DougSBaker

In this video, we’ll be discussing the importance of MFA and how you can use conditional access to ensure that your organization’s accounts are properly secured. Did you know that only 26.64% of Azure AD accounts use MFA? This means that a large number of accounts are not adequately protected against unauthorized access. By implementing conditional access, you can require MFA for certain types of access and help prevent unauthorized access to your organization’s systems and data.

We’ll start by providing an overview of conditional access and explaining how it works. We’ll then demonstrate how to deploy a policy to secure your organization’s admin accounts using MFA. Whether you’re a security administrator or just want to learn more about how to protect your accounts, this video is for you. By the end of it, you’ll have a good understanding of how conditional access works and how you can use it to enhance the security of your organization’s resources.

L I N K S
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://practical365.com/azure-ad-mfa-enable-now/

C H A P T E R S
00:00 Intro
01:08 Conditional Access Overview
08:12 Create a Conditional Access Admin Policy
12:50 Video Wrap Up

The Built-in reporting engine for Purview DLP is pretty limited. However, with Power Bi, we can create custom reports that really help extend the functionality of our reporting. In this video, I do my best impression of a Power Bi Report designer and show how you can get started with PowerBi reporting.

L I N K S
Sample Report https://app.powerbi.com/view?r=eyJrIjoiN2Q3ODRhNDgtMWY1OS00MzQ3LWI4NzAtMTcxZGE1OGQ5ZTkyIiwidCI6ImRhNDQwNjI4LTAyYjAtNDY0Zi1hZjdjLTczOGMzZTZkMTAwOSIsImMiOjZ9&pageName=ReportSection

C H A P T E R S
00:00 Video Intro
01:08 Export Purview DLP Data
04:17 Import and Transform Data
08:04 Build Report
23:31 Publish to Power Bi Web
27:01 Wrap UP

SharePoint and OneDrive leave a lot to be desired in the way of default security configs. in this video, I walk through the basic options of locking down your environment so you make sure your data is protected.

C H A P T E R S
00:00 Video Intro
01:28 Sharing Controls
07:41 Security Controls
12:14 Access Controls
16:58 Wrap UP

L I N K S
Sharing Controls
https://learn.microsoft.com/en-US/sharepoint/turn-external-sharing-on-or-off

Malware Scanning
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams?view=o365-worldwide

Access from Unmanaged Devices
https://learn.microsoft.com/en-US/sharepoint/control-access-from-unmanaged-devices

This is the final video in the series on building an EDM solution using Microsoft Purview. In this video, we will set up the Sensitive Info Definition that uses EDM. I will cover creating the SIT using XML, and cover the key decisions/items that go into your policy design.

L I N K S
MSFT Doc
https://learn.microsoft.com/en-us/microsoft-365/compliance/sit-get-started-exact-data-match-create-rule-package?view=o365-worldwide#create-a-rule-package-manually

Git Hub Design
https://github.com/dougsbaker/Public-Toolbox/blob/main/o365Tools/Compliance/ExactDataMatch/DLP-Test-SIT.XML
https://github.com/dougsbaker/Public-Toolbox/blob/main/o365Tools/Compliance/ExactDataMatch/EDM-SIT-Setup.ps1

C H A P T E R S
00:00 Intro
00:41 Create an EDM SIT Rule Pack using XML
14:59 Upload Rule Pack
17:06 Test EDM SIT / Diagnosing Issues
20:45 Adding EDM SIT to Data Loss Prevention Policy
22:55 EDM Primary Match Issue testing
28:22 Wrap Up

I am back with another M365 Security Basic, this one isn’t a setting but a change in methodology. Separating your Standard user account and Admin account, and mastering your cloud admin accounts in M365.

Let me know in the comments if you separate your accounts and if you use cloud-only admins.

C H A P T E R S
00:00 Video Intro
00:58 Separate Admin Accounts
05:17 Cloud Only Admin Accounts
06:53 Wrap UP

L I N K S
Audit Cloud Synced Admins
https://github.com/dougsbaker/Public-Toolbox/blob/main/o365Tools/AzureAD/Audit-AdminSync.ps1

Alex Weinart – Protecting Microsoft 365 from on-premises attacks
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754

Best practices for Azure AD roles
https://learn.microsoft.com/en-us/azure/active-directory/roles/best-practices#8-use-cloud-native-accounts-for-azure-ad-roles

Enterprise Access Model
https://learn.microsoft.com/en-us/security/compass/privileged-access-access-model

This is the second video in the series of building out an EDM solution using Microsoft Purview. In this video, we will setup our server for uploading our EDM Content to Microsoft Purview.

L I N K S
Previous Video
https://www.youtube.com/watch?v=4-fZmj7DyPk&t=18s

C H A P T E R S
00:00 Intro
00:40 Create EDM User Account and Upload Group
02:09 Install EDM Upload Agent
04:16 Upload Agent Token Authorization
06:14 Schema Download
08:18 Hash and Upload Data
11:51 Scheduled Task Setup
16:21 Setup Upload Alerts
18:19 Wrap up

This is the first video in the series of building out an EDM solution using Microsoft Purview. In this video, we will download a test data set and I will show you how to use XML to build and upload your schema to the compliance center.

L I N K S
https://dlptest.com/sample-data/namessndob/
https://learn.microsoft.com/en-us/microsoft-365/compliance/sit-get-started-exact-data-match-create-schema?view=o365-worldwide
https://github.com/dougsbaker/Public-Toolbox/blob/main/o365Tools/Compliance/ExactDataMatch/DLP-Test-Schema.xml
https://github.com/dougsbaker/Public-Toolbox/blob/main/o365Tools/Compliance/ExactDataMatch/EDM-Schema-Setup.ps1

C H A P T E R S
00:00 Intro
01:13 Get EDM Demo Data Set
02:02 Analyze your data/ Pre Reqs
04:14 Build EDM Schema
08:38 Upload EDM Schema
10:13 Compliance Center
14:28 Wrap up

MSFT Exact Data Match is a great way to remove or limit false positives in you DLP Policy. In this video, I do a quick overview of the solution and show you the end-user experience.

L I N K S
3 part Blog Series by Sean McNeil is the best walkthough of this solution make sure to check it out.
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/implementing-microsoft-exact-data-match-edm-part-1/ba-p/1345360
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/implementing-microsoft-exact-data-match-edm-part-2/ba-p/1350483
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/implementing-microsoft-exact-data-match-edm-part-3/ba-p/1361821

C H A P T E R S
00:00 Intro
01:30 EDM Architecture Explained
05:05 End-user Experience

Back with another M365 Security basic, this time disabling ends user from application consent. This is a great way to prevent users from using non-sanctioned apps as well as prevent and limit the risk of malicious apps.

L I N K S
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-admin-consent-workflow
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/review-admin-consent-requests

Are your users experiencing MFA Fatigue? Are you worried about your employees accidentally approving a hacker’s access to your environment? Well if you are you should enable MFA Fraud Alerts in your tenant! This option from MSFT gives your end user to report fraudulent MFA, and it can automatically block a users log in.

L I N K S
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#fraud-alert