pointing
Sharing has become one of the most important functions of collaboration in the modern enterprise. But how do we configure it to work seamlessly in consideration of Business Continuity while protecting the organization from data leakages and corporate spies? This article will try to help piece together how the different sharing options work and what…
-
The ADvice nobody takes
Configuring AD is a momentous task in security. Identity is the most central function of modern networks and one of the most important parts of securing an enterprise. In this post I’ll talk about some of the biggest problems I’ve seen in AD configurations and what best practices and some experience say we should do…
-
Restricting user consents
Microsoft 365 consist of slightly more than 25.000 settings, ranging from service activation/deactivation to radical changes in application behaviors. Being a good consultant is knowing the Microsoft mantra of “allow everything and let the customer restrict what they don’t need” is a security risk, being a great consultant is knowing what to fix and why.…
-
Conditional Inaccessibility
This article will go into details on the Microsoft Conditional Access logic and how to build quality configurations who support business compliance, configuration and process requirements. In addition, it’ll cover why Microsoft harp on about Break-Glass administrators, what are they and how they strengthen your security posture by circumventing MFA requirements. If you’ve ever looked…