Want to Avoid Accidently Deleting your Resources in Azure? It's Easier Than You Think
Sometimes, knowingly or unknowingly you might delete a resource group in Azure. In this article let's talk about how to configure Azure Resource Locking in order to protect them from being deleted or modified accidentally.
Cybersecurity Is Mission Imperative: What Nonprofits Must Learn from the 2025 Digital Defense Report
In today’s digital-first world, nonprofits depend on technology to deliver services, engage communities, and scale impact. But with that reliance comes growing risk—from identity-based attacks to AI-driven threats and cloud vulnerabilities. The 2025 Microsoft Digital Defense Report offers a strategic lens into the global cybersecurity landscape. For nonprofit leaders, it’s more than a technical document—it’s a wake-up call. Cybersecurity is no longer a back-office concern. It’s a mission-critical priority. Key Takeaways for Nonprofits: Identity is the new attack surface—protect credentials, not just systems. AI is reshaping both threats and defenses—learn to leverage it. Cloud and vendor vulnerabilities are rising—secure your digital supply chain. Resilience matters—build systems that recover quickly and train your teams. The quantum era is coming—start preparing for post-quantum cryptography. Why It Matters: Protecting data means protecting people. Embedding cybersecurity into every layer of your organization—from boardroom strategy to frontline service delivery—is essential to maintaining trust and impact. For More Information: Explore the full Microsoft Digital Defense Report 2025 for deeper insights and practical guidance. Read the full report: Microsoft Digital Defense Report 2025 To learn more and join the conversation, follow Microsoft for Nonprofits LinkedIn for updates, expert insights, and community engagement around nonprofit cybersecurity. Visit: Microsoft for NonprofitsCybersecurity Starts Here: Strong Passwords for Nonprofits
In the nonprofit world, trust is everything. Whether you're protecting donor data, safeguarding beneficiary information, or managing internal systems, your digital security matters. One of the simplest—and most powerful—ways to protect your organization is by using strong passwords. These tools form the first line of defense against cyber threats and help ensure your mission stays on track. Why Strong Passwords Matter Weak passwords are like unlocked doors—they invite trouble. Cybercriminals often exploit simple or reused passwords to gain unauthorized access, impersonate staff, steal sensitive data, or disrupt operations. A strong password acts as a digital lock: hard to guess, harder to crack. Characteristics of a strong password: At least 12 characters long A mix of uppercase, lowercase, numbers, and symbols Unique for every account Not based on personal info (no pet names, birthdays, or favorite sports teams!) Microsoft Tools That Help You Stay Secure Microsoft offers nonprofit-friendly tools to help enforce strong password policies and protect user identities: Microsoft Entra ID (formerly Azure Active Directory) Centralized identity and access management Multi-factor authentication (MFA) to prevent unauthorized logins Conditional access policies and role-based access control Microsoft 365 Security Center Monitor password-related alerts and suspicious sign-ins Enforce password expiration and complexity policies View security recommendations tailored to your organization Microsoft Defender for Endpoint Detects brute-force password attacks and credential theft Protects devices from malware and phishing attempts Integrates with Microsoft 365 for unified threat response Tips for Nonprofit Teams Building a culture of cybersecurity starts with small, consistent actions: Make it policy: Require strong passwords use across your organization Train your team: Host a lunch-and-learn or share a how-to guide on password safety Enable MFA: Add multi-factor authentication for all accounts Audit regularly: Review access and update credentials when staff roles change Clean up old accounts: Remove unused logins and shared credentials Your Mission Deserves Protection Cybersecurity isn’t just an IT issue—it’s a mission-critical priority. By adopting strong password practices, you’re taking a proactive step to protect your people, your data, and your impact. Microsoft’s ecosystem offers scalable, nonprofit-friendly tools to help you build a secure foundation—so you can focus on what matters most: serving your community.Cybersecurity 101: Protecting Your Nonprofit with Microsoft Tools
