Category: Skype for Business

January 19th, 2021 by Lauren Goodwin

The Solorigate supply chain attack has captured the focus of the world over the last month. This attack was simultaneously sophisticated and ordinary. The actor demonstrated sophistication in the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure, but many of the tactics, techniques, and procedures (TTPs) were individually ordinary.

Companies operating with a Zero Trust mentality across their entire environment are more resilient, consistent, and responsive to new attacks—Solorigate is no different. As threats increase in sophistication, Zero Trust matters more than ever, but gaps in the application of the principles—such as unprotected devices, weak passwords, and gaps in multi-factor authentication (MFA) coverage can be exploited by actors.

Zero Trust Principles

Applying Zero Trust

Zero Trust in practical terms is a transition from implicit trust—assuming that everything inside a corporate network is safe—to the model that assumes breach and explicitly verifies the security status of identity, endpoint, network, and other resources based on all available signals and data. It relies on contextual real-time policy enforcement to achieve least privileged access and minimize risks. Automation and Machine Learning are used to enable rapid detection, prevention, and remediation of attacks using behavior analytics and large datasets.

Zero Trust Policy

Verify explicitly

To verify explicitly means we should examine all pertinent aspects of access requests instead of assuming trust based on a weak assurance like network location. Examine the identity, endpoint, network, and resource then apply threat intelligence and analytics to assess the context of each access request.

When we look at how attackers compromised identity environments with Solorigate, there were three major vectors: compromised user accounts, compromised vendor accounts, and compromised vendor software. In each of these cases, we can clearly see where the attacker exploited gaps in explicit verification.

  • Where user accounts were compromised, known techniques like password spray, phishing, or malware were used to compromise user credentials and gave the attacker critical access to the customer network. On-premises identity systems are more vulnerable to these common attacks because they lack cloud-powered protections like password protection, recent advances in password spray detection, or enhanced AI for account compromise prevention.
  • Again, in cases where the actor succeeded, highly privileged vendor accounts lacked protections such as MFA, IP range restrictions, device compliance, or access reviews. In other cases, user accounts designated for use with vendor software were configured without MFA or policy restrictions. Vendor accounts should be configured and managed with the same rigor as used for the accounts which belong to the organization.
  • Even in the worst case of SAML token forgery, excessive user permissions and missing device and network policy restrictions allowed the attacks to progress. The first principle of Zero Trust is to verify explicitly—be sure you extend this verification to all access requests, even those from vendors and especially those from on-premises environments.

Cloud identity, like Azure Active Directory (Azure AD), is simpler and safer than federating with on-premises identity. Not only is it easier to maintain (fewer moving parts for attackers to exploit), your Zero Trust policy should be informed by cloud intelligence. Our ability to reason over more than eight trillion signals a day across the Microsoft estate coupled with advanced analytics allows for the detection of anomalies that are very subtle and only detectable in very large data sets. User history, organization history, threat intelligence, and real-time observations are an essential mechanism in a modern defense strategy. Enhance this signal with endpoint health and compliance, device compliance policies, app protection policies, session monitoring, and control, and resource sensitivity to get to a Zero Trust verification posture.

For customers that use federation services today, we continue to develop tools to simplify migration to Azure AD. Start by discovering the apps that you have and analyzing migration work using Azure AD Connect health and activity reports.

Least privileged access

Zero Trust: Microsoft Step by Step

Least privileged access helps ensure that permissions are only granted to meet specific business goals from the appropriate environment and on appropriate devices. This minimizes the attacker’s opportunities for lateral movement by granting access in the appropriate security context and after applying the correct controls—including strong authentication, session limitations, or human approvals and processes. The goal is to compartmentalize attacks by limiting how much any compromised resource (user, device, or network) can access others in the environment.

With Solorigate, the attackers took advantage of broad role assignments, permissions that exceeded role requirements, and in some cases abandoned accounts and applications which should have had no permissions at all. Conversely, customers with good least-privileged access policies such as using Privileged Access Workstations (PAW) devices were able to protect key resources even in the face of initial network access by the attackers.

