Forum Widgets
Latest Discussions
Tracking Critical App Actions Through Audit Events
App management audit events are captured when changes are made to Entra registered and enterprise apps. Critical app management audit events should be closely monitored to ensure that permissions are used properly and attackers haven't attempted to penetrate the tenant to extract data. This article explains how to find and analyze audit data for some critical app management audit events and run the code as an Azure Automation runbook. https://practical365.com/app-management-audit-events/
Enabling per-group MFA
We're looking, if possible, to enable MFA "per-group" and not "per-users" in the Office365 Organization. IN On-Prem AD we created group GRP-MFA and replicated it to O365 via Entra ID Connect. We used that group to select which Authentication methods are available to Group's members but then we couldn't find a way to enable MFA "per-group" but only per users. The licenses available are Microsoft 365 Business Standard Thanks SCCopying Group Membership with the Microsoft Graph PowerShell SDK
Sometimes tenants need to copy group membership from one user to another. Often PowerShell is used, but with the demise of the Azure AD module you might need to update the script that you use. Things are a little more complicated when using the Graph, but where there’s a will, there’s a way. Here’s how to use the Graph PowerShell SDK to do the job. https://office365itpros.com/2025/07/08/copy-group-membership-powershell/
synchronising outlook calendars between accounts
Hello together, I've got 2 different 365 accounts and have the Calendar in use on both. I'm searching for a possibility to sync between the two calendars so that if in one of the calendars an entry is entered, it gets synced to the calendar on the second account that gets synced as well. The other way around as well. Any ideas? br
Turning off email notifications about new comments in one certain file
Hi All! I found a solution to turn off all email notifications on new comments in my shared files (through settings on SharePoint), but it doesn't really solve my problem. In project files I work on with my colleagues, email notifications are helpful for monitoring workflows and streamline the process. At the same time, I'm an owner of yearly excel files shared with a big team in order to monitor the work on all clients and automate the visualization of it, but it gets commented on a lot and I don't need to get all of that on my Outlook. Is there any way to turn off email notifications about new comments for just one file without turning them off on all my shared files? Kind regards, Jakub BanasikCopilot Audio Overviews for OneDrive Documents
Microsoft 365 Copilot users can generate audio overviews from Word and PDF files and Teams meeting recordings stored in OneDrive for Business. Copilot creates a transcript from the file and uses the Azure Audio Stack to generate an audio stream (that can be saved to an MP3 file). Sounds good, and the feature works well. At least, until it meets the DLP policy for Microsoft 365 Copilot. https://office365itpros.com/2025/07/07/audio-overview-copilot/Implementing Privileged Identity Management (PIM): Enhancing Security Through Just-in-Time Access
Authored by: Gonzalo Brown Ruiz, Senior Microsoft 365 Engineer & Cloud Security Specialist Date: July 2025 Introduction In today’s rapidly evolving cybersecurity landscape, privileged accounts remain among the highest-value targets for attackers. Administrative privileges grant broad access to systems, configurations, and sensitive data. Mismanagement or compromise can result in catastrophic breaches, compliance violations, and operational disruptions. Microsoft Entra Privileged Identity Management (PIM) is a critical security and governance tool for any organization leveraging Entra ID (formerly Azure Active Directory). It provides just-in-time (JIT) privilege elevation, drastically reducing risk exposure while maintaining operational efficiency. Why Should Organizations Implement PIM? Traditional privilege models assign permanent, standing permissions to administrators. While convenient, this creates continuous risks: Expanded attack surface: Standing admin rights are prime targets for credential theft. Limited visibility and control: Lack of activation records hinders auditing and investigations. Non-compliance: Security standards require least privilege and JIT access. Implementing PIM enforces JIT activation, ensuring privileges are: Granted only when necessary Time-bound with automatic expiration Auditable and justifiable Protected by multi-factor authentication (MFA) and approval workflows Key Benefits of Entra PIM Enhanced Security Posture: Eliminates standing elevated privileges, minimizing lateral movement risks. Regulatory Compliance: Meets ISO 27001, PCI-DSS, NIST, and other strict privileged access requirements. Operational Accountability: Records who activated which role, when, why, and for how long. Reduced Insider Threat Risk: Ensures privileged access is intentional, reviewed, and limited. Improved Governance and Audit Readiness: Provides clear trails for internal audits, external assessments, and breach investigations. How to Use PIM Properly: Standard Activation Process 1. Access Entra PIM Log into https://entra.microsoft.com Navigate to Privileged Identity Management in the left menu. 2. View Eligible Roles Click My roles. Review roles under Azure AD roles marked as eligible. 3. Activate the Required Role Click Activate next to the needed role. Provide a business justification. Select the activation duration (up to allowed maximum). Complete MFA authentication if prompted. If approvals are required, wait for completion. 4. Confirm Activation The role will appear under Active assignments. Perform privileged tasks as needed. 5. Allow Activation to Expire Elevated access automatically expires after the activation period. Reactivate the role for future privileged tasks. Best Practice Recommendations Activate roles only when required Use minimal durations to limit exposure Provide clear, specific business justifications Monitor activation logs regularly for anomalies Educate administrators on PIM as part of security onboarding and ongoing awareness programs Conclusion Privileged Identity Management is not just a feature – it is a security imperative. Implementing PIM strengthens defenses against internal and external threats, fulfills compliance requirements, and fosters operational discipline and accountability. Empowering administrators to understand and properly use PIM ensures privileged access transforms from a high-risk liability to a controlled, auditable asset aligned with modern cybersecurity best practices. Copyright © 2025 Gonzalo Brown Ruiz. All rights reserved.
Co-pilot is resurrected Clippy on steroids. Give us ACTUAL options to remove it
I am sick and tired of spending now literal hours of my life finding the newest, most super-secret hidden ways of disabling MS's newest way to chase the dragon of monetizing some new faddish tool. Every single new iteration of their desktop products further hides the malware that is copilot. I don't WANT that intrusive pile of donkey-excrement any more than I did that equally obnoxious Frankenstein's monster's stepfather Clippy back in the Y2K era. MAKE IT SIMPLE. NO ONE WANTS THIS POS.