Cybersecurity isn’t just an IT concern—it’s a mission-critical priority. For nonprofits, safeguarding sensitive data, maintaining donor trust, and ensuring operational continuity are foundational to achieving impact. In an increasingly digital world, cyber threats are evolving rapidly, and nonprofits—often operating with limited resources—can be especially vulnerable. The good news? Microsoft offers a suite of powerful, easy-to-use tools designed to help nonprofits build a resilient security posture without needing a full-time IT department. What Is Cybersecurity? Cybersecurity is the practice of protecting systems, networks, and data from unauthorized access, attacks, or damage. For nonprofits, this means defending the integrity of: Donor and beneficiary information: Personal data that must be protected to maintain trust and comply with privacy laws. Financial records: From grant funding to payroll, financial data is a prime target for cybercriminals. Internal communications: Sensitive discussions around strategy, staffing, and partnerships. Program data and impact reports: Valuable insights that drive funding and stakeholder engagement. A breach in any of these areas can lead to reputational damage, legal consequences, and disruption of services—making cybersecurity a strategic imperative. Microsoft Tools That Help You Stay Secure Microsoft’s ecosystem is designed to meet nonprofits where they are—whether you're just starting your digital journey or managing complex operations across borders. Microsoft Defender Built-in protection against viruses, malware, ransomware, and phishing attacks Available across Windows devices and Microsoft 365 environments Real-time threat detection, automatic updates, and endpoint protection Microsoft Entra ID (formerly Azure Active Directory) Centralized identity and access management Multi-factor authentication (MFA) to prevent unauthorized logins Role-based access control to ensure staff and volunteers only access what they need Microsoft Purview Advanced data governance and compliance tools Helps classify, label, and protect sensitive information Supports regulatory compliance (e.g., HIPAA, GDPR) for nonprofits handling health or financial data Microsoft Outlook + Exchange Online Protection Filters out spam, phishing attempts, and malicious attachments Encryption options for secure email communication Safe Links and Safe Attachments features to prevent accidental clicks on harmful content Microsoft 365 Security Center Unified dashboard to monitor and manage security across your organization Actionable alerts and recommendations tailored to your environment Designed for ease-of-use, even for teams without dedicated IT staff Cybersecurity Best Practices for Nonprofits Technology alone isn’t enough—building a culture of security is key. Here are essential practices every nonprofit should adopt: Use strong, unique passwords and consider a password manager for staff Enable MFA on all accounts to add an extra layer of protection Educate your team on phishing, social engineering, and safe online behavior Keep software and systems updated to patch known vulnerabilities Limit access to sensitive data based on roles and responsibilities Back up data regularly using secure, encrypted methods Your Mission Deserves Protection Whether you're a small grassroots organization or a global NGO, your mission depends on trust, continuity, and resilience. Cybersecurity isn’t a luxury—it’s a necessity. Microsoft’s tools are designed to be scalable, affordable, and accessible, helping nonprofits protect what matters most: their people, their data, and their impact. By investing in cybersecurity today, you’re not just protecting your organization—you’re strengthening your ability to serve tomorrow.Know Your Risk: Using Microsoft Purview to Protect Sensitive Data
In today’s digital-first world, data is everywhere—and so are the risks. From donor records to financial reports, sensitive information flows across emails, documents, and cloud platforms. In keeping with the Cybersecurity Awareness Month theme, this is the perfect time to ask: Do you know where your sensitive data lives—and how well it’s protected? Enter Microsoft Purview, a unified data governance and compliance solution designed to help organizations discover, classify, and safeguard sensitive information across Microsoft 365 and beyond. Why Knowing Your Risk Matters Data breaches don’t just cost money—they erode trust. Whether you're a nonprofit, healthcare provider, or public sector agency, protecting sensitive data is essential to maintaining credibility and fulfilling your mission. But you can’t protect what you can’t see. That’s where Microsoft Purview comes in. What Microsoft Purview Can Do