Assume breach

Our final principle is to Assume Breach, building our processes and systems assuming that a breach has already happened or soon will. This means using redundant security mechanisms, collecting system telemetry, using it to detect anomalies, and wherever possible, connecting that insight to automation to allow you to prevent, respond and remediate in near-real-time.

Sophisticated analysis of anomalies in customer environments was key to detecting this complex attack. Customers that used rich cloud analytics and automation capabilities, such as those provided in Microsoft 365 Defender, were able to rapidly assess attacker behavior and begin their eviction and remediation procedures.

Importantly, organizations such as Microsoft who do not model “security through obscurity” but instead model as though the attacker is already observing them are able to have more confidence that mitigations are already in place because threat models assume attacker intrusions.

Summary and recommendations

It bears repeating that Solorigate is a truly significant and advanced attack. However ultimately, the attacker techniques observed in this incident can be significantly reduced in risk or mitigated by the application of known security best practices. For organizations—including Microsoft—thorough application of a Zero Trust security model provided meaningful protection against even this advanced attacker.

To apply the lessons from the Solorigate attack and the principles of Zero Trust that can help protect and defend, get started with these recommendations:

  1. More than any other single step, enable MFA to reduce account compromise probability by more than 99.9 percent. This is so important, we made Azure AD MFA free for any Microsoft customer using a subscription of a commercial online service.
  2. Configure for Zero Trust using our Zero Trust Deployment Guides.
  3. Look at our Identity workbook for Solorigate.

Stay safe out there.

Alex Weinert

For more information about Microsoft Zero Trust please visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Using Zero Trust principles to protect against sophisticated attacks like Solorigate appeared first on Microsoft Security.

Posted in Skype for Business

January 19th, 2021 by johnacook

https://lazyadmin.nl/powershell/list-office365-mfa-status-powershell/

Posted in Skype for Business

January 19th, 2021 by João Ferreira

Four years have passed since the introduction of modern SharePoint and the modern experience continues to take over the classic features, the last victim is the search.

Starting late January 2021 classic Team sites will gradually start receiving the modern search experience, meaning that the search bar will be moved to the suite navigation bar.

Modern search experience in classic sites

To avoid service disruption there are a few exceptions to where this feature does not apply, like:

  • Classic publishing features turned on
  • Custom result types
  • Complex query rules on the default result source.

Courtesy of Microsoft in the following images you can see the differences between the classic and modern SharePoint experiences.

Classic SharePoint search experience

Classic SharePoint search experience in classic sites

Modern SharePoint search experience

Modern SharePoint search experience in classic sites

How to disable the modern SharePoint search experience

In case your site is not one of the exceptions and you still want to keep the classic search experience to prepare your users for the change you can use PnP PoweShell to disable it by doing the following:

  1. Connect to the site collection where you want to disable the modern search experience by running the cmdlet
    Connect-PnPOnline -Url "yoursiteurl" -UseWebLogin
  2. Run the following cmdlet to get it disabled
    Set-PnPSearchSettings -Scope Site -SearchBoxInNavBar ModernOnly

By executing these 2 instructions the modern search experience will be only available in modern only, this cmdlet can be executed prior the change to take place and once it is released to the tenant it will respect the preferences you have defined with PowerShell.

How to enable the modern SharePoint search experience

When prepared to embrace the modern search experience you can enable it using the same PnP PowerShell script in the following order:

  1. Connect to the site collection where you want to enable the modern search experience by running the cmdlet
    Connect-PnPOnline -Url "yoursiteurl" -UseWebLogin
  2. Run the following cmdlet to get it enabled back
    Set-PnPSearchSettings -Scope Site -SearchBoxInNavBar AllPages

To know more about how the modern and classic SharePoint search experiences can be controlled using PnP PowerShell have a look to this documentation page.

The post Get prepared for the modern search experience in classic SharePoint sites appeared first on HANDS ON SharePoint.

Posted in Skype for Business

January 19th, 2021 by Rudy Mens

One of the reports that I really miss in the Microsoft 365 Admin Center is a clear overview of the MFA status for each user. Yes, you can check it sort of under Active Users > Multi-Factor Authentication, but that is not really user-friendly. An ... Read moreGet MFA Status with PowerShell

The post Get MFA Status with PowerShell appeared first on LazyAdmin.

