This post was originally published on the ModernCISO Blog, you can view the original post here

One of the misconceptions about cloud services is that you have to surrender all control when you sign-up. While it is true that you may no longer have racks of servers with blinking lights humming away in your data center, it doesn’t mean that you no longer have any visibility into how your users use and interact with the service.

Office 365 is no exception and the service includes several auditing and reporting features that can be used to track user and administrative activity within a tenant. Unfortunately, there is no singe place to view all audit logs and in some instances this functionality is not enabled by default which causes confusion. The good news is that once enabled, this audit data is available to consume directly from the Security & Compliance Center or Admin Portals without the need for a security information and event management (SIEM) platform.

Office 365 audit logs

The audit information and reports available in Office 365 can be used to effectively manage user experience, mitigate risks, and is required in many instances to fulfill compliance obligations. Audit logging is not enabled by default in Office 365 and must first be turned on in the Security & Compliance Center before audited activities can be searched.

There are two main types of activities that are tracked in the unified audit log, these are:

• Admin activities
• User activities

While mailbox audit logging in Exchange Online has been enabled by default since early 2019, only users with E5 licenses will return mailbox audit log events in audit log searches in the Security & Compliance Center. Mailbox audit log entries for users without E5 licenses can also be retrieved after mailbox auditing has been manually enabled on those individual mailboxes.

Azure Active Directory (Azure AD) also provides several reports to help keep track of user sign-in activity and security. Unlike Office 365 auditing, these are enabled by default. It is important to note that it could take 30 minutes to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search.

Log retention

When an audited activity is performed by a user or admin, an audit record is generated and stored in the Office 365 audit log. The length of time that an audit record is retained and searchable depends on your Office 365 or Microsoft 365 enterprise subscription the type of the license that is assigned to a specific user. Similarly, Azure AD activities are maintained in accordance to the Azure AD plan in use.

The takeaway

Logging is an essential part of your cloud service and can help troubleshoot user issues, mitigate risks, and fulfill compliance obligations. Office 365 includes several auditing and reporting features, however not all logging is not enabled by default. The following table provides a summary of some of the most important logging available to Office 365 administrators:

Audit Item	Location	Enabled by default	Retention
User Activity	Office 365 Security & Compliance Center	No	90 days
Admin Activity	Office 365 Security & Compliance Center	No	90 days
Mailbox	Office 365 Security & Compliance Center / Exchange Online	Yes – requires manual intervention for non-E5 users	90 days
Sign-in Activity	Azure Portal	Yes	30 days (P1/P2 only)
Users at Risk	Azure Portal	Yes	7 Days / 30 days (P1/P2)
Risky Sign-ins	Azure Portal	Yes	7 Days / 30 days (P1/P2)
Azure MFA Usage	Azure Portal	Yes	30 days

There is no denying the ever-increasing popularity of Microsoft Teams. Microsoft recently reported an unprecedented spike in Teams usage due to the ongoing COVID-19 situation, with usage rising to more than 44 million daily users - showing an increase of 12 million users over the course of just seven days. When I sat down with fellow MVPs Paul Bloem and Andrew Morpeth in Auckland, New Zealand last month, we would never have predicted the current work from home situation that most of us find ourselves in at the moment. We did however talk about their favorite new Teams features, social contracts, Teams modes and of course the adoption of various features and functionality in Teams.

A transcript of this episode can be viewed here and can also be downloaded in the following formats:

• .pdf
• .srt

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

Multi-cloud is a hot topic at the moment and in this episode we’ll talk to Rick Claus and Joey Snow - a.k.a Patch And Switch from Microsoft about this new trend. Is Azure the cloud to rule them all or is a sound multi-cloud strategy essential in today cloud world?

Be sure to check out their podcast Patch And Switch

A transcript of this episode can be viewed here and can also be downloaded in the following formats:

• .pdf
• .srt

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

Azure AD business-to-business (B2B) collaboration allows organizations to securely share applications and services with guest users from any other organization, while maintaining control over their data. In this episode we chat to returning guest Elisabeth Olson about some of the improvements in the B2B experience, the new bring your own identity functionality and she even helps Warren solve his viral account problem.

Here are some links to the admin take over process discussed during the episode:

• Take over an unmanaged directory as administrator in Azure Active Directory
• Perform an internal admin takeover in Office 365

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

docs.microsoft.com is the new home for all Microsoft documentation and Microsoft Learn is a free, online training platform that provides interactive learning for Microsoft products - There has been significant investment in these platforms in recent years. We caught up with Erin Rifkin to talk about these platforms, the success of Microsoft Learn and how they’ve grown from 80 to over 700 modules in one year.

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

This post was originally published on the ENow Software Blog, you can view the original post here

I still remember the first password I ever had; it was for my GeoCities account in the late ‘90s before they were purchased by Yahoo!. The password was a randomly generated string of six lowercase characters – that was it, no uppercase, numbers or special characters. I memorized it and thought it was great, no one would ever guess that random password – unlike the passwords my friends used, which were usually the name of their girlfriend or their nickname. By today’s standards though, it is clear that a lot has changed since then, and I’d be willing to bet that any decent authentication system would actually prevent you from using such a trivial password.

