It’s 2021! Well, technically it’s been 2021 for three months and it looks like many of the trends established in 2020 are continuing - not only in our daily lives but also from a cyber threat perspective. In this episode we sit down with Donovan Stevens to talk about account takeovers (ATO) - what it is, why it is something you may want to pay attention to and what you can do to help safeguard against it.

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

This post was originally published on the ENow Software Blog, you can view the original post here

There is no denying that as IT Pros we are writing more ‘code’ than ever before. I like to think of this an an evolution – If you cast your mind back 13 years to 2007 when PowerShell first made an appearance, many of us were just coming to terms with using single cmdlets to perform tasks instead of clicking GUI buttons. Over time, cmdlets became one-liners which in turn led to PowerShell scripts all the while helping us automate repetitive tasks in a predictable manner with orchestrated runbooks being a lot more commonplace today

Flavors of PowerShell

I’m sure by now you’ve heard of PowerShell – also known as ‘Desktop Edition’ and may have heard of PowerShell Core and perhaps you’re not entirely sure what the difference is. When Windows PowerShell was initially released, it was a Windows-only component. This version of PowerShell has been included with Windows since Windows 7 SP1 and is still in use today as PowerShell Version 5.1.In late 2016, PowerShell 6.0 was released, it was made open-source and cross platform so it was now available for MacOS and various Linux distributions. This version of PowerShell and its subsequent releases (currently Version 7.0.3) are often referred to as PowerShell Core.An easy way to check your PowerShell version and edition is the use the $PSVersionTable variable:

Using PowerShell with Microsoft Teams

When it comes to using PowerShell to manage Microsoft Teams, there are a couple of options:

• Microsoft Teams PowerShell Module
• Microsoft Graph PowerShell SDK

Each of these options have their benefits and drawbacks so there really isn’t a easy answer to the question “Which one should I use?” – It really is going to depend on your comfort level with PowerShell in general, the tasks you are looking to accomplish, etc. This idea with this post is to provide a succinct overview of these options to help you make the best decision for your own use case.The Microsoft Teams PowerShell Module has been around for some time now and it typically how most administrators manage Teams via PowerShell or for Teams reporting. The module works with both PowerShell 5.1 (Desktop) and PowerShell 6.2.4 (Core). There are currently some know bugs when using this module with PowerShell Core so PowerShell 5.1 is currently the recommended way to run this module. In addition, there are a few modules that are also needed to ensure a complete management solution, these are:

• SkypeOnlineConnector
• AzureAD
• Exchange Online

The AzureAD and Exchange Online modules can be installed from the PowerShell Gallery while the SkypeOnlineConnector (also known as the Skype for Business PowerShell module) currently requires a separate download. It is worth noting though that many of the SkypeOnlineConnector cmdlets are now Included in the Teams 1.1.3-preview module.To install the Teams, AzureAD and Exchange Online modules you can simply use the Install-Module cmdlet:

In order to use the Teams module, you would need to be a member of one of the following groups:

• Global Admin
• Teams Service Admin
• Teams Communications Admin
• Teams Communications Support Engineer
• Teams Communications Support Specialist

For more information about the Microsoft Teams PowerShell Module, be sure to check out the Microsoft Teams PowerShell Overview documentation here.

The Microsoft Graph PowerShell SDK is a collection of PowerShell modules that contain cmdlets for calling Microsoft Graph. This module requires a minimum of PowerShell 5.1 and works great with PowerShell core on other platforms. To install the Microsoft Graph PowerShell SDK module you can use the Install-Module cmdlet.

When using the Graph SDK module, you need to make use of fine-grained API permissions, e.g: “Directory.ReadWrite.All”, “Group.ReadWrite.All” or “User.Read.All”. These permissions are used with the “Scopes” parameter when using the Connect-Graph cmdlet.

When trying to determine the scope for your particular use case, the Microsoft Graph REST API v1.0 reference can be a really useful tool. Once you have identified the operations you would like to complete, the required scope is listed as the application permissions from least to most privileged as shown below:

Once connected, Graph SDK module cmdlets usually contain “Mg”, to see a list of all the Get- cmdlets, you can simply use the Get-Command cmdlet, eg: Get-Command Get-Mg

An example of listing all users in a tenant would be to use Get-MgUser

The Microsoft Graph PowerShell SDK is currently in preview so there is likely to be some changes with this module over time, but it is very promising and works great on other platforms like MacOS. This module also doesn’t require the installation of additional supporting modules which makes it even more useful in my book.