Posted in Skype for Business

January 19th, 2021 by trisharti

We believe that Yammer, a tool that connects people and helps build communities, has an important role to play for a sense of belonging and inclusion. And we don’t want to simply build for inclusivity, we want to celebrate it.

 

Recently Yammer introduced reactions, and next, we want to bring diverse skin tones to Yammer reactions. We want users to feel a deeper sense of representation when interacting with the new Yammer. Once you select your skin tone (settings available both on web and mobile!), you can react quickly without having to decide every time you reply!

 

Reaction Picker v2.gif

 

Yammer will be the first of the Microsoft 365 products to offer inclusive reactions. We are excited to lead the charge with other product groups at Microsoft in keeping inclusivity at the center of everything we do.

 

Inclusive for all

 

Being able to select your skin tones for reactions that you use to interact in conversations is just the first step in seeking inclusivity for Yammer. We want to build features that help all our users feel included and empowered. When designing this feature, we ensured reactions with skin-tones work on both light and dark mode, so users with varying abilities can use this feature as expected. Additionally, we looked beyond our team, to seek input from members of the various employees to ensured our proposal was honed by diverse perspectives.

 

Steps in the journey of inclusivity

 

Inclusivity is a process, in life and in products. We can take small steps in the right direction today, to build a more inclusive world for tomorrow. And I feel such a deep sense of pride, to know that we are committed to making inclusivity a way of life, through everything we do and everything we build at Yammer.


General availability starts now!

 

Inclusive reactions are starting to roll out and will be available to all users globally soon.

 

Here’s how to select a skin tone:

  1. Go to Yammer Settings (click on the gear icon on the suite header while in Yammer web; click on your avatar at the top left corner if you are on mobile).
    settings.png

  2. Click Choose your skin tone for reactions.
    skin tone reactions.jpg

  3. Select a skin tone and click OK to save your preferences.

  4. Find a conversation and hover on the like button! And voila! See your skin tone preferences the next time you select a reaction!

 

Learn more about this via our support page.

 

- Trisharti Ghosh
Trisharti Ghosh is a Product Manager at Microsoft, and is focusing on conversations in Yammer.

Posted in Skype for Business

January 19th, 2021 by Teri Seals-Dormer

The past twelve months have been a remarkable time of digital transformation as organizations, and especially digital security teams, adapt to working remotely and shifting business operations. IT leaders everywhere turned to Zero Trust approaches to alleviate the challenges of enabling and securing remote work. Using Zero Trust to secure users, data, and devices (wherever they may be) has changed from optional to a business imperative overnight.

In this short report, we surveyed IT leaders around the world to determine how they’re implementing Zero Trust practices to protect their identities and ensure their employees have secure access to resources.A clickable link to the full PDF infographic to the Zero Trust whitepaper

  1. Most IT leaders are already using Zero Trust practices with their identity management solutions. While the majority of IT leaders have already implemented Zero Trust practices into their identity and access solution, only a monitory have moved on to more advanced controls that utilize automation and AI-based threat analysis.
  2. Multi-factor authentication (MFA) and Single Sign-On (SSO) are the most common. Additionally, a majority are analyzing risk before granting access—a critical proactive step to preventing unauthorized access to corporate resources.
  3. Identities and devices are the top priority for most organizations. With employees working outside the corporate network and increasingly using personal devices, this is no surprise. However, surprisingly, the majority of IT leaders do not rate identities as the most mature component in their Zero Trust strategy.
  4. Zero Trust is still in infancy. Despite substantial growth in Zero Trust efforts over the past twelve months, only one in ten IT leaders report feeling very confident in their Zero Trust identity management roadmap.

Read the full report for more details.

If you’re looking for how to help prevent endpoints from being the weakest link in your security strategy, check out our Zero Trust deployment guidance for identities.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post How IT leaders are securing identities with Zero Trust appeared first on Microsoft Security.

