New tenant admin app in Microsoft Teams

image

If you search the apps available in Microsoft Teams you’ll find a new one from Microsoft called Admin as shown above.

image

When you add the Admin app to your Microsoft Teams environment you see a number of basic administration options you can alter as shown above.

image

You can, for example, set some basic meeting settings as shown above.

At this stage the app is pretty basic but it is handy to have many of the common admin settings inside Microsoft Teams overcoming the need to switch out to the admin console. Over time I’d guess that more options will be added to this app to make Microsoft 365 management easier.

What to check with spoofed email in Microsoft 365

If you find that a spoofed email is reaching users inboxes in Microsoft 365 (say something like managing.director@gmail.com pretending to be managing.director@yourdomain.com) then here are some initial suggestions and things to check.

Firstly, ensure you have SPF, DKIM DMARC configured for your domain. They all help reduce spoofed emails getting to the inbox. 

Set up SPF to help prevent spoofing

Support for validation of DKIM signed messages

Use DMARC to validate email

Next, run the analyzer that is built into the Microsoft 365 Security Center to see where your policies may deviate from best practices.

Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365

and you’ll find those best practice settings here:

Recommended settings for EOP and Microsoft Defender for Office 365 security

I’d be checking against the strict rather than the standard settings if it was me.

image

In the settings for your spam policy in Exchange Online there are a few additional settings you can enable as shown above. Even though the Microsoft best practices doesn’t recommend it, I still have most of these set and at a minimum recommend that the SPF hard fail option be enabled.

image

In your Anti-phishing policies ensure the option for Show first contact safety tip is enabled as shown above. Microsoft Best Practice policies don’t set this. In general make sure all the above settings are all enabled as shown.

Another good indicator to configure is

Set-ExternalInOutlook -Enabled $true

using PowerShell, that will let you know about

Native external sender callouts on email in Outlook

Another custom adjustment you can consider is changing the Spam Confidence Level (SCL)

Spam Confidence level (SCL) in EOP

A further option you may wish to tweak beyond Microsoft’s recommended best practices is the phishing thresholds in anti-phishing policies:

Advanced phishing thresholds in anti-phishing policies in Microsoft Defender for Office 365 

When you get emails that are confirmed as trying to trick users, make sure you report them to Microsoft

How do I report a suspicious email or file to Microsoft?

Use the Submissions portal to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft

Probably the best way to do that is to use the free add-in that works with Outlook.

Enable the Report Message or the Report Phishing add-ins

doing so helps build the intelligence for Exchange Online as well as helping others who may see similar insecure emails.

The final option available to you is always to reach out to Microsoft for assistance.

Get help or support for Microsoft 365 for business

I would also suggest you check any white listing options you may have in Exchange Online as these are easily forgotten over time. Best practice is not to white list any domain or specific email address but always check when you see repeated emails get through filtering. I can’t tell you how many times I find this as the cause of any issue. Keep in mind, there are few places that you can white list emails:

Create safe sender lists in EOP

You can of course also block the insecure sender:

Create blocked sender lists in EOP

Remember that if you tighten your email security the result will probably be an increase in false positives, at least initially, as Exchange Online learns to evaluate the changes and user behaviours based on the updated settings. Email security is not an exact science. The bad operators are working just as hard to bypass all these settings so it is always going to be a game of cat and mouse. However, hopefully, using the Microsoft recommended best practices and some additional tweaks as suggested above, you can prevent the vast majority of insecure emails out of your users email boxes.

Need to Know podcast–Episode 285

I’m back baby! It’s been quite a while now but I’ve decided to start getting the Microsoft Cloud information and updates out there irrespectively of whether there is a guest or not. Let’s see how that goes and please let me know what you think and any suggestions you may have.

I’ll also bring you up to date with all the latest news from the Microsoft Cloud.

Take a listen and let us know what you think – director@ciaops.com

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-285-updates/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2022.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Stream mobile app in beta

Microsoft to drop Kaizala in 2023

Microsoft Security highlights from Black Hat USA 2022

What’s new in Microsoft Endpoint Manager – 2208 (August) edition

Microsoft Defender monthly news August

Enabling corporate access using browser controls in Windows

Microsoft Entra Verified ID now generally available

Microsoft announces new solutions for threat intelligence and attack surface management

Microsoft Ignite

CIAOPS Shared channel

CIAOPS Need to Know webinar September

CIAOPS Need to Know Microsoft 365 Webinar – September

laptop-eyes-technology-computer

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at a framework for migration to Microsoft 365.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

September Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2209 – into your browser or scan this QR code)

Untitled picture

The details are:

CIAOPS Need to Know Webinar – September 2022
Thursday 22nd of September 2022
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Turn on your Adoption Score

image

To enable the Microsoft Adoption Score navigate as an admin to:

https://admin.microsoft.com

and expand the Reports heading on the left. Under here you should now find an option called Adoption Score as shown above.

image

When you select this, you’ll see the above on the right if you have not enabled Adoption Score.

If not enabled, select the Enable Adoption Score button.

image

You should then see the message shown above letting you know that it takes about 24 hours for the data to start flowing into the dashboard.

image

After that period you should see data for your tenant like shown above.

As Adoption Score is not on by default I recommend that it is turned on for all tenants to help you get a better idea of how your organisation is taking advantage of the Microsoft Services. For more information see the Microsoft documentation:

Microsoft Adoption Score

but in short, turn it on and use it in conjunction with Secure Score.

Inconsistent Intune PowerShell module results

If you run the command:

get-intuneconfigurationpolicy

you’d except to see all your Intune configuration policies displayed.

image

However, after connecting to the Microsoft Graph module you see that nothing is returned. My experience has also been receiving incomplete results using these commands.

image

What I have found is that using the Microsoft Graph directly by using commands like:

$uri = “https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/”

(Invoke-MSGraphRequest -Url $URI -HttpMethod GET).value

produces the desired results as shown above in the same environment.

So my tip is when working with Intune and Endpoint Manager with PowerShell is, use the Microsoft Grah directly to obtain and set the information you need.