Forum Widgets
Latest Discussions
Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hello Community, In my organization, we use the Microsoft 365 environment. We have a hybrid infrastructure, but we aim to deploy as many policies as possible through Microsoft 365 (Intune, Purview, Defender, etc.). One of our goals is to limit the use of corporate devices for personal purposes. We use Outlook as our corporate email service, and we would like to block employees from signing into their personal email accounts (either via web or desktop application). Additionally, we would like to block access to other email services, such as Gmail, both via web and desktop apps. Could you provide guidance on how to achieve this? I would greatly appreciate any help or suggestions. Thank you very much! Juan RojasJuanRojasCamposFeb 11, 2025Copper Contributor1.2KViews0likes4CommentsHere's how I prepared for the Microsoft Security, Compliance, and Identity Fundamentals exam SC-900!
Dear Microsoft 365 / Azure Security Friends, What I always have to tell myself when I read Fundamentals, never underestimate an exam like this. Such exams are always a kilometer long but only 1 centimeter deep. That means a lot of topics are asked, but not how to install or configure it. What does that mean exactly? For example, a question might be structured like this: You need to capture signals from an on-premises Active Directory with a cloud solution, what do you use? The answer is Microsoft Defender for Identity. On the exam there are single choice questions and multiple choice questions (minimum 2 answers). No case studies or sliding scale questions. Now to my preparations for the exam: 1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics. https://docs.microsoft.com/en-us/learn/certifications/exams/sc-900 Please take a close look at the skills assessed: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Mr81 2. So that I can prepare for an exam I need a test environment (this is indispensable for me). You can sign up for a free trial here. https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products I chose the "Microsoft 365 Business Premium" plan for my testing. 3. Now it goes to the Microsoft Learn content. These learn paths (as you can see below, all 4) I have worked through completely and "mapped"/reconfigured as much as possible in my test environment. https://docs.microsoft.com/en-us/learn/paths/describe-concepts-of-security-compliance-identity/ https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-identity-access/ https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-security-solutions/ https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-compliance-solutions/ 4. Register for the exam early. This creates some pressure and you stay motivated. https://docs.microsoft.com/en-us/learn/certifications/exams/sc-900 5. Thomas Maurer's exam preparation information is super helpful! https://www.thomasmaurer.ch/2021/04/sc-900-study-guide-microsoft-security-compliance-and-identity-fundamentals/ 6. What you should also definitely watch is the YouTube of John Savill, really super informative! https://youtu.be/Bz-8jM3jg-8 I know you've probably read and heard this many times: read the exam questions slowly and accurately. Well, that was the key to success for me. It's the details that make the difference between success and failure. One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube! I hope this information helps you and that you successfully pass the exam. I wish you success! Kind regards, Tom Wechsler4.4KViews3likes4CommentsMicrosoft Security Fun Friday Week 2! This week's game- Security Crossword.
Hey Tech Community! We're back with Week 2 of our Security Fun Friday. The first to complete and post a screenshot in the comments of today's Security-themed Crossword Puzzle will earn our new "Microsoft Security Star" Badge to add to their profile! This badge will only be given out during these Fun Friday games or by being an outstanding member of the community, so it will be very exclusive! Also just like last week, if you have any ideas of other fun games that you would like to see in the future, please comment below. Good luck and happy solving!SolvedTrevor_RusherFeb 10, 2025Community Manager60Views0likes3CommentsAll the locations where you can find Sensitivity labels
Here are the locations where you can find the sensitivity label of a document (if there are any that I've missed, please feel free to add it here) Sensitivity Label Button in the Document: In Office applications such as Word, Excel, and PowerPoint, you can find the Sensitivity label button on the Home tab. This button allows users to apply or view sensitivity labels directly within the document interface. (Sensitivity label app on the upper right) (the bottom left will show the label applied to the document) Document Properties > Advanced Properties Sensitivity labels can also be found in the document properties. To access this, go to File > Info > Properties > Advanced Properties. Here, you can see detailed metadata, including any applied sensitivity labels. Sensitivity Label Column in SharePoint: In SharePoint, sensitivity labels are displayed in a dedicated column. This allows users to quickly see the sensitivity level of documents stored within SharePoint libraries Windows File Explorer: Sensitivity labels can be extended to Windows File Explorer, allowing users to apply and view labels directly from their file management interface. Mobile Applications: Office mobile apps for iOS and Android also support sensitivity labels, enabling users to apply and view labels on the go. Microsoft Purview Compliance Portal: Administrators can manage and view sensitivity labels applied across the organization through the Microsoft Purview Compliance Portal. This portal is only accessible to IT admins who has the right Purview role.vicwingsingFeb 10, 2025Iron Contributor2.1KViews0likes5CommentsEntra Private Access - Private DNS