Posted in Skype for Business

January 19th, 2021 by M365 Now News Feed
By Ryan Daily
The update includes enhanced sign-in options, a new task publishing feature, admin capabilities, and more.

Posted in Skype for Business

January 19th, 2021 by Mark Kashman

“When you store your data in the Microsoft Cloud, achieving compliance becomes a shared responsibility between you and Microsoft.” [tweet]
Martina Grom, co-founder of atwork and Microsoft MVP/RD.

 

What risks await without a compliance plan in place, or the tools to implement it, or the trust of partners, vendors, and employees? In one word: many. You can make risk less risky for your organization. By managing the who and what of data access, with awareness and adherence to policy, you forge a path with fewer risky business outcomes.

 

In this episode, Chris and I talk with Martina Grom (Co-founder, atwork and Microsoft MVP/RD) and Christophe Fiessinger (Principal program manager, Microsoft) about the role compliance plays in regards to information and communication governance. We dig into compliance strategy, technology like Microsoft 365 Compliance Manager, DLP, sharing, and more – with a nice dose of proven tips and tricks from two subject matter experts who know how to navigate the risky waters of security, governance, and keeping your information safe.

 

By tuning in, may you move your compliance score up many, many points.

 

Listen to podcast below at your own (minimized) risk:

 

 

Subscribe to The Intrazone podcast! And listen to episode 60 now + show links and more below.

 

Intrazone guests and co-hosts – clockwise, starting on the left: Christophe Fiessinger (principal program manager | Microsoft) [guest], Chris McNulty (director | Microsoft) [co-host], Martina Grom (co-founder atwork and Microsoft MVP/RD [guest], and little Mark Kashman (senior product manager | Microsoft) [co-host].Intrazone guests and co-hosts – clockwise, starting on the left: Christophe Fiessinger (principal program manager | Microsoft) [guest], Chris McNulty (director | Microsoft) [co-host], Martina Grom (co-founder atwork and Microsoft MVP/RD [guest], and little Mark Kashman (senior product manager | Microsoft) [co-host].

Links to important on-demand recordings and articles mentioned in this episode:  

 

Subscribe today!

Listen to the show! If you like what you hear, we'd love for you to Subscribe, Rate and Review it on iTunes or wherever you get your podcasts.

 

Be sure to visit our show page to hear all the episodes, access the show notes, and get bonus content. And stay connected to the SharePoint community blog where we’ll share more information per episode, guest insights, and take any questions from our listeners and SharePoint users (TheIntrazone@microsoft.com). We, too, welcome your ideas for future episodes topics and segments. Keep the discussion going in comments below; we’re hear to listen and grow.

 

Subscribe to The Intrazone podcast! And listen to episode 60 now.

 

Thanks for listening!

The SharePoint teams want you to unleash your magic, creativity, and productivity – and be compliant about it all. And we will do this, together, one compliance score point at a time.


The Intrazone links

+ Listen to other Microsoft podcasts at aka.ms/microsoft/podcasts.

 

Left to right [The Intrazone co-hosts]: Chris McNulty, director (SharePoint, #ProjectCortex – Microsoft) and Mark Kashman, senior product manager (SharePoint – Microsoft).Left to right [The Intrazone co-hosts]: Chris McNulty, director (SharePoint, #ProjectCortex – Microsoft) and Mark Kashman, senior product manager (SharePoint – Microsoft).

The Intrazone, a show about the Microsoft 365 intelligent intranet (https://aka.ms/TheIntrazone)The Intrazone, a show about the Microsoft 365 intelligent intranet (https://aka.ms/TheIntrazone)

Posted in Skype for Business

January 19th, 2021 by Microsoft_Teams_team

Remote and hybrid work has become the new norm for many employees across the globe as day-to-day collaboration continues to be accomplished virtually. With this shift to online communication, how can you ensure that you’re collaborating safely?


Queue Microsoft Teams! Whether you’re hosting virtual meetings, carrying out daily group and 1:1 chat, sharing documents, or coauthoring in a document in real-time - Teams enables safe and secure collaboration!