I have found the documentation to be somewhat lacking but do expect that to take shape as the module matures. For more information, be sure to check out the Powershell SDK for Microsoft Graph project page on Github.

2020 has been an interesting and very different year for most of us. We’re doing more things online than ever before - Microsoft recently announced that Teams reached 115 million daily active users, but this new normal extends well beyond the business world. There are countless positive stories of how technology has helped teachers connect with students or doctors connect with patients, but there are some not-so-positive consequences too. In this episode, Anna, Nic and Warren talk about Microsoft Ignite that took place recently and explore the concept of digital fatigue and how to set some boundaries (or lay your pipes) to help protect your mental health.

A transcript of this episode can be viewed here and can also be downloaded in the following formats:

• .pdf
• .srt

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

Zero Trust is a term that is thrown around a lot these days and seems to mean many different things to different folks. At its core, Zero Trust is a philosophy or security concept whereby no one is trusted by default on the network, and verification is always required from everyone attempting to access any resources. In this episode we sit down with Ashwin Pal to better understand Zero Trust, why it can be complex to adopt and how to get started on your journey.

You can download Ashwin’s white paper here: Zero Trust - Demystified

A transcript of this episode can be viewed here and can also be downloaded in the following formats:

• .pdf
• .srt

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

Microsoft Teams has seen some incredible growth in recent months as many organizations worldwide adjust to a new normal that involves a remote, work from home workforce. In late April, Microsoft announced that it had seen a 70% increase in Teams usage, increasing to more than 75 million daily active users and seeing 200 million meeting participants in a single day for the first time. In this episode, we talk to MVP Lee Ford about his experience working with Teams, adoption of Teams features such as direct routing and some really handy PowerShell scripts he’s written.

A transcript of this episode can be viewed here and can also be downloaded in the following formats:

• .pdf
• .srt

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

It’s almost time for Microsoft Ignite 2020, but this year things are going to be a little different. In this special episode, Anna Chu (a.k.a The Community Khaleesi) gives us some inside info about what to expect this year and how you can get involved! If you’re interested in being part of Ignite this year, the Microsoft Ignite Call for Moderators is now open and closes on August, 24.

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

There is no denying that the rate of change in the Microsoft Cloud in astounding. Microsoft continues to innovate and improve very rapidly with new features often being deployed weekly. Security and Compliance is understandably a huge area of focus and it can be a challenge to stay up to date with all the continuous change - this challenge requires an innovative solution. We’re excited to talk to our old friend and fellow MVP Michael Van Horenbeeck about his new book project ‘Microsoft 365 Security for IT Pros’ - a book all about Microsoft 365 Security with a monthly update cadence.

Check out Microsoft 365 Security For IT Pros here

A transcript of this episode can be viewed here and can also be downloaded in the following formats:

• .pdf
• .srt

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

This post was originally published on the ENow Software Blog, you can view the original post here

There’s a running joke in the industry at the moment that the COVID-19 pandemic has done more to drive digital transformation in organizations than any consultant, project team or CTO! While this may be a slight exaggeration, there is definitely an element of truth to it. Many organizations have historically been slow to adopt remote working practices, but the pandemic and associated lockdowns have forced organizations all over the world to change their work from home policies and accelerate the deployment of tools to support telecommuting. In fact, Microsoft recently reported a staggering increase of more than 30 million Teams users in a single month. Even more surprising is that these same organizations who were once against it are now seeing the productivity benefits and opportunity for cost-reduction and may never go back to the old ‘open-plan office’ way of working again.

