Friday, July 28, 2017

NPS Extension for Azure MFA reaches general availability !

Customers who wanted to secure on-premises clients such as VPN are required to to deploy MFA Servers on-premises, Since Cloud-based MFA services like Azure AD have not traditionally supported RADIUS authentication. Microsoft team announced the availability of "Network Policy Server (NPS) extension for Azure MFA"  this February 2017 as a Public Preview, that adds cloud-based MFA capabilities to your authentication infrastructure using your existing servers without the need of On premises MFA Servers specifically deployed for the purpose of securing VPN connections with MFA.

You can read about the announcement here: Azure AD News: Azure MFA cloud-based protection for on-premises VPNs is now in public preview!

This Week Microsoft team announced the General Availability of "NPS Extension for Azure MFA" inside the "Cloud Platform Release Announcements" blog post.

Access the announcement blog post here: Cloud Platform Release Announcements for July 26, 2017

You can review the below Technical documentation to know more on this feature and plan your deployment.

Access the Technical documentation here: Integrate your existing NPS infrastructure with Azure Multi-Factor Authentication

For advanced scenarios refer here: Advanced configuration options for the NPS extension for Multi-Factor Authentication

Also review the excellent blog post from MVP Freek Breson to know how you can Secure the RD Gateway with MFA using the new NPS extension for Azure MFA. Organizations deployed MFA servers On premises or in IAAS environments for the purpose of securing Remote desktop connections with MFA can now take the advantage of this new extension to leverage Azure MFA and remove the MFA servers.

Read here : Securing RD Gateway with MFA using the new NPS Extension for Azure MFA!

Access the latest Technical documentation here: Integrate your Remote Desktop Gateway infrastructure using the Network Policy Server (NPS) extension and Azure AD

Additionally, read another related blog post here : How to Configure Azure MFA as Citrix NetScaler RADIUS using the new NPS Extension

You can take the advantage of Conditional Access once you use start to leverage Azure MFA with this new Extension, review the below Support discussion to know more in detail

Review here: Conditional access for NPS extension for Azure  
Stay tuned for more updates...

Sunday, July 23, 2017

Let's Learn About DevOps

"DevOps" is the new buzzword for many people and many are eager to know what is DevOps? and How it changes today's traditional IT approach, and how it benefits Business Organizations etc. and to know this you have ton of resources available now in the Online Communities.

DevOps ensures both Development and Operations team work together effectively by breaking the "Wall of Confusion" that affects the efficiency of delivering services. DevOps is a cultural change inside the Organization that requires proper planning, training and implementation, and many Organizations have already started to embrace DevOps, and having good knowledge on this new ways of working is essential for every IT Pro today.

When I started learning about DevOps I came across few great resources available from Microsoft and thought of writing this blog post to refer you to begin your DevOps Journey. Some of you would already came across these resources and for some it could be new and beneficial.

Lets begin...

Microsoft Virtual Academy team published a Blog post in the Born to Learn Community that provides references to 8 key resources to begin your DevOps Learning

  • Introduction to DevOps (on edX)
  • DevOps Dimension (on Channel 9)
  • DevOps Fundamentals (on Channel 9)
  • Building Blocks: DevOps and Enterprise Development (on MVA)
  • Modern IT: DevOps to ITIL, Creating a Complete Lifecycle for Service Management (on MVA)
  • The DevOps factory (on TechNet)
  • The DevOps blog (on TechNet)
  • Enabling DevOps Practices with Visual Studio Online Build (on MVA)

Access Blog post here: 8 Ways to Learn About DevOps

In addition to the above review few more additional resources referenced in the below IT Resources & Training space from Microsoft Tech Community.

Access here: Enhance your knowledge of the rising DevOps culture

Above resources covers most of your learning path to DevOps, in addition to this you now have the latest MVA course to know the answers for Top 10 DevOps Questions

Access the course here: Top 10 DevOps Questions Answered

If you are in to Mobile development then download the free Mobile DevOps e-Book: Mobile DevOps methodology e-book: Your Guide to Mobile DevOps

Above collection are some of the key resources curated from my end and you have much more available Online to advance your Learning.

Follow Key DevOps Twitter Handles and Enthusiasts in the Online communities to know the latest updates.

Stay tuned for more updates...