Tip 1: Control who can join your Microsoft Teams meetings directly and present

Meeting organizers can change participant settings for a specific meeting through the Meeting options web page. In Teams, go to your Calendar, select a meeting, and then select Meeting options. From here you can determine settings like who needs to be admitted to the meeting and who can bypass the lobby to join it directly. Additionally, you can decide which participants are able to join with the presenter role to present out content and who should join as standard attendees. Another helpful control for large meetings is the ability to prevent attendees from unmuting themselves – this is particularly useful when the meeting will be led by specific participants while the rest of the audience will be listening in. Note that your organization controls the default participant settings.


Tip 2: Minimize Teams meeting disruptions by muting individual or all meeting attendees

In order to prevent meeting disruptions, intentional or accidental, as a meeting organizer you have the ability to mute individual attendees or all meeting attendees. If an attendee happens to leave their microphone unmuted while being away, you can easily mute that participant from the participant pane. During large meetings led by designated speakers, such as a town hall or lecture, the ability to mute all attendees ensures your presenters won’t be accidentally interrupted.


Tip 3: Determine who can present content or share their screen in your Teams meeting

As the meeting organizer, you can determine who has the ability to present out content or share their screen within the meeting. Prior to the meeting start, we discussed above how this can be accomplished via Meeting options. Once your meeting has begun, you can select a participant via the participant pane to determine whether they have the presenter role or are a standard attendee. This can be especially useful when you have outside participants attending your meeting who may only need the presenter role temporarily.


Tip 4: End your Teams meeting for everyone in attendance at once

As the meeting organizer, sometimes the meeting needs to end at your discretion without allowing participants to remain. Ending a meeting for all attendees is often applicable in large-meeting settings such as a town hall, lecture, or webinar class to ensure attendees don’t remain in the meeting. Once a meeting has wrapped up, instead of clicking Leave, select the dropdown located next to it and click End Meeting. You can also access this by going into your meeting controls, click more options (...) , and select End Meeting. This will end and close the meeting for everyone in attendance.


Tip 5: Create a team with increased security

If any of the content stored or discussed within the team may be considered business sensitive, such as financial details or classified project information, it’s best practice to apply increased protections to that team to ensure the content security. This can be accomplished by creating a new team and applying an IT-created sensitivity label. When applying a sensitivity label to your team, it automatically applies the configured protections to the team.


When creating a new team, on the sensitivity and privacy pane select the dropdown under Sensitivity to select an IT-created sensitivity label to apply to the team. As a reminder, it’s always best to check with your organization or IT department on how sensitive business information should be stored.


Tip 6: Create a private channel

Sometimes you need to share sensitive information within a team to specified team members only, such as project details or strategic planning, that doesn’t require holistic team protection. Rather than creating a new team, you can create a private channel within an existing team that is only accessible to designated members. This is a great way to provide a security layer to protect sensitive business information without creating a new team.

Create a Private Channel.png

 

To create a private channel, go to the team and choose more options (...) and select Add channel. After providing a name and description, under Privacy select the dropdown arrow to specify the channel is Private – Accessible only to a specific group of people within the team. Once created, you can add additional private channel owners and up to 250 members. As a reminder, it’s always best to check with your organization or IT department on how sensitive business information should be stored.


Tip 7: Help protect sensitive data in Teams
Microsoft Teams supports data protection policies to help protect sensitive information from being accidentally or inadvertently shared. When collaborating in a Teams 1:1 or channel chat, you may have a message return as blocked if that message contains information that meets your organization’s sensitive information policy.

Message Blocked.png

 

If your message is blocked, within that blocked message you may see a clickable link that says What can I do? If you click that link, a helpfully policy tip created by your organization will display educating you on why content within that message is considered business sensitive. Policy tips are designed to help the sender understand why certain content is considered business sensitive or is best practice not to share.

 

 

We hope that these safe online collaboration tips will help you remain productive while having the confidence you’re remaining secure.

Posted in Skype for Business

January 19th, 2021 by Pieter Veenstra
Have you tried the experimental version of Filter query in the SharePoint Get Items action in Power automate yet? Filter Query in Get Items In this post I will look ... read the filter-query-get-items-power-automate post

Posted in Skype for Business