Configuration

Creating Scoped DLP rules with Custom Sensitive Information Types

A few weeks ago, I put out a series of posts on creating and using custom sensitive information types (https://www.undocumented-features.com/tag/sensitive-information-types/).  The blog, posts, however, focus on using the DLP configuration options available in the Security & Compliance Center.

Rules created via the DLP wizard in the Security & Compliance Center have the benefit of being able to be applied globally across your organization and its content sources. … [ Continue reading ]

Configuration

Looky, looky! Custom sensitive information types with even more customitivity!

So, of course, as soon as I finish up posting a few entries (here and here), we go and release a new UI to help you get it done on your own!

You can do most of the effort of creating a data classification here, although if you want to use any of our built in functions (such as credit card Luhn check), you’ll need to export/modify/import, use the sensitive information type package that I created (referenced earlier) or use one of our native DLP classifications.… [ Continue reading ]

Configuration

Sensitive Information Types–now with more sensitivity!

UPDATE: The TechNet Gallery link for this post has been updated.

So, this is an entry that has been long in the making.  I have had several customers over the last few years give feedback about our Data Loss Prevention’s (DLP) matching requirements, mostly around how they require too much corroborating evidence (in the form of patterns or keywords) to meet their organization’s very restrictive policies.… [ Continue reading ]

Configuration

ATP: Safe Attachments, Safe Links, and Anti-Phishing Policies or “All the policies you can shake a stick at”


With the advent of scammers, spammers, phishers, and other types of baddies, and the complementary rise in anti-malware, anti-spam, domain and sender verification techniques, we’re in a perpetual cat-and-mouse game.  I’ve had several customers over the past few weeks ask me about best practices for configuring some of the Advanced Threat Protection (ATP) features.… [ Continue reading ]

Configuration

Connecting Splunk to Office 365 – Part 2: Microsoft Office 365 Reporting Add-On for Splunk

In Part 1 of this blog series, I went through the setup of the Splunk Add-On for Microsoft Cloud Services, which you can use to extract, query, and analyze data provided by the Office 365 Management Activity API.  In this particular post, we’re going to explore the Microsoft Office 365 Reporting Add-On for Splunk, which you can use to review message trace data from Office 365.… [ Continue reading ]

Identity

Let’s Go Phishing – Spear Phishing, That Is

Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users.  The Attack Simulator has three core components, each of which I’ll cover in a series:

  • Spear Phishing (Credential Harvest)
  • Brute Force Password (Dictionary Attack)
  • Password Spray Attack

For this post, I want to focus on the Spear Phishing campaign.… [ Continue reading ]

Configuration

Change from AD FS authentication to Pass-Through Authentication with Seamless SSO

Update: We now have some public documentation available for this as well, so be sure to check there, too! https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-plans

Imagine this scenario: You’ve been running Active Directory Federation Services (AD FS) since before it was cool, and you’re tired of maintaining that highly available infrastructure (at least 4 servers) and the whole federation thing and its myriad of quirks and drawbacks and headaches (such as alt-id (which is still supported in Pass-through authentication with some caveats, listed below), claims rules, certificates, and the fun of trying to change UPN suffixes from one federated UPN to another).… [ Continue reading ]

Configuration

Update to the AAD Connect Advanced Permissions tool

Two updates for the tool in a week?  Yes! It is so!

At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:

  • Allow the underscore (“_”) character to be used in an OU name path
  • Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.
[ Continue reading ]
Configuration

Update to the Office 365 Proxy PAC Tool

I have updated the Office 365 Proxy PAC tool to allow selection of the US Department of Defense XML feed for proxy bypass configurations.

You can see previous updates for the tool:

Update to the Office 365 Proxy PAC tool

Updates to Office 365 Proxy PAC Generator

And of course, the updated tool is available on the TechNet Gallery, with a couple of other bugfixes that some people reported (invalid characters/smart quotes appeared in some versions of the file, which have been corrected): https://gallery.technet.microsoft.com/Office-365-Proxy-Pac-60fb28f7 [ Continue reading ]

Information

Creating and Managing Security and Compliance Filters in the Real World [Part 2]

Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations.

In this scenario, we’re going to:

  • Remove users from any existing eDiscovery roles or groups
  • Create a security group to hold users that will perform eDiscovery searches
  • Create a custom role group that has the appropriate eDiscovery roles and add the security group as a member
  • Verify

If you didn’t read the previous blog post on this topic, I’d encourage you to go back and do so, since I’m going to continue using the same users and compliance filters.… [ Continue reading ]

Configuration

Office 365 Secure Score Script

In light of the discovery that a recent comprise involved administrator credentials that were not protected with multi-factor authentication, I thought revisiting http://securescore.office.com might be a good idea.

For the uninitiated, Secure Score is a tool that we provide to examine some configuration items and give guidance on others in respect to creating a more secure operating environment for your Office 365 tenant. … [ Continue reading ]