As much as the pandemic has helped many organizations realize that working from home isn’t the death of productivity and drive the adoption of tools to support this new normal, it has also given bad actors a new and exciting target. Zscaler observed an increase of 30,000% in phishing, malicious websites, and malware targeting remote users since January 2020. Some of these attacks are pretty basic and are relatively easy to spot such as the example below:

Others are more sophisticated with actors often targeting an organization and registering a legitimate domain name similar to that of the target, for example conotso.com instead of contoso.com. In many instances, these domains are using trusted certificates on the spoofed login pages and even have the appropriate DNS records to ensure that email isn’t discarded as spam. These attacks also typically include impersonation and use terminology associated with working from home to encourage the victim to click the link or perform an action. The example below illustrates how this approach might be used to trick an end-user:

One particularly popular variation uses a combination of these methods in an attempt to persuade accounts payable or a procurement officer to transfer funds or make a payment to a new account. Unfortunately, I’ve heard of several of these attacks being very successful recently. These attacks are usually targeted and extremely sophisticated, often involving what appear to be the correct document templates, signatures and so forth. Here’s an example of what these attacks could look like:

How can you be safe?

You may be asking yourself, “what can I do to ensure my organization is protected from these types of attacks?” and the good news is there is a lot you can do – the better news is that you likely won’t need to spend any money or buy additional licensing to improve your security posture.

It all starts with user education. Bad actors continually evolve their methods, your training methods and user education should also be updated regularly in order to ensure your end-users are aware of how they may be targeted. If you’re not already performing simulated phishing campaigns, I would strongly encourage you to start. If you have the Office 365 Advanced Threat Protection (ATP) Plan 2 license, the Attack Simulator in ATP is a very useful tool for these simulations:

In addition to being able to identify a potential phishing attack, it is important that your end-users have a mechanism to report them and that they are taught the importance of using the reporting mechanism.

Use multifactor authentication (MFA). No, really! If you do nothing else, enable MFA on all accounts in your organization, not only the admin accounts. If you have a plan that supports conditional access, you can configure rules for when MFA is required – such as when a user attempts to connect from an untrusted network location. Even without conditional access, you can enforce MFA on all users accounts in Office 365.

Get your DNS records in order. Sender Policy Framework (SPF) records have been around for some time now and most organizations have these in some form or fashion. These records help identify which mail servers are allowed to send email on behalf of your organization. The challenge with SPF records is that they are often not restrictive enough or were put in place a long time ago and are not being maintained.Domain-based Message Authentication, Reporting, and Conformance (DMARC) records are a more recent addition to the landscape and is not as widely adopted. When used with SPF and DomainKeys Identified Mail (DKIM) to authenticate mail senders, these records can provide additional protection against spoofing and phishing email. DMARC helps receiving mail systems determine what to do with messages sent from your domain that fail SPF or DKIM checks.How does this work? An email message may contain multiple sender addresses which are used for different purposes. The “Mail From” address is used to identify the sender and specifies where to send return notices if any problems occur with the delivery of the message. This address appears in the envelope portion of an email message and is not usually displayed by your email client. The “From” address is the address displayed in the From field of your email client. This address identifies the author of the email. These addresses can be seen in the following DMARC forensic report (RUF) for a failed message:

SPF uses a DNS TXT record to provide a list of authorized sending IP addresses for a given domain. SPF checks are typically only performed against the “Mail From” address. This means that the “From” address is not authenticated when using SPF by itself and allows for a scenario where a bad actor can craft a message which passes an SPF check but has a spoofed “From” address. When DMARC is used in combination with SPF, the “From” address is also validated and this scenario can be mitigated.

Additional resources

While the benefits of DMARC are evident, many organizations find it difficult to extract actionable intelligence from DMARC reports which are typically XML files containing a large amount of IP addresses. Instead of manually parsing this massive amount of XML-based IP address data, there are many vendors who provide DMARC reporting services. Valimail is one of these vendors and they offer this service free to Microsoft Office 365 customers.

Microsoft has also published a lot of detailed information to help organizations be more proactive in protecting, detecting, and defending against attacks. I’d encourage you to check out this information as well.

In this episode we delve into Cybersecurity, something that has been very topical for many organizations as they have been forced to operate remotely during COVID-19. Our guest, Francisco Donoso helps unpack and explain some common security concepts and shares the top three things you can do to help your organization be safer in today’s cyber world.

