Intune - Phishing-Resistant MFA
Good Afternoon, So sorry but I'm quite novice. I am trying to merge all Intune users to phishing-resistant MFA (PR-MFA) only (excluding break-the-glass users/admins). On Entra, I do this by disabling Microsoft-Managed MFA and setting a new authentication strength with all three (PR-MFA) modalities selected as the only allowable MFA. Then, I set a conditional access policy to grant all users to access all resources only if they have PR-MFA registered, because I don't want them to use other MFA like SMS. This makes all existing users switch over and disables weaker methods (like text messages), but I can't onboard new users. I reviewed the log for a test user who I could not register, and I saw that the issue is that during registration, the passkey must already exist BEFORE the new user can set up a passkey or other PR-MFA method, which is impossible. Is there a way to let Intune use just the new user's password alone for initial PR-MFA registration?
Adding Targeted Users/Groups in Attack Simulator
Is there a setting that may have changed recently or needs to be changed that enables filtering by groups when creating a simulation. I am unable to browse our groups in our organization any longer, I can choose from other options like City, Departments, Titles, etc. but the AD groups do not populate any longer in this list when trying to add Target Users. Thank you, Jerid
Announcing quarantine release integration in Microsoft Defender for Office 365 hunting experience!!
This feature allows SecOps teams to define and better filter on messages with custom queries and take release action directly from hunting experiences - Threat Explorer, Advanced Hunting, Email summary panel, Email Entity Page, and custom detections!!
AIR Result : Email template modification
Hi, I want to change the email language for the Automated investigation and response (AIR) after a phishing report. I found the page where you can set a custom email "Body" and "Footer". This works, but I also need to change the other parts of the email or at least find a way to translate it in french. Right now, there's a mix of english and french (The body and footer I configured) but I need the whole thing to be in french. I would appreciate a hand on this issue. Thank you !! PS : See the screenshot for the part I want to translate.
Effectiveness of "Impersonation Protection" within the Standard Protection security policy
Recently we began trying to improve the overall posture of our O365 Exchange. One step of that was enabling both the Preset Security Policies. These have been enabled and I've set up Impersonation Protection on both with pretty much the same list of internal stakeholders to protect. What we appear to be seeing is that impersonation protection doesn't work for those users on Standard Protection. Support is telling me that's how it works and that I should move all of our users to Strict Protection if we want to take advantage of the Impersonation Protection. My limited tests seem to back this up, but the fact that Impersonation Protection is an available option in the Standard preset policy is baffling if it's as ineffective as it seems to be. As a test I setup a new outlook.com account with the name of the a protected user. I then sent an email to my personal Gmail account and two internal employees. The email was delivered to the Gmail account (expected) and to the 'Standard' employee. The email to the 'Strict' employee was quarantined with a note about impersonation. For the 'Standard' employee it was allowed with the note "Allowed by user policy : Trusted recipient address list". I verified the external address is not in the 'Standard' user's Safe Sender list. Are others seeing this behavior as well?
Archive Email Search across all emails going back 3 years or more
Hi, In Mimecast I am able to perform an archive search on emails very quickly (less than 10 seconds) and easily being able to go back 5-10 years (we have a retention of 10yrs for Mimecast) How can I do this with the 365 tooling that I have within the E5 license scope. In Explorer in the Defender portal, I can only go back 30 days, so want to know how I would go about doing this for say 3-5yrs using Microsoft tools. Example, I want to look for any emails from joe.bloggs@gmail sent to any of our users going back 3 or 5yrs without having to do a full eDiscovery each time which is extremely time consuming. Do Microsoft have any plans to have a similar way to easily search through all corporate email quickly and efficiently as it really seems like a no-brainer product that Microsoft could give to their users, and would mean they wouldn't have to rely on third-party tooling to do this in a field where Microsoft really should be stronger. I asked the same question the other day on reddit as I was hoping that I was missing something, but it seems that it is a feature that is lacking at the moment. Thought I would also raise the question here as well in the hope that someone has a suggestion of what we could use that may work and would be faster than a full blown eDiscovery, or maybe even get the attention of someone at MS that has the ability to create such a needed feature.