Saturday, July 22, 2017

Skype for Business Cloud Connector Edition version 2.0 now Available

Microsoft recently announced the availability of Skype for Business Cloud Connector Edition version 2.0

This new version brings the latest capabilities that lets customers integrate their existing PSTN trunks to Cloud PBX providing three modalities:

  • Authentication of the local trunk to Office 365 Cloud PBX;
  • Keep media within enterprise boundaries;
  • Negotiation of codecs between the clients and a PSTN gateway/Session Border Controller (SBC)

Also it addresses the most requested improvements by our customers including media bypass, support of 16 Cloud Connector Editions per one PSTN site, the ability to manipulate SIP headers, use of Office 365 Skype for Business accounts and more.

More updates are available in the Official announcement post in Microsoft Tech Community site: Announcing Skype For Business Cloud Connector Edition 2.0

Be sure to review the documentation references and the recorded training videos to know more.


Next Version of Cloud Connector Edition 2.1 will support Coexistence with On-Premises Skype for Business server 

Access the below Blog post from renowned MVP Tom Arbuthnot to know more: Cloud Connector Edition 2.1 with Coexistence with On-Premises Hybrid due 2017 Quarter 4, Requires SfBS CU6

Stay tuned for more updates...

Friday, July 21, 2017

MVA Learning: Optimize Your Network for Microsoft Cloud Offerings

Is your organization moving to a cloud-inclusive infrastructure or planning your Journey,  As an IT Pro, part of your responsibility is to prepare your network environments to handle the increased traffic and to create stronger infrastructures. Access the latest Microsoft Virtual Academy course to know how to optimize your Network for Microsoft Cloud Offerings.

This MVA course is based on the content in the Microsoft Cloud Networking for Enterprise Architects poster and covers the below essential topics,
  • The fundamental shift in networking for cloud-based computing
  • On-premises network path optimization
  • Optimizing intermediate systems in your network edge
  • The role and use of ExpressRoute connections
Access the Course here: Optimize Your Network for Microsoft Cloud Offerings

Review the real time case study of Microsoft's own Journey here: Driving digital transformation with modern network infrastructure

Friday, July 14, 2017

Microsoft 365 now available

During Microsoft Inspire 2017 event, Microsoft CEO Satya Nadella unveiled Microsoft 365, which brings together Office 365, Windows 10 and Enterprise Mobility + Security, delivering a complete, intelligent and secure solution to empower employees and address your Organization needs for a modern workplace.

To address the commercial needs from the largest enterprise to the smallest business, Microsoft 365 comes in two ways Microsoft 365 Enterprise and Microsoft 365 Business

Microsoft 365 Enterprise is designed for large organizations and integrates Office 365 Enterprise, Windows 10 Enterprise and Enterprise Mobility + Security to empower employees to be creative and work together, securely.

Microsoft 365 Enterprise is offered in two plans—Microsoft 365 E3 and Microsoft 365 E5. Both are available for purchase on August 1, 2017.

Microsoft 365 Business is designed for small- to medium-sized businesses with up to 300 users and integrates Office 365 Business Premium with tailored security and management features from Windows 10 and Enterprise Mobility + Security.

Microsoft 365 Business will be available in public preview on August 2, 2017. It will become generally available on a worldwide basis in the fall of 2017, priced at US $20 per user, per month.

In addition for small-to-medium sized customers, Microsoft announced the preview of three new business applications that are coming for Office 365 Business Premium and Microsoft 365 Business:

Microsoft Connections —A simple-to-use email marketing service.
Microsoft Listings —An easy way to publish your business information on top sites.
Microsoft Invoicing —A new way to create professional invoices and get paid fast.

Also Microsoft team announced new mileage tracking app, MileIQ, which is now included with Office 365 Business Premium.

Review the Microsoft Business Center support article for more updates.

Access the Official Blog post here: Introducing Microsoft 365

Read the related EMS Blog post here: Microsoft 365 and Enterprise Mobility + Security

Access the quick Microsoft 365 Overview video here: Microsoft 365 Overview and Briefing (Video)

Review real time Customer case study here: Fruit of the Loom thrives in digital era with Microsoft 365 Enterprise

Also read this great write-up from Aaron Dinnage MSFT: Unpacking Microsoft 365

Another great Blog post from "Matt Soseman's "The Productive Cloud" Blog" here: How Microsoft 365 Enables Me to Rebuild My PC over Lunch

Finally watch Microsoft Inspire 2017 on-demand Session Videos related to Microsoft Office 365 here: Inspire 2017 Microsoft 365 Session Recordings


Microsoft 365 Documentation is now available

Access here: Microsoft 365 Documentation


Deployment guide for Microsoft 365 Enterprise is now available

The Microsoft 365 Enterprise Deployment Guide steps you through the correct and required configuration of Microsoft 365 Enterprise products and features.

