Configuration

## ATP: Safe Attachments, Safe Links, and Anti-Phishing Policies or “All the policies you can shake a stick at”

With the advent of scammers, spammers, phishers, and other types of baddies, and the complementary rise in anti-malware, anti-spam, domain and sender verification techniques, we’re in a perpetual cat-and-mouse game.  I’ve had several customers over the past few weeks ask me about best practices for configuring some of the Advanced Threat Protection (ATP) features.… [ Continue reading ]

Configuration

## Connecting Splunk to Office 365 – Part 2: Microsoft Office 365 Reporting Add-On for Splunk

In Part 1 of this blog series, I went through the setup of the Splunk Add-On for Microsoft Cloud Services, which you can use to extract, query, and analyze data provided by the Office 365 Management Activity API.  In this particular post, we’re going to explore the Microsoft Office 365 Reporting Add-On for Splunk, which you can use to review message trace data from Office 365.… [ Continue reading ]

Configuration

## Connecting Splunk to Office 365 – Part 1: Add-On for Microsoft Cloud Services

I’ve had a number of customers ask me about configuring their monitoring systems to Office 365.  So, rather than repeating the same information and re-issuing the same links (most of which contain outdated information), I’m going to put together a series on how to connect a few systems to Office 365. … [ Continue reading ]

Identity

## Using the Dictionary for Fun and Profit

In my previous post, I discussed using the new Attack Simulator for crafting phishing campaigns against your users.  If you haven’t tried it out yet, I’d heartily recommend it.  It’s more fun than a barrel of monkeys.

For this post, we’re going to shift into slightly more traditional attack strategies. … [ Continue reading ]

Identity

## Let’s Go Phishing – Spear Phishing, That Is

Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users.  The Attack Simulator has three core components, each of which I’ll cover in a series:

• Spear Phishing (Credential Harvest)
• Brute Force Password (Dictionary Attack)

For this post, I want to focus on the Spear Phishing campaign.… [ Continue reading ]

Configuration

## Change from AD FS authentication to Pass-Through Authentication with Seamless SSO

Update: We now have some public documentation available for this as well, so be sure to check there, too! https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-plans

Imagine this scenario: You’ve been running Active Directory Federation Services (AD FS) since before it was cool, and you’re tired of maintaining that highly available infrastructure (at least 4 servers) and the whole federation thing and its myriad of quirks and drawbacks and headaches (such as alt-id (which is still supported in Pass-through authentication with some caveats, listed below), claims rules, certificates, and the fun of trying to change UPN suffixes from one federated UPN to another).… [ Continue reading ]

Configuration

Two updates for the tool in a week?  Yes! It is so!

At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:

• Allow the underscore (“_”) character to be used in an OU name path
• Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.