A transcript of this episode can be viewed here and can also be downloaded in the following formats:

• .pdf
• .srt

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

This post was originally published on the ModernCISO Blog, you can view the original post here

Passwords have long been a daily part of our lives, but in today’s modern, cloud-first world the use of passwords alone leaves us increasingly more vulnerable to compromise. Large-scale data breaches are being reported more and more frequently in the media with more than 80% of hacking-related breaches involving compromised or weak credentials.

Traditional password management

Traditionally, we overcame weak passwords by implementing password complexity and expiry policies with the addition of multi-factor authentication (MFA), but these practices were not always user-friendly and were burdensome to manage. Password complexity policies make passwords more predictable and often lead to poor security practices like the old ‘password on a post–it’ scenario. Users will inevitably find the easiest, most convenient way to meet the complexity policy. The latest NIST password guidelines, published under NIST 800-63, recommend against both password complexity and password expiry. Microsoft says that MFA-enabled accounts are 99.9% less likely to be compromised, however, less than 10% of enterprise users use MFA. There is no denying that passwords are the weakest form of authentication and in order to improve our security posture and appropriately secure our digital assets we need to consider a more modern approach to authentication.

A modern approach

Passwordless authentication is a modern approach to authentication that offers improved security and better user experience. While traditional MFA requires something you know (password or PIN), something you have (smart card or token), or something you are (biometric), passwordless authentication adds convenience by replacing the traditional password with something you have – in this case a device or a security key – and also requiring something you are or something you know.

Microsoft currently offers the following three passwordless authentication options:

• Windows Hello for Business
• Microsoft Authenticator app
• FIDO2 security keys

Fast Identity Online or FIDO2 compliant security keys are standards-based cryptographic credentials that are available in many different form factors such as USB keys or NFC-enabled smartcards from several different providers. These are particularly interesting as they allow organizations to choose the technology that best suits their needs and doesn’t have specific hardware and operating system requirements.

Each of the above-mentioned authentication options offers a unique set of pros and cons, giving organizations the ability to use the method that best caters to its unique requirements. Perhaps different user personas within the organization have different needs – for example, requiring fingerprint biometrics for factory workers who use gloves all day wouldn’t be ideal, so it is possible to mix and match these options as needed.

Not a silver bullet

Enabling passwordless authentication in Azure Active Directory is fairly straightforward, however simply enabling the feature doesn’t solve all the problems associated with passwords and this causes much confusion. While passwordless authentication does a great job of straddling the line between security and convenience, it does not (yet) eliminate passwords completely from the environment. Users will still have the option of logging in with their traditional password if they so choose. It is therefore vitally important to take the following actions prior to implementing passwordless authentication:

Enable MFA

If you haven’t already implemented MFA, I would strongly recommend that you do. This change is very visible to the user community, it requires communications and end-user training which could take a considerable amount of time in large organizations. While you prepare to introduce MFA into your environment, you can dramatically improve your security posture by enabling MFA for all your privileged accounts. MFA is also a prerequisite for passwordless authentication and if you plan to use the Microsoft Authenticator app option for passwordless authentication you will have a head start since your user devices will already have the app installed.

Reduce user-visible password prompts

Implementing single sign-on (SSO) will help reduce the number of times users are prompted for their password. This will in turn will reduce the likelihood of a user surrendering their credentials during a phishing attack since users who are constantly prompted for login are conditioned to entering their credentials and don’t always take the time to examine the legitimacy of every login form. SSO also requires modern authentication methods and this will expedite the remediation of any applications that still rely on legacy authentication.

Improve your password management practices

Since user passwords are not eliminated entirely, it is important to adopt modern, up to date password guidelines such as NIST 800-63. Self-service password management capabilities should go hand-in-hand with updated password policies. Allowing users to manage and reset their own passwords will help ease the administrative burden.

Consider using tools like Azure AD password protection to ensure that users are not using weak or banned passwords.

In closing

Passwords are outdated and cannot be relied on to provide any significant form of security by themselves. Passwordless authentication is a form of multi-factor authentication that is both secure and convenient and can be implemented in different ways based on the needs of the organization. Since passwords are not currently completely eliminated from the environment, it is important that the implementation is accompanied by an up to date password policy.