for You Discover Sensitive Data Automatically: Purview uses built-in AI and machine learning to scan your environment—emails, SharePoint, OneDrive, Teams, and more—to identify sensitive content like PII, financial data, and health records. Classify and Label Content Intelligently: With sensitivity labels and data classification policies, Purview helps you tag and track sensitive data based on its risk level and regulatory requirements. Prevent Data Loss Before It Happens: Data Loss Prevention (DLP) policies allow you to block or warn users before sensitive data is shared externally or stored in risky locations. Monitor Insider Risk and Compliance: Purview’s Insider Risk Management and Compliance Manager tools help you detect risky behavior, enforce policies, and stay audit-ready. Extend Protection Beyond Microsoft 365: Purview integrates with third-party apps and on-premises data sources, giving you a holistic view of your data landscape. Real-World Impact A global nonprofit recently used Microsoft Purview to scan thousands of documents and emails for donor information. Within days, they identified exposure risks, applied sensitivity labels, and implemented DLP policies—reducing their compliance risk by over 40%. Getting Started with Microsoft Purview 1. Set Up Your Purview Account Sign in at portal.azure.com, search for “Microsoft Purview accounts,” and click Create to begin setting up a new Purview account. Click Create to start a new Purview account. Choose your subscription, resource group, region and account name. Click Review + Create, then Create Click on Go to resource once your deployment is complete to go to the Purview account’s overview page. From there, click “Open Microsoft Purview Governance Portal” and choose either the New or Classic experience, depending on your preferred interface, to launch Purview Studio. 2. Connect and Scan Data Sources Once inside Purview Studio, navigate to the left-hand menu and select “Data Map” to open the Data Sources page. Click “Register” to add a new data source Choose from supported sources such as Azure Data Lake, SQL databases, SharePoint, Amazon S3 and more. 3. Define Governance Policies Once your data sources are connected and scanned, it's time to establish governance policies to protect and manage your sensitive information. You Can: Use sensitivity labels to classify and protect data across Microsoft 365 - Create and publish sensitivity labels | Microsoft Learn Manage access using role-based permissions in Purview’s governance portal - Access control in the classic Microsoft Purview governance portal | Microsoft Learn Create DLP policies to monitor and prevent the sharing of sensitive data - Learn about data loss prevention | Microsoft Learn Detect and respond to risky user behavior with built-in analytics and privacy controls - Learn about Insider Risk Management | Microsoft Learn Manage metadata, lineage, and governance domains across your data estate - Learn about Microsoft Purview Unified Catalog | Microsoft Learn Track regulatory requirements, assess risk, and manage improvement actions- Get started with Microsoft Purview Compliance Manager | Microsoft Learn Conclusion Cybersecurity Awareness Month is more than a reminder—it's a call to action. In a world where data moves faster than ever, visibility and control are no longer luxuries—they're necessities. Microsoft Purview empowers organizations to take charge of their data, uncover hidden risks, and build a culture of trust and resilience. Whether you're just starting your governance journey or looking to strengthen existing policies, Purview offers the tools to discover, classify, and protect sensitive information across your entire digital estate. From automated scans to intelligent labeling and real-time risk management, it's your partner in proactive data defense. This month, make cybersecurity more than a priority—make it a practice. Start with Purview. Stay secure. Lead with confidence.Strengthen Your Security Posture This October with Smarter Endpoint Protection
