Forum Widgets
Latest Discussions
Attack Simulation - Copy to SOC Mailbox
Hello Community! Currently we are using Knowbe4 to simulate phishing campaigns. We are evaluating the Microsoft E5 Attack simulation. One problem that I cannot figure out with the MSFT version is as follows: I have the SOC mailbox setup to send phishing emails to a shared mailbox for triage (I have it setup to not forward to Microsoft) When I create an attack simulation, and folks report the phish, I still get a copy of it in the phishing mailbox (I send these out monthly to thousands of people so I would prefer not to have a copy) I have looked at the email headers, and there is nothing in them that I can create a custom rule for. Has anyone been able to filter out attack simulation emails, while still receiving normal user reported emails in the SOC mailbox? Any advice appreciated. Em
Block Anonymous Access to Teams without GSA
Documentation states that anonymous access to Teams and Sharepoint can be blocked on the data plane with TrV2 through GSA. Testing TrV2 with a browser extension (Modheader) to inject the TrV2 header I found that injecting this header also to "data plane", ie Teams.microsoft.com does block anonymous access to Teams. I am wondering if this method could be safely used to block anonymous access to specific M365 service until a potential move to GSAMicrosoft Security Fun Friday Week 5! This week's game- Spot the Phish!
Hey there Security Tech Community! We're back with Week 5 of our Security Fun Fridays. This week's game is Spot the Phish! Phishing is a very common cyberattack that typically targets emails and lures victims to click phony hyperlinks that share their personal information. Below I will post 3 screenshots of example Phishing Attacks and I want you to identify the most OBVIOUS ISSUE in each one. The first 2 people to respond in the comments with all 3 correct answers will earn our new "Microsoft Security Star" Badge to add to their profile. I will give everyone until Wednesday 3/19 to guess before I reveal the correct answers and award the badges (so even if 2 people answer before you, they may not be correct). Good luck! Note: This badge is only given out during Fun Friday games or by being an outstanding member of the community, so it is very exclusive! SPOT THE PHISH!All the locations where you can find Sensitivity labels
Update (14-Mar-25): Removed Windows Explorer Here are the locations where you can find the sensitivity label of a document (if there are any that I've missed, please feel free to add it here) Sensitivity Label Button in the Document: In Office applications such as Word, Excel, and PowerPoint, you can find the Sensitivity label button on the Home tab. This button allows users to apply or view sensitivity labels directly within the document interface. (Sensitivity label app on the upper right) Document Properties > Advanced Properties Sensitivity labels can also be found in the document properties. To access this, go to File > Info > Properties > Advanced Properties. Here, you can see detailed metadata, including any applied sensitivity labels. Sensitivity Label Column in SharePoint: In SharePoint, sensitivity labels are displayed in a dedicated column. This allows users to quickly see the sensitivity level of documents stored within SharePoint libraries (Removed) Windows File Explorer: - As it was rightly pointed in the comment section, this is a roadmap item that has yet to materialise. Mobile Applications: Office mobile apps for iOS and Android also support sensitivity labels, enabling users to apply and view labels on the go. Microsoft Purview Compliance Portal: Administrators can manage and view sensitivity labels applied across the organization through the Microsoft Purview Compliance Portal. This portal is only accessible to IT admins who has the right Purview role.
Global Administrator MFA recovery not possible
Since Microsoft automatically enforced MFA on administrator role in Azure you can end up in the situation where it is no longer possible to recover your tenant. If your only account on that tenant is with Global Administrator role and you accidentally loose your MFA, the only way is to call Microsoft support. Support on the phone is automated where any question regarding Azure is redirected to visit Azure portal. If your only user cannot login then Azure portal is not accessible.
Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hello Community, In my organization, we use the Microsoft 365 environment. We have a hybrid infrastructure, but we aim to deploy as many policies as possible through Microsoft 365 (Intune, Purview, Defender, etc.). One of our goals is to limit the use of corporate devices for personal purposes. We use Outlook as our corporate email service, and we would like to block employees from signing into their personal email accounts (either via web or desktop application). Additionally, we would like to block access to other email services, such as Gmail, both via web and desktop apps. Could you provide guidance on how to achieve this? I would greatly appreciate any help or suggestions. Thank you very much! Juan RojasFile Plan/Retention Labels cannot be deleted OR found in content explorer
When we try to delete a Purview Records Management > File Plan label (or Data Lifecycle Management > Retention label), we get the following error: "You can't delete this record label because it's currently applied to items in your organization. You can use content explorer to determine which items have this label applied." (see attached image). When we go to content explorer to find the label (in this example, Bank Reconciliations), it doesn't appear to exist (see attached image). We also reviewed our Label policies and Retention policies, and the given labels are not associated with any policy that we can see. So, in result, we cannot clean up File Plan labels since we can't find and remove the association between them and policies / items. Has anyone encountered this error when deleting file plan retention labels, but then unable to find anything the label is associated with?Get $25 USD for reviewing a Microsoft Security product on Gartner Peer Insights in 2025
Turn your expertise into impact—and $25—by sharing your review of Microsoft Security products on Gartner Peer Insights. Your feedback helps other decision-makers confidently choose the right solutions and provides valuable input to improve products and services. Select a product to review: Security Copilot Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Purview Microsoft Sentinel Here’s all you need to do: To submit a product review, log in to your Gartner Peer Insights account or create a free account in seconds. Once you have completed your review, Gartner Peer Insights will prompt you to choose a gift card option. Gift cards are valued at $25 USD and are available in multiple currencies worldwide. As soon as your review is approved, the gift card will be sent to you digitally via email What makes a successful review? Choose a Product You Know Well: Pick a product you’ve used extensively to provide detailed feedback. Share Your Experience: Describe your specific user experience with the product and any outcomes you realized. Highlight Features: Note any features and capabilities that made an impact. Terms & Conditions: Only Microsoft customers are eligible; partners and MVPs are not. Offer valid for reviews on Gartner Peer Insights as linked on this page. Non-deliverable gifts will not be re-sent. Microsoft may cancel, change, or suspend the offer at any time without notice. Non-transferable and cannot be combined with other offers. Offer runs through June 30, 2025, or while supplies last. Not redeemable for cash. Taxes are the recipient's responsibility. Not applicable to customers in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and China. Please see the below for more information Microsoft Privacy Statement Gartner’s Community Guidelines & Gartner Peer Insights Review GuideMicrosoft Security Fun Friday Week 4! This week's game- FACT OR FICTION
Hey there Security Tech Community! We're back with Week 4 of our Security Fun Fridays. This week's game will be Fact or Fiction! Below are FIVE statements related to cybersecurity and it is up to YOU to determine whether the statements are Facts (true) or Fiction (false). The first THREE people to respond below in the comments with all five correct answers will earn our new "Microsoft Security Star" Badge to add to their profile. I will give everyone until TUESDAY 2/25 before I post the answer key and award the badges (so even if 3 people answer before you, they may not be correct). Good luck! Note: This badge is only given out during Fun Friday games or by being an outstanding member of the community, so it is very exclusive! STATEMENTS: An organization has deployed Microsoft 365 applications to all employees. Per the shared responsibility model, Microsoft is responsible for the accounts and identities relating to these employees. Data sovereignty is the concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed. Multifactor authentication works by requiring a user to provide multiple forms of identification to verify that they are who they claim to be. The Zero Trust model operates on the principle of “constantly be collecting information about your systems, vulnerabilities, and attacks.” Wardriving is the name of a common network attack where the cybercriminal compromises a router in the network to eavesdrop on, or alter, data.
