Forum Widgets
Latest Discussions
Block Anonymous Access to Teams without GSA
Documentation states that anonymous access to Teams and Sharepoint can be blocked on the data plane with TrV2 through GSA. Testing TrV2 with a browser extension (Modheader) to inject the TrV2 header I found that injecting this header also to "data plane", ie Teams.microsoft.com does block anonymous access to Teams. I am wondering if this method could be safely used to block anonymous access to specific M365 service until a potential move to GSA
Global Administrator MFA recovery not possible
Since Microsoft automatically enforced MFA on administrator role in Azure you can end up in the situation where it is no longer possible to recover your tenant. If your only account on that tenant is with Global Administrator role and you accidentally loose your MFA, the only way is to call Microsoft support. Support on the phone is automated where any question regarding Azure is redirected to visit Azure portal. If your only user cannot login then Azure portal is not accessible.
File Plan/Retention Labels cannot be deleted OR found in content explorer
When we try to delete a Purview Records Management > File Plan label (or Data Lifecycle Management > Retention label), we get the following error: "You can't delete this record label because it's currently applied to items in your organization. You can use content explorer to determine which items have this label applied." (see attached image). When we go to content explorer to find the label (in this example, Bank Reconciliations), it doesn't appear to exist (see attached image). We also reviewed our Label policies and Retention policies, and the given labels are not associated with any policy that we can see. So, in result, we cannot clean up File Plan labels since we can't find and remove the association between them and policies / items. Has anyone encountered this error when deleting file plan retention labels, but then unable to find anything the label is associated with?Get $25 USD for reviewing a Microsoft Security product on Gartner Peer Insights in 2025
Turn your expertise into impact—and $25—by sharing your review of Microsoft Security products on Gartner Peer Insights. Your feedback helps other decision-makers confidently choose the right solutions and provides valuable input to improve products and services. Select a product to review: Security Copilot Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Purview Microsoft Sentinel Here’s all you need to do: To submit a product review, log in to your Gartner Peer Insights account or create a free account in seconds. Once you have completed your review, Gartner Peer Insights will prompt you to choose a gift card option. Gift cards are valued at $25 USD and are available in multiple currencies worldwide. As soon as your review is approved, the gift card will be sent to you digitally via email What makes a successful review? Choose a Product You Know Well: Pick a product you’ve used extensively to provide detailed feedback. Share Your Experience: Describe your specific user experience with the product and any outcomes you realized. Highlight Features: Note any features and capabilities that made an impact. Terms & Conditions: Only Microsoft customers are eligible; partners and MVPs are not. Offer valid for reviews on Gartner Peer Insights as linked on this page. Non-deliverable gifts will not be re-sent. Microsoft may cancel, change, or suspend the offer at any time without notice. Non-transferable and cannot be combined with other offers. Offer runs through June 30, 2025, or while supplies last. Not redeemable for cash. Taxes are the recipient's responsibility. Not applicable to customers in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and China. Please see the below for more information Microsoft Privacy Statement Gartner’s Community Guidelines & Gartner Peer Insights Review Guide
Attack Simulation - Copy to SOC Mailbox
Hello Community! Currently we are using Knowbe4 to simulate phishing campaigns. We are evaluating the Microsoft E5 Attack simulation. One problem that I cannot figure out with the MSFT version is as follows: I have the SOC mailbox setup to send phishing emails to a shared mailbox for triage (I have it setup to not forward to Microsoft) When I create an attack simulation, and folks report the phish, I still get a copy of it in the phishing mailbox (I send these out monthly to thousands of people so I would prefer not to have a copy) I have looked at the email headers, and there is nothing in them that I can create a custom rule for. Has anyone been able to filter out attack simulation emails, while still receiving normal user reported emails in the SOC mailbox? Any advice appreciated. EmMicrosoft Security Fun Friday Week 4! This week's game- FACT OR FICTION
Hey there Security Tech Community! We're back with Week 4 of our Security Fun Fridays. This week's game will be Fact or Fiction! Below are FIVE statements related to cybersecurity and it is up to YOU to determine whether the statements are Facts (true) or Fiction (false). The first THREE people to respond below in the comments with all five correct answers will earn our new "Microsoft Security Star" Badge to add to their profile. I will give everyone until TUESDAY 2/25 before I post the answer key and award the badges (so even if 3 people answer before you, they may not be correct). Good luck! Note: This badge is only given out during Fun Friday games or by being an outstanding member of the community, so it is very exclusive! STATEMENTS: An organization has deployed Microsoft 365 applications to all employees. Per the shared responsibility model, Microsoft is responsible for the accounts and identities relating to these employees. Data sovereignty is the concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed. Multifactor authentication works by requiring a user to provide multiple forms of identification to verify that they are who they claim to be. The Zero Trust model operates on the principle of “constantly be collecting information about your systems, vulnerabilities, and attacks.” Wardriving is the name of a common network attack where the cybercriminal compromises a router in the network to eavesdrop on, or alter, data.