Access here: Microsoft 365 Enterprise deployment guide


Microsoft Opened up the public preview of its recently announced Microsoft 365 Business on August 2nd.

Access the new Microsoft Tech Community "Microsoft 365" space for the latest updates.


Microsoft 365 is the new modern workplace Solution that empowers everyone to be creative and work together,securely. Microsoft team is continuously working to add new features in to this space, and as a part of this, now you have the latest innovation -  the ability to deploy Office 365 ProPlus applications to Windows 10 devices from the cloud with Intune.

Access the Official Blog post here to know more: Deploying Office 365 ProPlus with Microsoft Intune


New Microsoft 365 Enterprise dev/test environment is now available, this dev/test environment consists of:

  • An Office 365 E5 trial subscription
  • An EMS E5 trial subscription
  • An on-premises or cloud-based computer running Windows 10 Enterprise

Access the Dev/Test environment here: New Microsoft 365 Enterprise dev/test environment

Note: This new article replaces the "Office 365 and EMS dev/test environment" article previously published.


Learn how Microsoft 365 Enterprise supports GDPR compliance through this interactive demos

Access the demos here: Microsoft GDPR Compliance Demos


Microsoft announced New capabilities in Microsoft 365 help simplify your GDPR compliance journey.

Access here to know more: New Microsoft 365 features to accelerate GDPR compliance


Get to know about the new Microsoft 365 F1 plan, This new plan is specifically designed for First Line workers, and brings together Office 365 F1 (formally K1), Windows 10 and Enterprise Mobility + Security .

Access here to know more: Maximize the impact of your Firstline Workforce


Access Microsoft Ignite 2017 Sessions on demand to know more on Microsoft 365.

Access Microsoft Ignite 2018 Sessions on demand to know the latest updates on Microsoft 365


Microsoft 365 Education is now available

Microsoft 365 Education is mainly focused for School Students and Teachers, Microsoft 365 education includes Office 365 for Education, Windows 10, Enterprise Mobility + Security, and Minecraft: Education Edition.

Access here to know more: Microsoft 365 Education


Microsoft 365 Business reached General Availability on Oct 31 2017.

Also General availability of three new business apps - Microsoft Connections, Microsoft Listings and Microsoft Invoicing—which join Microsoft Bookings, Outlook Customer Manager, and MileIQ to create a suite of capabilities to help small businesses grow and thrive. These new apps are now available in Microsoft 365 Business and Office 365 Business Premium for customers in the U.S., U.K., and Canada.

In addition, Microsoft StaffHub, an app to help Firstline Workers manage their workday, is now included in Microsoft 365 Business and Office 365 Business Premium subscriptions.

Access the Official Blog post to know more: Empower your team and safeguard your business with Microsoft 365 Business


Access the New Microsoft 365 Business Crash course e-book here: Crash course in Microsoft 365 Business


Access the new Microsoft Virtual Academy course on Microsoft 365 Business

Access the course here: Microsoft 365 Business Single Complete Solution for SMEs

Stay tuned for more updates...

Microsoft EMS support for your journey to EU GDPR compliance

Most of the you are already aware about the new European privacy law, the General Data Protection Regulation (GDPR). GDPR is due to take effect from May 2018. The GDPR imposes new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents. The GDPR applies no matter where you are located.

Microsoft provides you with right set of products and features that you can adopt to make your Organization compliant with GDPR, Access the below Microsoft Trust Center page to know more

Access here:

Be sure to review all  resources including Webinar, Products and  Services, whitepapers, Blog posts etc. and also take the Assessment to check your Organization readiness for GDPR.

This whereto post is written to point you on Microsoft Enterprise Mobility + Security (EMS), which has the right set of products, components and features that effectively supports your GDPR Compliance Journey.

Download the Whitepaper to know more: Supporting Your EU GDPR Compliance Journey With Enterprise Mobility + Security

Also review the Blog post series from Enterprise Mobility and Security Blog, with more detailed updates.

How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 1

How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 2

How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 3

How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 4

How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 5

How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 6


Access the below Microsoft Ignite 2017 Sessions on demand related to this topic.