As organizations accelerate digital transformation, endpoints have become the frontline of defense—and the most frequent target. From phishing emails to fileless malware, attackers are exploiting gaps in visibility and response. It’s no longer enough to react after the fact. You need security that’s proactive, intelligent, and built for scale. Microsoft Defender for Endpoint delivers exactly that—combining real-time detection, automated remediation, and deep threat analytics to help you stay ahead of adversaries. Detection: Smarter Than Signature-Based Security Defender for Endpoint uses a multi-layered detection strategy that goes far beyond traditional methods: Behavioral Analysis: It monitors how apps and users behave, flagging anomalies like privilege escalation or lateral movement. Machine Learning & AI: Defender analyzes trillions of signals daily to identify patterns that indicate emerging threats—even zero-day attacks. Threat Intelligence: Backed by Microsoft’s global security graph, it detects known malware, ransomware, and nation-state tactics in real time. Endpoint Detection & Response (EDR): It continuously collects and analyzes endpoint data to surface suspicious activity and indicators of compromise. Response: Automated, Precise, and Scalable Once a threat is detected, Defender doesn’t just alert—it acts: Automated Investigation & Remediation: Defender uses AI to investigate alerts, determine root cause, and automatically contain or remove threats. Attack Timeline: Security teams get a visual map of the attack’s progression, helping them understand how it started and spread. Live Response: Analysts can remotely connect to compromised devices, run scripts, collect forensic data, and take corrective action. Integration with Microsoft Sentinel: Defender feeds threat data into your SIEM for broader visibility and correlation across your environment. Real-World Impact Take the example of a nonprofit organization targeted by a phishing campaign. Defender for Endpoint detected unusual PowerShell activity, isolated the device, and triggered an automated investigation. Within minutes, the threat was neutralized—no data loss, no downtime. Why It Matters During Cybersecurity Awareness Month, it’s the perfect time to evaluate your endpoint security. Defender for Endpoint doesn’t just detect threats—it empowers your team to respond with speed and confidence. Getting Started with Microsoft Security 1. Review Your Microsoft Secure Score - Start by assessing your current security posture in the Microsoft 365 Defender portal. Secure Score provides a prioritized list of recommendations to improve your organization's security based on real usage and configurations. Link: Assess your security posture through Microsoft Secure Score - Microsoft Defender XDR | Microsoft Learn 2. Enable Automated Investigation & Remediation (AIR) - Reduce response time and manual effort by turning on AIR. It automatically investigates alerts, determines root causes, and takes remediation actions—helping you contain threats faster. Link: Use automated investigations to investigate and remediate threats - Microsoft Defender for Endpoint | Microsoft Learn 3. Explore Threat Analytics in Defender - Threat Analytics provides expert-driven insights into emerging threats, vulnerabilities, and attack techniques—tailored to your environment. Use it to stay ahead of adversaries and understand how global threats impact your organization. Link: Threat analytics in Microsoft Defender XDR - Microsoft Defender XDR | Microsoft Learn 4. Connect Microsoft Defender to Sentinel - Integrate Defender with Microsoft Sentinel to unify your security operations. This enables centralized monitoring, advanced hunting, and automated incident response across your entire digital estate. Link: Connect Microsoft Defender XDR data to Microsoft Sentinel | Microsoft Learn This Cybersecurity Awareness Month, empower your organization to stay one step ahead of evolving threats. With Microsoft Defender for Endpoint, you gain intelligent, automated protection and deep visibility—so you can detect, respond, and neutralize risks before they turn into breaches.Empowering Nonprofits to Strengthen Digital Defenses
Did you know October is Cybersecurity Awareness Month? It’s the perfect time for nonprofits to strengthen their digital defenses and build a culture of security. This year’s theme— “Cybersecurity first, stay safe always”—is a powerful reminder to prioritize digital safety in every aspect of your mission. Whether you're protecting donor data, securing service delivery systems, or educating your team, cybersecurity is foundational to trust, resilience, and impact. What to Expect in October Throughout the month, Microsoft Elevate will be sharing a curated collection of resources designed to help nonprofit organizations build awareness, strengthen defenses, and elevate cybersecurity capabilities across their teams. Please see the resources below to explore and share with your teams: Cybersecurity Awareness Month Website - Explore best practices, infographics, videos, guidance tailored for organizations and individuals—and discover training and learning resources to build cybersecurity skills. Live: October 1, 2025 Link: https://aka.ms/CybersecurityAwareness Be