Conditional Access: Going Beyond The Username & Password Model

Since the dawn of time, or at least the dawn of computers, logging into our computer resources has been all about username and password. The username and password model has worked pretty well considering the simplicity of this model, but now it’s time to move on to better thought out authentication and authorization systems.

In this blog post I’m going to look at the current state of Conditional Access in Azure and Office 365. We’ll look at what Conditional Access is, how it works, and some of the other authentication and authorization systems interact with Conditional Access. In this blog post, I’m not so much going for a technical explanation of what buttons to click to make this or that feature work so much as a higher-level discussion of the reasons and theories behind Conditional Access.

Read More

July 2019 - Office 365 Outages

As IT Pros a major part of our responsibility is to keep our organizations IT services up and running. Historically this was a pretty straight forward job. It’s never been an easy job, but your software on your servers connected to your network makes everything straight forward. Moving services to Office 365 makes things much more complicated. How do you manage an outage for a cloud service? Is there any point to monitoring a cloud service when you can’t do anything to fix an outage?

In this blog post I’m going to look at a recent Office 365 outage and talk about what we as IT Pros should be doing to ensure that we’re helping the organizations we work for get the most out of their Office 365 subscription.

Read More

Managing Exchange Online with Azure Cloud Shell

So, the cloud, am I right? While it always nice to get away from having to worry about failed hard drives, or backups, or patches, or a million other things, the real upside to using cloud services is that the good folks at Microsoft are able to put so much more into developing new features. Even for services like Exchange that seem mature, there are always new and unexpected ways for them to evolve as part of a huge infrastructure like Office 365 and Azure.

While this blog post isn’t about new features in Exchange Online, it is about a new way to access and administer Exchange Online.

In this blog post I’m going to explore a new feature of Azure that allows for administrators to access Exchange Online in a whole new way.

Read More

How to set up Office 365 modern authentication

As Microsoft implements modern authentication across Office 365, administrators need to understand how to use and control the authentication framework to avoid disruptions.

Modern authentication is an updated set of authentication protocols and policies for Office 365 and Azure that allow improved authentication scenarios. Modern authentication is the term Microsoft uses for its version of OAuth 2.0 to utilize multifactor authentication, smart card authentication and other advanced authentication flows that were not possible with basic, or legacy, authentication.

Read More

Activating Privileged Identity Management Roles within PowerShell

As more and more organizations move to Office 365 the challenge shifts from “How do we get into Office 365?” to “How do we manage our data within Office 365?” Keeping your organization’s data secure inside the service is a major concern for many organizations, as well as for Microsoft itself.

To that end, Microsoft has put a lot of work into new features in both Office 365 and Azure that can help organizations better secure their data.  One of those features is Privileged Identity Management (PIM). PIM is a feature that allows Just in Time administrative rights to be assigned to Office 365 accounts. This means that it is no longer necessary to maintain accounts with administrator privileges always assigned. With PIM your organization can setup accounts for your Office 365 administrators that do not have administrative rights until they are needed. When an administrator in your organization needs to make changes within the service, they can request elevation of their account though an automated process.

Read More