Learn how Microsoft Enterprise Mobility + Security supports your GDPR compliance journey

GDPR and Office 365

Related Microsoft Mechanics video below

Understanding GDPR and the tools in Office 365 and beyond to help meet its requirements


Access the latest blog post how Microsoft 365 provides an Information Protection strategy to help with the GDPR Compliance.

Microsoft 365 provides an information protection strategy to help with the GDPR


Access the On-demand Webinar to know how Microsoft 365 uses first-rate security tools to help you easily protect and manage your vast data sets on the path to GDPR compliance

Access here: Streamline your path to GDPR compliance

Stay tuned for more updates...

Tuesday, July 11, 2017

Microsoft Workplace Analytics now Available !

Every Organisation's success rely on its Employees productivity for its success, Making your employees productive is not just something that is easily achievable, you need to enable them with the right tools to perform their work effectively, setup a collaboration platform that can make them engage more with one another to effectively deliver the results.

Microsoft Office 365 provides the right platform to achieve the fore said productivity for your employees by giving them the right tools and one such great tool for employees to know their personal productivity is "My Analytics" .

My Analytics helps your users understand how they collaborate with colleagues and spend their time at work. The dashboard gives them the tools that  help them to prioritize their work and spend time more effectively. Only your Employees have access to their MyAnalytics dashboard. MyAnalytics does not include any settings that provide anyone else in your organization access to the Employee's My analytics dashboard.

MyAnalytics is available as a part of Office 365 Enterprise E5 license or it can be purchased as an add-on with select Plans.

Get to know more here: Microsoft MyAnalytics personal dashboard

Its fine that you enable your employees to know and manage their Productivity, How your business leadership team know the productivity at an Enterprise level, to address this need, you now have the latest add-on for Office 365 "Microsoft Workplace Analytics"  .

Workplace Analytics leverages Office 365 collaboration data to deliver powerful new insights for enterprise productivity. It helps your business leaders understand collaboration patterns across organisations that influence productivity and employee engagement.

Workplace analytics is an add-on that can be purchased separately with any Office 365 Enterprise plan.

Access the Official Blog post here: Transform your organization with Microsoft Workplace Analytics

Get to know the Metrics for Workplace Analytics here: Metric descriptions and glossary for Workplace Analytics

Be sure to know the latest updates in the "Workplace Analytics" space in Microsoft Tech Community.

Having both My Analytics for Employees personal productivity tracking and Workplace analytics for enterprise productivity tracking , empowers your Organization to become more productive and one step a head in driving towards your Organisational goals.

Stay tuned for more updates...

Sunday, July 09, 2017

Windows AutoPilot now Available !

Microsoft team announced the availability of Windows AutoPilot a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs.

With Windows AutoPilot, IT professionals can customize the Out of Box Experience (OOBE) for Windows 10 PCs and enable end users to take a brand-new Windows 10 device and—with just a few clicks—have a fully-configured device ready for business use. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Most importantly, users can go through the process independently, without making any decisions and without needing to involve IT.

Windows AutoPilot allows you to:

  • Automatically join devices to Azure Active Directory
  • Auto-enroll devices into MDM services, such as Intune (Requires an Azure AD Premium subscription)
  • Restrict the Administrator account creation
  • Create and auto-assign devices to configuration groups based on the devices' profile
  • Customize OOBE content specific to the organization


  • Devices must be registered to the organization
  • Devices have to be pre-installed with Windows 10, version 1703 or later
  • Devices must have access to the internet
  • Azure AD premium P1 or P2
  • Microsoft Intune or other MDM services to manage your devices

Access the Official Announcement here: Delivering the Modern IT promise with Windows 10

Review this Blog post to know more on this feature: Modernizing Windows deployment with Windows AutoPilot

Access the documentation here: Overview of Windows AutoPilot

Be sure to review the Microsoft Mechanics video here: Introducing Windows AutoPilot deployment
To know more and get real time answers, Attend the Ask Microsoft Anything' (AMA) about Windows 10 management!  event on  Tuesday, July 25th, 2017 from 9:00 AM to 10:00 AM Pacific Time in the  Microsoft Tech Community -Windows 10 management space

Access the related Microsoft Ignite 2017 Sessions on demand to know more.