Cybersmart Kit: - Infographics and tips to help your team stay secure in the age of AI. Live: October 1, 2025 Link: https://aka.ms/BeCybersmartKit Skilling Opportunities for Nonprofit Teams Cybersecurity is a shared responsibility. These free learning pathways and scholarship programs are designed to build skills and confidence across your organization: Career Essentials in Cybersecurity – LinkedIn Learning pathway with certification Link: https://aka.ms/Cyber-Pathway Securing You – MS Learn Pathway – Basics and Zero Trust modules Link: https://aka.ms/Cybersecurity_PreFundamentals Women in Cloud – Coursera access, mentorship, and certification vouchers for women in the US Link: https://aka.ms/WiC Last Mile Education Fund – Scholarships for US community college students pursuing cybersecurity careers Link: https://aka.ms/Cyber-Scholarship Why It Matters for Nonprofits Nonprofits are trusted stewards of sensitive data and critical services. Cybersecurity isn’t optional—it’s essential. By participating in Cybersecurity Awareness Month, you’re not just protecting your systems—you’re protecting your mission. A Final Word Cybersecurity isn’t just a technical priority—it’s a mission-critical responsibility. For nonprofits, safeguarding digital assets means protecting the communities you serve, the trust you’ve built, and the impact you strive to make every day. This October, let’s move beyond awareness and into action. With the right tools, training, and support, your organization can lead with confidence and resilience in an increasingly digital world. Together, we can make cybersecurity second nature—because when nonprofits stay secure, missions thrive. What’s Next As Cybersecurity Awareness Month continues, we’ll be spotlighting key insights from the upcoming Microsoft Digital Defense Report - a trusted annual resource that dives deep into emerging threats, evolving attack patterns, and actionable strategies tailored for nonprofits. This follow-up feature will offer timely intelligence to help your organization refine its security posture and stay ahead of the curve. Together, we can ensure nonprofits stay secure—so their missions continue to change lives.SharePoint and Power Apps: Managing Roles and Permissions
One of the key aspects of SharePoint security is managing permissions at the list or item level, which allows you to control who can view or edit the data. This granular control is essential for maintaining the integrity and confidentiality of sensitive information within your organization. By effectively managing permissions, you can ensure that only authorized personnel have access to specific data, thereby reducing the risk of unauthorized access. Whether you choose to restrict access to the entire list for simplicity or use item-level permissions for more advanced scenarios, SharePoint provides the tools you need to keep your data secure. Restrict Access to the Entire SharePoint List This happens in SharePoint itself, not Power Apps. You need to manage permissions at the list or item level: Go to your SharePoint site > Open the List. Click on the gear ⚙️ > List settings. Under Permissions and Management, click Permissions for this list. Stop inheriting permissions (click the ribbon command: Stop Inheriting Permissions). Remove default access groups (like "Members" or "Visitors"). Add a specific SharePoint group or individuals who should have full access —an admin or manager, not end users. End users will only interact with the list through Power Apps — they don’t need direct list access. Please keep in mind that if users need to edit entries, they must have access to the list. Without proper permissions, they won't be able to see or edit the list. The next user permissions option is ideal for users who need to edit their own entries. Use Item-Level Permissions in SharePoint This is only advisable if you can enforce it consistently: Go to List settings > Under Advanced settings. Scroll to Item-level Permissions. Choose: ✅ Read access: Only their own ✅ Create and Edit access: Only their own This works well only if users are submitting forms (e.g., time-off requests) that shouldn’t be visible to others. Prevent Users from Viewing or Editing Power App Code This is configured through Power Apps and Microsoft Admin Center. Limit Who Has Access to Edit the App In Power Apps Studio: Go to File > Share. Remove or do not add users as Co-owners. Instead, share as Users only — give them “Can use” permission. Use Environment Roles (Dataverse or Environment Scope) In the Power Platform Admin Center (https://admin.powerplatform.microsoft.com): Go to Environments > Click your environment > Security roles. Set roles so users: Are not Environment Admins or Makers. Only have User roles in production environments. Summary of What to Check: Task Where Goal Limit list access SharePoint List Settings Prevent users from directly viewing data Use item-level permissions SharePoint Advanced Settings Let users only see/edit their own submissions Limit app editing Power Apps Share Panel Ensure only owners can edit Secure environment roles Power Platform Admin Center Block access to Maker/Admin capabilitiesThe Role of Secure Sockets Layer (SSL) Certificates in Nonprofit Organizations