The trouble is, we have more passwords than ever before – almost everything we do today is connected to the internet in some way and requires a set of credentials. For those of us who work in technology, it comes with the territory and over time we’ve become numb to it through the use of password managers and the like. I recently helped my non-technical brother move into a new home and we had to create at least four different accounts in order to manage the smart home products that had been installed by the previous owner. You may be thinking that this all sounds like a consumer problem and many organizations have solved this problem for their end-users by making use of single sign-on (SSO) technologies and you’d be right to a certain extent. SSO doesn’t solve for human behavior though and password reuse has long been a problem. The 2019 Verizon Data Breach Investigations Report found that 80% of hacking-related breaches still involve compromised and weak credentials with 29% of all breaches involving the use of stolen credentials. A quick look at haveibeenpwned.com reveals that it currently has more than nine billion compromised passwords in its database.In 2004, Bill Gates famously predicted the demise of passwords when he said “There is no doubt that over time, people are going to rely less and less on passwords.” because “they just don’t meet the challenge for anything you really want to secure.” and while it may have taken 15 years for Bill’s prediction to come true, passwordless authentication is starting to become a reality.

What is Passwordless Authentication?

Let me start by telling you what is not - passwordless authentication does not mean that all your user objects will no longer have passwords associated with them, instead it is a type of multi-factor authentication (MFA) that replaces the traditional password with something you have with something you are (biometric) or something you know (pin) provides the second factor. Microsoft currently supports three passwordless authentication options:

• Windows Hello for Business: Supported on Windows 10 devices.
• Microsoft Authenticator app: This option is especially convenient for those organizations already making use of the Authenticator app for MFA. Users can sign in on any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric or PIN to confirm.
• FIDO2 Security keys: FIDO2 Security keys are hardware keys that are standards-based and are available in many different form factors from a number of different providers. These keys are a great option for those organizations who are unable to make use of the Authenticator app on a mobile device. FIDO2 Security keys also work on any platform.

How to get started with passwordless authentication

In this walk-through, we’ll enable passwordless authentication and configure a FIDO2 Security key for a user called John Smith. For an up to date list of supported FIDO2 Security key providers see this link.The first step required to deploy passwordless authentication is to enable the ‘Combined security information registration (preview)’ in Azure AD. To do this,

1. Sign into the Azure portal as a user administrator or global administrator.
2. Go to Azure Active Directory > User settings > Manage user feature preview settings.
3. Under Users can use preview features for registering and managing security info, you have the option of choosing to enable for a ‘Selected’ group of users which is useful for test scenarios or for ‘All‘ users.

Next, we need to enable the FIDO2 security key method:

1. Go to Azure Active Directory > Security > Authentication methods > Authentication method policy (Preview).
2. Under the FIDO2 Security Key method, select, ‘Enable’ and once again you have the option of targeting ‘All users’ or ‘Selected users’.
3. Don’t forget to Save the configuration.

The final step before being able to sign in is user registration. An important note here: If they don’t have at least one MFA method registered, they will need to add one before registering their FIDO2 Security key. To register your FIDO2 Security key:

1. Browse to https://myprofile.microsoft.com.
2. Click Security Info.
3. Click Add method and choose Security key to add a FIDO2 Security key
4. Choose USB device or NFC device.
5. Have your key ready and choose Next.
6. A box will appear and ask the user to create a PIN and perform the required gesture for the key, either biometric or touch.
7. Finally, the user will be asked to provide a meaningful name for the key so it can easily be identified if they have multiple. Click Next.
8. Click Done to complete the process.

Once user registration has been completed, the sign in process is really simple – instead of entering a password you can select the ‘Sign in with a security key’ option as shown in the brief demo below:

As you can see from the walk-through above, getting started with passwordless authentication in Azure AD is really simple, however, it should go without saying that doing this in a large organization would require careful planning and thought.

References: https://enterprise.verizon.com/resources/reports/dbir/

A move to the cloud is almost always accompanied by change. Sometimes these changes are pretty obvious and easy to grasp while other times they are more of paradigm shift - one such shift is in the way we monitor out deployments. Monitoring your tenant and supporting services won’t prevent a service problem, but it will help you to respond proactively when one occurs and let your users know about the problem before they start alerting you. In this episode we’ll talk to Justin Harris, CTO of ENow Software about how monitoring cloud services is radically different from monitoring traditional on-premises infrastructure and why it is important to get it right. We’ll also delve into the built-in tools you can use in your own Office 365 tenant and why you may way to consider augmenting those with some third-party monitoring tools.

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

Outlook for Mac has come a long way since it’s humble beginnings as Microsoft Entourage. As avid Outlook for Mac users ourselves, Nic and I were excited to sit down with Alessio and Jessica to talk about the history, the much anticipated new version of the product and how important your feedback is to the team building it!

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

Message transport in Office 365 “Just works” and is often considered to be the plumbing of the service. Despite the rise in popularity of social messaging apps, 62% of business professionals prefer email for business communications and the number of emails delivered daily worldwide is forecast to grow 18% by 2023. In this episode we chat to Kevin Shaughnessy about some of the message transport enhancements and innovation announced at Microsoft Ignite recently.

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast

Ever heard of Microsoft FastTrack? FastTrack helps customers deploy Microsoft cloud solutions - customers with eligible subscriptions can use FastTrack at no additional cost for the life of their subscription. We sat down with Jennifer Burdett from the FastTrack Team to talk about what FastTrack is, how you can make the most of this benefit and how partners can compliment this offering.

For more information on The Cloud Architects podcast, check us out on SoundCloud

• iTunes
• Stitcher
• Tunein
• Acast