Watch the below Microsoft Mechanics session to know more on Windows AutoPilot from Sidd Mantri MSFT

The truth about Windows AutoPilot: The service components and how it works

Also the below  Ask Me Anything session with Michael Niehaus MSFT


New Troubleshooting articles published for Windows AutoPilot.

Troubleshooting Windows AutoPilot (level 100/200)

Troubleshooting Windows AutoPilot (level 300/400)


A new guidance documentation is now available to demo the Windows AutoPilot Deployment Program on a Virtual Machine

Demo the Windows AutoPilot Deployment Program on a Virtual Machine

Stay tuned for more updates...

Wednesday, July 05, 2017

What's new in Active Directory Federation Services 2016

Organizations using Active Directory Federation Services (AD FS) to provide Single Sign-on benefits to variety of Applications both On premises and Cloud with s secure and seamless end user experience, now with AD FS 2016 with Windows Server 2016 you have more new features added that would simplify your existing Infrastructure to provide additional Security requirements like Sign-in with Azure MFA, and advanced Access Control features like Conditional Access etc. to provide enhanced secure access to your resources with rich end user experience.

To know more on the latest features review the documentation here: What's new in Active Directory Federation Services for Windows Server 2016

Organizations already using Azure MFA server On premises once successfully moved to ADFS 2016 can directly consume Azure MFA using the in-built Azure MFA Adapter and remove the On premise MFA servers. Device based Conditional access Policies are also made available for On premises using which you can apply more granular controls in providing application access.

Take a look at the related documentation articles on Requirements, Design, Deployment guidance know more in detail and plan for your New deployment or upgrade.

If you are environment is already setup with AD FS Windows Server 2012 R2 then upgrading to AD FS 2016 with Windows server 2016 is much simplified and once your environment meets the requirement to raise the "Farm Behaviour level (FBL)" to 2016, you can take full advantage of the AD FS 2016 features.

To more on this in action review the below Microsoft Ignite 2016 session

View here: Discover whats new in Active Directory Federation and domain services in Windows Server 2016

Also read this excellent Blog post from Sam here : Choosing the right sign-in option to connect to Azure AD & Office 365


Access the latest Microsoft Ignite 2017 Session below on this topic.

View here: What's new and upcoming in AD FS to securely sign-in your users to Office 365 and other applications


Access the latest best practices guidance for Azure AD and ADFS to defend against the latest password spray attack.

Azure AD and ADFS best practices: Defending against password spray attacks

Stay tuned for more updates...

MVA Learning: Exchange Hybrid Deep Dive

Planning for migrating your On Premises Exchange Environment to Office 365 using Hybrid deployment model, now you have different options available and you can select the best one for your migration.

To know more on this you can review the latest Microsoft Virtual Academy Advanced course on 'Exchange Hybrid deep dive"  to explore full hybrid, minimal hybrid, and Express Migration to see which is the best option for your migration. Also learn about common migration myths, best practices, and deployment blockers. Plus, see what’s coming in the future of hybrid.

Access the course here: Exchange Hybrid Deep Dive

Monday, July 03, 2017

Vulnerability in Azure AD Connect !!!

After the End of Support for DirSync and Azure AD Sync this April and having a tight deadline that Azure AD will stop accepting connections from DirSync and Azure AD Sync after December 31, 2017. Most Organisations already upgraded to Azure AD Connect.

If your Organization is upgraded to AzureAD Connect you get more enhanced features bundled with the product, and if you are customer using "Password WriteBack" feature you need to aware about the new Security vulnerability identified recently and fix it promptly before your environment gets impacted.

Microsoft released the new security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability.

The update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts.

The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.

More information is available in the Security Advisory Article : Microsoft Security Advisory 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege

Review the article and validate whether your environment is impacted and perform the Remediation steps promptly, Even if your Organization is not impacted Microsoft recommends Organisations to use the latest version of Azure AD Connect.

If you cannot perform the upgrade right now, follow the Mitigation steps provided in the article to fix the issue.

If you are planning for an upgrade to the latest version (1.1.553.0) of Azure AD Connect, and you are using OU-based filtering be sure to review the below release history article and perform the outlined steps as the upgrade does not carry forward OU filtering settings if not set correctly during the upgrade process.

Review here: Azure AD Connect: Version release history - 1.1.553.0


A New version of Azure AD Connect (1.1.557.0) is now released, Review the documentation below

Review here: Azure AD Connect: Version release history - 1.1.557.0

Note: This build is not available to customers through the Azure AD Connect Auto Upgrade feature.So you need to perform a manual install.