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. What Is an SSL? Think of an SSL as a security guard for your website. It encrypts the connection between your website and your visitors, ensuring that sensitive data—like donor names, credit card numbers, and contact details—remains private and secure. When you visit a website with an SSL, you'll notice a padlock icon in the browser's address bar and the URL starting with "[URL] of "http://." These small details signal to visitors that your site is secure and trustworthy. For nonprofits, this layer of security isn't just a nice-to-have; it's a must. Nonprofits handle sensitive donor information, from payment details to personal data. Without an SSL, you risk exposing this data to hackers, which can erode trust and harm your reputation. How to Purchase an SSL for Your Nonprofit Acquiring an SSL certificate is easier than you might think. Here’s a step-by-step guide to get you started: Determine Your Needs: Decide what type of SSL certificate works best for your organization. Options include single-domain SSLs (for one website), wildcard SSLs (for a website and its subdomains), and multi-domain SSLs (for multiple sites). Choose a Trusted Provider: Reputable SSL providers like DigiCert, GlobalSign, and Let’s Encrypt offer certificates tailored to various needs. Let’s Encrypt, for instance, provides free SSL certificates that are particularly appealing for budget-conscious nonprofits. Purchase or Obtain Your SSL: If you're opting for a paid SSL, simply purchase it from your chosen provider. For free options like Let’s Encrypt, follow the instructions on their website to generate your certificate. Install the SSL: Most hosting providers make this step straightforward. Platforms like GoDaddy, Bluehost, and SiteGround often include SSL installation as part of their hosting services. If you’re unsure, tech support teams are generally happy to assist. Test Your SSL: Once installed, check that your website is displaying the padlock icon and "[URL] the URL. You can use online tools like SSL Labs’ SSL Test for additional reassurance. SSL Implementation: Easier Than You Think Some nonprofit leaders worry that implementing an SSL might be too technical or costly. The truth? It’s neither. Most hosting providers simplify the process, offering one-click SSL installation or including SSLs as part of their hosting packages. Free options like Let’s Encrypt further reduce barriers, making SSLs accessible to organizations of all sizes. Effortless Security with Let’s Encrypt and Cert Manager For nonprofits seeking budget-friendly and straightforward solutions, Let’s Encrypt stands out as a beacon of accessibility and innovation. As a free, automated, and open certificate authority, Let’s Encrypt empowers organizations to secure their websites without incurring additional costs. With just a few simple steps, nonprofits can acquire SSL certificates that enhance their credibility and shield sensitive donor information. Pairing Let’s Encrypt with Cert Manager, an efficient tool designed to manage TLS certificates in Kubernetes clusters, further simplifies the process. Cert Manager automates the provisioning, renewal, and deployment of SSL certificates, reducing the burden on technical teams and ensuring continuous website security. Together, these tools form a powerful combination, making SSL implementation accessible to nonprofits regardless of their technical expertise. Want to dive deeper into the world of Let’s Encrypt and Cert Manager? Check out their official resources: Let’s Encrypt Documentation Cert Manager- Microsoft Learn Want to know how to add and manage an SSL certificate via Azure App Service? Click Here By leveraging these user-friendly tools, nonprofits can fortify their websites and focus on their mission without being bogged down by technical hurdles. Troubleshooting SSL Certificate Issues Even with the best setup, SSL certificates can occasionally encounter problems. For nonprofits relying on a secure site to build trust, addressing these issues promptly is