Hello Everyone We are using the trial period of Entra Private access and Entra Internet Access using Global Secure Access client. We recently got the Private DNS feature within Quick Access under Global Secure Access. The moment, we added our on-premise domain suffix to create a line of sight to the DC's, access to other private apps, some of which are actually cloud web apps stopped working. The cloud app web portals won't open, RDP to servers were not working. Intermittently, we could open the portal or RDP to the server, but everything had just died down. After leaving it for more than 8 hours, the issues were still not going away, so we removed the quick access app and disabled private DNS, issue was resolved after that. Any ideas why ? Also, is there a way we could allow our on-premise user accounts to change their passwords when it expires or get those password expired notifications as we did when we used Cisco VPN. We have Azure hybrid-joined machines with GSA running in them, but users don't get password expiry notifications, nor can they change the password on the local Laptop as it can't talk to the DC's. We created an app with Kerberos port 88, LDAP 389 and 464, still password change doesn't work. Users are logging in to the Laptops with cached passwords.vbakshi123Feb 07, 2025Copper Contributor1.3KViews0likes4CommentsFile Plan/Retention Labels cannot be deleted OR found in content explorer
When we try to delete a Purview Records Management > File Plan label (or Data Lifecycle Management > Retention label), we get the following error: "You can't delete this record label because it's currently applied to items in your organization. You can use content explorer to determine which items have this label applied." (see attached image). When we go to content explorer to find the label (in this example, Bank Reconciliations), it doesn't appear to exist (see attached image). We also reviewed our Label policies and Retention policies, and the given labels are not associated with any policy that we can see. So, in result, we cannot clean up File Plan labels since we can't find and remove the association between them and policies / items. Has anyone encountered this error when deleting file plan retention labels, but then unable to find anything the label is associated with?chagedorn49Feb 05, 2025Copper Contributor86Views1like3CommentsFile plan reference Id
How do I reuse a file plan reference Id in Records Management? I have created a file plan reference Id but want to use it with a different label so I have removed it from the original label. All the fields on the Editing File plan descriptors screen are dropdown fields with values but the Reference Id is just a dropdown with the only option as "Add a new file plan descriptor reference Id." It doesn't allow me to enter anything in the field and if I try to add a new one that is the same as the one I created it gives me an error and says it already exists. Shouldn't the ones I have created and not used be in the dropdown? See attached for details.Kevin_HoytFeb 04, 2025Iron Contributor1.1KViews1like1CommentIntroducing Microsoft Security Fun Fridays! This week's game- Word Search.
Hey Tech Community! I want to introduce to you a fun new initiative I am starting on the Microsoft Security Community: The first to complete and post a screenshot in the comments of today's Security-themed Word Search will earn our brand new exclusive "Microsoft Security Star" Badge to add to their profile! This badge will only be given out during these fun game posts or by being an outstanding member of the community (more details to come). Also, if you have any ideas of other fun games that you would like to see, please comment below. Good luck and happy hunting!Trevor_RusherFeb 03, 2025Community Manager124Views3likes6CommentsQuarantine Administrator - more rights needed?
Hi everyone, i tried to deploy the new Quarantine Admin to the Admin users of our Office 365 admins. After mail enabling the user object in Exchange on prem (which is needed btw) the user can access the quarantine without error message. But no mail is shown. Logging in as a global admin (myself) i can see many mails. I followed this doc: https://docs.microsoft.com/de-de/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files Can anyone please advise. ThanksSolvedStephan GFeb 03, 2025Brass Contributor37KViews0likes5CommentsIs it possible to use Azure AD without internet
Hello Experts Mine is more of a business user kind of question and not from a technical question. We want to use some Access and Identity management system for our company (about 50 users and using mostly windows 10). Recently we were audited for some compliance and the auditor recommended a Active Directory services where we could control the users (active/inactive) and have info on what softwares have been installed on that machine. They also recommended we can use Azure AD. We tried with the Free version and it works when the PC/laptop is connected to internet. When its not connected, the users are not able to logon. Before investing or investigating further I want to check if it is possible to have Azure AD work without internet, ie can the users login to their machines even if it not connected to internet. Any help is appreciated.Solvedanand_sJan 31, 2025Copper Contributor49KViews1like8Comments
Resources
Tags
- cloud security981 Topics
- security759 Topics
- microsoft information protection516 Topics
- azure496 Topics
- information protection and governance481 Topics
- microsoft 365413 Topics
- compliance389 Topics
- microsoft sentinel335 Topics
- azure active directory240 Topics
- data loss prevention211 Topics