To know more about Auto Upgrade feature review the below Excellent Blog post from MVP Jeff Guillet

Understanding Auto-Upgrade Options in Azure AD Connect


A New version of Azure AD Connect (1.1.614.0) is now released with some great features that includes support for a new installation mode called Use Existing Database. This installation mode allows customers to install Azure AD Connect that specifies an existing ADSync database

Review here: Install Azure AD Connect using an existing ADSync database


Microsoft team released AAD Connect build 1.1.654.0 (Security related Hotfix) which addresses a new security vulnerability with AAD Connect through which elevated privileges can be obtained by resetting the password for the AD DS directory synchronization account (MSOL). To address this issue you can upgrade to the new version. Microsoft also use the PowerShell Script which configures the new recommended permissions on the MSOL account and tighten the permission if you cant upgrade to the new version immediately.

Access the Release history here to know more: Azure AD Connect: Version release history - 1.1.654.0

Access the PowerShell Script here: Prepare Active Directory Forest and Domains for Azure AD Connect Sync

Also review the Excellent write-up on this topic from MVP Jeff Guillet here: Secure AAD Connect! New build 1.1.654.0 and AdSyncConfig.psm1 module is available

Stay tuned for more updates...

FastTrack for Azure Preview

Microsoft FastTrack service currently providing support for Office 365, Windows 10, EnterPrise Mobility + Security,  Dynamics 365 and now its extended to include Microsoft Azure.

Starting August 1st, 2017 FastTrack Service will include Microsoft Azure as a preview in US, Canada, and Australia. Over the coming months, Microsoft will be reviewing the results of this preview to determine how this can be roll out to other countries in the future.

Below is the extract from the Official Announcement,

FastTrack for Azure Preview

FastTrack for Azure helps customers build solutions quickly and confidently in the cloud. Our engineers work side by side with partners to guide customers, from setup, configuration, and development to production.

Starting August 1st 2017, FastTrack for Azure will provide the following solutions:

  • Backup and Archive
  • Disaster Recovery
  • Development and test
  • Internal Line of Business Applications (Database Migration, App Modernization, App Lift & Shift)

As the program evolves, we will continue to expand to the solution offerings.

During preview, FastTrack for Azure is available through Microsoft-field nomination to customers that are:

  • Located in the United States, Canada, or Australia (English-only).
  • Have an Azure project of USD $60,000 or more per year or equivalent in local currency.
  • Not supported by a Microsoft Cloud Solution Architect.
  • Aim to deploy a supported solution.
Access the FastTrack website here to begin:

stay tuned for more updates..

Sunday, July 02, 2017

Protecting your Office 365 Global Administrator accounts

Office 365 is now globally adopted to drive productivity across the Organization. As more and more features are added to the service, managing each of them requires different level of Admin access and handled by different teams across the IT Organization. Global Administrator Account is the Prime account that has the ability to manage your entire tenant and requires enhanced security.

In today's world Phishing attacks and Security breaches occurs every minute causing drastic impact to business, Having a safe environment without compromising Information Security and data protection is the priority for all Organisations. 

This post is written to point you to the Microsoft support article available that outlines the guidelines for Protecting your Office 365 Global Administrator accounts effectively.

To better protect your Office 365 subscription from attack, you must do the following right now:
  • Create dedicated Office 365 global administrator accounts and use them only when necessary.
  • Configure multi-factor authentication for your dedicated Office 365 global administrator accounts and use the strongest form of secondary authentication.
  • Enable and configure Advanced Security Management to monitor for suspicious global administrator account activity.

As  a best practice always limit the Number of Admin accounts in your tenant, not just limited to Global Admins, and also having your Admin users use their Admin Role access only when required limits the Risk. Keep track of your Admin accounts and ensure that proper Life cycle management is in place to review the usage of Admin roles.

If your Organization has already adopted Microsoft Enterprise Mobility and Security ( EMS E5) or Azure AD premium (Premium P2) you can take the advantage of "Azure AD Privileged Identity Management" to take care of the fore said best practices at ease.

You can review more information here: Start using Azure AD Privileged Identity Management

Having Just in time Admin access , Central Administration of managing Admin Roles and usage reporting etc. ensures your  Office 365 Admin accounts are more secure.

Additionally review the Security Best practices for Office 365 support article to keep your Office 365 Organization more secure for your users.