essential. Here’s a guide to troubleshoot common SSL certificate issues and ensure your website remains protected: Expired Certificates Problem: SSL certificates have a limited validity period, typically ranging from 90 days (for free options like Let’s Encrypt) to a few years. If your certificate expires, browsers will display a warning, potentially deterring visitors. Solution: Log in to your SSL provider’s dashboard and check the expiration date of your certificate. Renew the certificate through your SSL provider or hosting provider. Many providers offer auto-renewal options to avoid future expirations. Reinstall the renewed certificate on your hosting platform and test the site to verify functionality. Mismatched Domain Names Problem: The SSL certificate must match the exact domain name being accessed. For example, if your certificate is issued for "www.example.org" but users visit "example.org" (without the "www"), browsers may flag the site as insecure. Solution: Check the domain name listed on your SSL certificate to ensure it matches your site’s URL. If mismatched, update the SSL certificate to include all domain variations (e.g., "www" and non-"www"). Multi-domain or wildcard SSL certificates can cover these variations. Set up a proper domain redirection (e.g., redirect "example.org" to "www.example.org") to ensure consistency in how your site is accessed. Browser Errors Problem: Visitors might encounter errors like “Your connection is not private” or “SSL certificate error” due to incorrect SSL installation or configuration. Solution: Use online tools like SSL Labs’ SSL Test to diagnose issues with your certificate setup. Ensure the entire certificate chain, including intermediate and root certificates, is installed correctly. Many hosting providers guide you through this process or offer automated installations. Clear your browser’s cache and history, as outdated data can sometimes cause erroneous warnings. Mixed Content Warnings Problem: A secure site might still display warnings if it loads insecure content (e.g., images or scripts served over HTTP instead of HTTPS). Solution: Scan your website for mixed content using tools like WhyNoPadlock or your browser’s developer tools. Update all URLs on your site to use HTTPS. This often involves updating your CMS settings or modifying your theme files. Implement a Content Security Policy (CSP) to ensure all content is served securely. Misconfigured Server Settings Problem: Incorrect server configurations can prevent the SSL certificate from functioning as intended. Solution: Verify your server settings through your hosting provider’s control panel or documentation. Ensure that HTTPS is enforced by enabling a redirect from HTTP to HTTPS on your server. If you’re using a content delivery network (CDN), ensure that the SSL is correctly configured both on your server and the CDN. Revoked Certificates Problem: Certificates can be revoked by the issuing authority due to security breaches or errors in issuance. Solution: Check the certificate’s status using tools like Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP). If your certificate has been revoked, contact your SSL provider to understand the reason and obtain a new certificate if necessary. By proactively addressing these common SSL certificate issues, your nonprofit can maintain a secure and trustworthy online presence, ensuring a seamless experience for your supporters. Take Action Today Securing your nonprofit’s website with an SSL is one of the simplest and most impactful steps you can take to protect your donors and build trust with your supporters. Beyond security, it shows your commitment to transparency and professionalism—values that resonate deeply with your audience. To enhance your online security even further, we encourage you to dive deeper into the world of SSL certificates. Researching additional resources and staying informed about the latest updates can help you implement best practices and avoid common pitfalls. Explore guides and expert recommendations tailored to nonprofits to ensure your website remains secure and trustworthy. Don’t wait to make this critical update. Whether you're a small grassroots organization or a global nonprofit, an SSL certificate can strengthen your digital presence and help you achieve your mission. Ready to get started? Reach out to your hosting provider or explore SSL options today. For further reading, check out these links: Guide to Choosing the Right SSL Certificate Common SSL Issues and How to Fix Them Your supporters—and their data—will thank you.Exciting News for Nonprofits: Enhanced Security with Microsoft Enterprise E5 Add-On!