Params required for Secure Score not available - AntiPhishPolicy
I have a pwsh script to configure the various threat protection policies. Has worked great. Went to run it on one tenant today, and got a number of invalid param errors. I investigated, and found that 1) The online portal doesn't list these params, they can't be set. Ex: EnableMailboxIntelligenceProtection, MailboxIntelligenceProtectionAction, EnableSimilarDomainsSafetyTips, etc They have a recommendation to configure Mailbox Protection to send to the Junk Mail folder (like everyone, which is what I've been doing for everyone). But this isn't an option for this tenant. Not on the web, or via ExchangeOnlineManagement. ``` PS C:\Users\me> Set-AntiPhishPolicy -EnableMailboxIntelligenceProtection $true Set-AntiPhishPolicy : A parameter cannot be found that matches parameter name 'EnableMailboxIntelligenceProtection'. ``` However, when I run Get-AntiPhishPolicy, those params DO return. A number of which I just can't set, but ARE Secure Score recommendations. EnableMailboxIntelligenceProtection : False EnableTargetedDomainsProtection : True EnableFirstContactSafetyTips : False EnableSimilarDomainsSafetyTips : False TargetedUserProtectionAction : Quarantine TargetedUserQuarantineTag : DefaultFullAccessPolicy MailboxIntelligenceProtectionAction : NoAction MailboxIntelligenceQuarantineTag : DefaultFullAccessPolicy TargetedDomainProtectionAction : NoAction TargetedDomainQuarantineTag : DefaultFullAccessPolicy AuthenticationFailAction : Quarantine SpoofQuarantineTag : DefaultFullAccessPolicy EnableSpoofIntelligence : True Furthermore, though this may be a temporary thing, I am unable to save any changes to the available params in the web console.Azure Sentinel Training Lab solution is no longer on Azure Marketplace
Hi folks! It appears the Azure Sentinel Training Lab solution is no longer on Azure Marketplace. Was this removed for SFI security reasons and if so what are alternative deployments for this? https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Training/Azure-Sentinel-Training-Lab
AIP Scanner - Unable to authenticate and setup Microsoft Azure Information Protection
Hi All, I'm getting stuck in below issues to test AIP Scanner. Error Set-AIPAuthentication : As I worked through below the steps I had faced the following issue and cannot move forward. https://github.com/MicrosoftDocs/Azure-RMSDocs/blob/master/Azure-RMSDocs/deploy-aip-scanner-configure-install.md or https://alberthoitingh.com/2020/07/21/azure-information-protection-scanner-2/ I have done these steps Install Win Server 2019 & SQL Express on VM Workstation. Install AIP Client Install AIP Client on PowerShell and it's running in services.msc Install-AIPScanner -SqlServerInstance AIPSCANNER\SQLEXPRESS -Profile Cluster1 Create AD on premise (GG.COM) and installed AD Connect (Express Setting) to Azure AD (testing.onmicrosoft.com) Create User on premise (aipscanner) role (Administrator) and sync to Azure AD (aipscanner@testing.onmicrosoft.com) and assigned E5 license. Login with GG\aipscanner on Win Server 2019. Get APPID, App Secret, Tenant ID from Azure Portal I tried to get the token run below the command but no ok. $pscreds = Get-Credential "testingtenant101.onmicrosoft.com\aipscanner" Set-AIPAuthentication -AppId "bac7ce5e-7a0b-40da-bb89-888888888" -AppSecret "6192e5b8-afb0-49bc-9a0e-888888888" -TenantId "623c0945-6ee5-42a1-8894-888888888" -DelegatedUser aipscanner@testing.onmicrosoft.com -OnBehalfOf $pscreds I think something wrong in authentication on-premise to azure (-DelegatedUser). Please kindly help me to move forward.New Place to Chat with the Microsoft Information Protection Team
Happy Wednesday, all! We're constantly working to provide easily accessible channels for direct interaction with our product team including feedback on how to improve your experience with our products! Moving forward, you can: talk to the Microsoft Information Protection team about our product and integrations via our Yammer Channel or provide feedback via our UserVoice Forum. You can also continue to get updates in our Microsoft Information Protection blog. Finally, we have a complete list of resources available here. If you're currently engaged in a conversation, the conversation space will be moved to the Microsoft Security and Compliance conversation space on 9/2. Feel free to comment with any questions regarding channels or informational resources.
