In part 1, I talked about some of the basics for Conditional Access. In this blog post, I’ll walk through the technical settings to get it working for an example user I’ll call “John Tester”.

Configuring Conditional Access for “John Tester”

For the purposes of this blog post, John is an end-user who works both in and out of the Office. We’ll say John is on your sales team, and he needs to be able to access Office 365 resources from the road as well as from the office.

For this example, we’ll say that your security team has decided that users logging into Office 365 resources outside of the corporate network need to setup and use Multi-Factor Authentication, but that they don’t need to be bothered with the extra authentication steps of MFA when they are in the office.

Securing your data in Office 365 can be a challenging task. The problem is that using user names and passwords as the basis of our authentication protocols is not a very successful way to run our technology.

One of the major failings of the username and password system is that it does not include any awareness of the situation in which a user is attempting to authenticate. A user may be trying to authenticate from a new location or may be attempting to authenticate to access an unusual set of data. There are a lot of situations where it may be prudent for the authentication process to be more or less involved.

As more and more organizations move to a cloud based IT infrastructure, security is becoming more of a concern. By definition, cloud-based IT resources are available to be accessed from anywhere on multiple device types. While this convenience is valuable, it can also be dangerous.

The continuous feature release model of Exchange Online might be a boon for some, but others might consider the need for constant training to be a detriment.

We all know the cloud is there, but how does an organization determine if a move from an on-premises platform is the right one?

Many companies currently using Exchange Server cannot escape from the siren call of the cloud. Untold numbers of organizations will weigh the pros and cons of Exchange Online vs. on-premises Exchange Server. There are many reasons to move to the cloud, just as there are ones to stay put.

Intune was born as Microsoft’s Cloud based Mobile Device Management platform. Since then, it has grown into a management platform for both mobile devices and P.C.s. Intune can now manage iPhone, Android, Windows Phone, and some versions of Windows. It’s clear that Microsoft intends to grow Intune into a complete cloud-based device management platform.

The process of planning for an Intune roll out can be difficult. The features and functionality within Intune are ever evolving, so knowing how to deploy Intune effectively takes some studying. In this blog post, we’ll provide an introduction into Intune's current capabilities. We will test out what Intune can do to make your data more secure in a “Cloud First, Mobile First” world. 

Microsoft has been working on improving the message tracking experience in Office 365. In this blog post we’ll look at the new message tracking features that are available in Office 365, and compare how the new interface is different from the old message tracing feature.

Message tracking within your messaging environment is the easy part. Office 365 keeps track of messages as they move around your tenant, and it gives you access to that data. So message tracking is very useful for finding out what happened to messages that were sent to your tenant, or that were sent within your tenant.

If your familiar with my writing, you know I'm a huge proponent of Office 365 administrators learning and using PowerShell. While it may be true that some admin tasks are easier to accomplish with a GUI, I'm strongly of the opinion that doing as much as possible in PowerShell will help build invaluable skills.

To that end, I recently decided it was time for me to figure out how to manage Teams with PowerShell. In this blog post I'll walk though some common, and maybe some less common, admin tasks for Microsoft Teams using PowerShell. There will be no GUI screenshots in this post. By the end of this blog, you should be able to put together a decent Teams management script.

Keeping your cloud-based IT infrastructure secure is a constant effort. The people who want access to your data are always working on ways they can get in, so both you and Microsoft need to be working on ways to keep them out. Microsoft is aware of this responsibility, and since you are reading this blog I assume you are as well.

Security Playbooks in Azure Security Center are a new preview tool in your Azure tenant to assist with the task of keeping your data secure. Security Playbooks can help automate your response to specific security alerts as they are detected by Security Center. There are templates available, or you can create your own Playbook from scratch. Playbooks use Azure Logic Apps, so charges for that service do apply.

In this blog post, we’re going to look at the features and functionality available in the preview of Security Playbooks. We will step through setting up a playbook, and we’ll see what playbooks have to offer.

One of the best things about Office 365 is that we can always count on new features and functionality to be available. Microsoft is constantly working to improve the services already live in Office 365, as well as working to create new services. Some of the new services added do have an additional licensing fee attached, but Microsoft also adds a considerable number of features to the license SKUs already in-place.

One of the new services that has recently been added to the E3 SKUs is Microsoft Bookings. Bookings has been available within the Small Business versions of Office 365 for some time, but now you can add it to your Enterprise Office 365 tenant if you know where to look.

In this blog post, we’re going to explore how to active and use Microsoft Bookings in your Enterprise Office 365 tenant.

With the influx of cloud services integrating with on-premises products, many Exchange administrators wonder what...

The move to the cloud often means that we need to learn new ways to manage access to cloud based resources. The methods of delegating administrative control we are accustomed to on-premises are often no longer applicable to cloud-based resources.

Office 365 has long had built in admin roles that can be used to delegate levels of permissions to administrators. The screenshot below shows the current built in admin roles available in Office 365.

As Exchange administrators we tend to think about servers, networks, and datacenters. While all that is important, the end-users think of email as the client experience. In other words, is Outlook running nicely, or is it running slowly?

One of the biggest factors that influences Outlook performance is caching.

We get to work with the newest and coolest software all the time. One of the biggest selling point of Office 365 is the constant stream of new features and functionality. New builds of Exchange Online are pushed into Office 365 daily, therefore new features can show up at any time.

These constant updates do come at a cost. To date, the documentation for Office 365 has not kept up with the pace of change in the service. New features and functionality are often added into Office 365 with little to no documentation. This often means that we need to figure them out on our own.

Cross-forest permissions have long been one of the more difficult aspects of an Exchange Hybrid migration. Ensuring mailbox permissions are preserved can be a major undertaking.

Exchange Hybrid migrations did not support any sort of cross-forest mailbox permissions at first. After a couple of years Microsoft made it possible for full access permissions to work cross-premises.

Recently Microsoft has improved the cross-forest permissions story for Exchange Hybrid migrations. In this blog post, I’ll give you the information you need to set the different permissions in your Exchange Hybrid deployment.

As more IT services move to the cloud, the need for better security features will only increase. People want to be able to log in hassle-free, but organizations need strong authentication security. The fastest way for this move to cloud service to fail is going to be though a large security breach. Microsoft is aware of all these facts, and they are putting a lot of work into ensuring that logging into their cloud servers is both easy and secure.

Microsoft has been investing in security and identity features for Azure Active Directory. These new features are becoming Generally Available (GA) within Azure Active Directory. In this blog post I’m going to delve into some of the new identity protection features in Azure Active Directory.

In any IT organization there are administrative tasks that need powerful admin privileges. It's a good security practice that accounts should have the fewest permissions necessary, and only for the period of time they need them. But managing the temporary assignment of admin permissions becomes time consuming. As a result, many organizations assign them on a permanent basis, which is not ideal.

Furthermore, auditing the assignment of administrative permissions is a challenging task. Many of us have used custom scripts and third party reporting tools to keep track of permissions.