What Does the E5 Security Add-On Include? The Microsoft Enterprise E5 Security add-on offers advanced security capabilities, including: Microsoft Entra ID Plan 2: Advanced identity protection and governance. Microsoft Defender for Identity: Real-time identity threat detection and response. Microsoft Defender for Endpoint Plan 2: Comprehensive endpoint security. Microsoft Defender for Office 365 Plan 2: Enhanced email and collaboration security. Microsoft Defender for Cloud Apps: Cloud application security and monitoring. * Please note, that at the time this article was written, Microsoft's nonprofit grant included Business Premium licenses. Currently they are no longer free but offered at a nonprofit discount. In-Depth Look at E5 Security Add-On Features 1. Microsoft Entra ID Plan 2 (formerly Azure AD Premium P2) What it is: An advanced identity and access management (IAM) solution with capabilities beyond standard Entra ID. Key Benefits for Nonprofits: Conditional Access & Risk-Based Policies: Detect risky sign-ins automatically and apply controls like MFA or block access. Identity Protection: Uses machine learning to detect user and sign-in risks, helping prevent account takeovers. Privileged Identity Management (PIM): Provides just-in-time access to admin roles, reducing exposure to privileged account misuse. Governance & Compliance: Automates entitlement reviews and helps ensure appropriate access to resources. 2. Microsoft Defender for Identity What it is: A cloud-based solution that monitors and secures your identity within your organization. Key Benefits for Nonprofits: Real-Time Threat Detection: Identifies lateral movement, privilege escalation, and other advanced threats within your network. Insider Threat Detection: Highlights risky behaviors from internal users, mitigating potential insider threats. Attack Surface Reduction: Detects brute force attacks, pass-the-hash, golden ticket attacks, and other identity-related threats. 3. Microsoft Defender for Endpoint Plan 2 What it is: An endpoint detection and response (EDR) solution to secure servers, desktops, and mobile devices. Key Benefits for Nonprofits: Threat & Vulnerability Management: Detects and prioritizes software vulnerabilities for remediation. Behavioral Analytics: Uses AI and threat intelligence to flag abnormal activities on endpoints. Automated Investigation & Response: Reduces the load on IT staff by automating threat investigations and remediations. Cross-Platform Protection: Protects Windows, macOS, Linux, iOS, and Android devices. 4. Microsoft Defender for Office 365 Plan 2 What it is: An advanced security solution for email, Teams, and other Microsoft 365 collaboration tools. Key Benefits for Nonprofits: Threat Investigation & Hunting: Enables proactive threat hunting across email and collaboration platforms. Attack Simulation Training: Simulates phishing and other attacks to train staff on security awareness. Automated Incident Response: Automatically responds to and remediates malicious emails and collaboration-based threats. Safe Links & Safe Attachments: Protects users from malicious links and harmful file attachments. 5. Microsoft Defender for Cloud Apps What it is: A cloud access security broker (CASB) that monitors and protects SaaS applications. Key Benefits for Nonprofits: App Discovery & Shadow IT Detection: Identifies unsanctioned or unmanaged apps used by staff. Data Loss Prevention (DLP): Helps prevent accidental or malicious leaks of sensitive data across cloud apps. Threat Protection: Detects suspicious behaviors in cloud applications, such as unusual login locations or mass file downloads. Compliance Monitoring: Helps organizations enforce compliance policies across cloud platforms. Why Is This Important? The E5 Security add-on offers nonprofits enterprise-grade security tools that enable them to detect, investigate, and respond to threats with greater speed and confidence. It allows organizations to proactively manage identity security, secure devices, and protect communications and data across cloud applications. By adopting these advanced solutions, nonprofits can build resilience against evolving threats and maintain the trust of their communities and stakeholders. Valuable Training for Nonprofits One of the most valuable features for nonprofits is access to cyber-attack simulation training. This training provides a safe and controlled environment to simulate real-world cyber-attacks, helping to train employees in recognizing and responding to threats. How to Get Started Nonprofits can easily add the E5 Security to their existing Business Premium licenses for $12 per user per month. This add-on ensures that your organization is equipped with the latest security tools to protect against evolving threats. For more information on how to access this add-on, visit Cybersecurity for small and medium business | Microsoft Security and Add Microsoft 365 E5 Security to your Microsoft 365 Business Premium subscription - Microsoft Learn. Empower your nonprofit with the best security solutions and continue making a positive impact in your community!
