Page Diagnostics Tool for SPO

What is Page Diagnostics Tool?

Defined as Chromium Browser Extension designed to help you identify site pages in SharePoint Online that may not be delivering optimal performance.

Where we can download the tool?

What can can be used for?

  1. Compare characteristics of page to best practices to SharePoint Online and enlist the issues
  2. Provide guidance to resolve these issues as per the best practices

What This Tool does?

  • Identify total page load time
  • Which actions needs attention
    1. It detects large images (Images which are larger than 300 KB)
    2. Content Delivery Network check – Which items from page are not using CDN
    3. How many request call went to SharePoint? It also indicates how many only to have like best practice is maximum 25
    4. Which web parts are using iFrames? iFrames slows down the performance
    5. Which web parts affecting performance
    6. Where improvements can be done. That means for example this tool enlists WebParts which take more than 2000 MS to render

It’s interesting to analyze performance of modern and classic sites before publishing them to production environments

FIVE KEY QUESTIONS TO CONTROL CLOUD COSTS

Today I’m not talking regarding Azure, I’m talking generally in the Cloud, so… the case here is: you’re ready to modernize your infrastructure to truly benefit from the cloud and avoid sprawl, poor performance, complexity, and sky-high subscriptions. Here are the five key areas you need to plan things out.

  1. What problem are you solving? The business case behind your infrastructure must be understood, with input from key stakeholders. How will the cloud help you deliver that value to your users or customers? How will you benchmark and improve on that goal? Common goals for cloud infrastructure are faster service delivery, lower operating costs, agile deployment, simplified user experience, modernization, and resilience.
  2. What base infrastructure components will be used across your stack? Your subscription model, identity management, network, storage, backup, and other key components should work with any given app or VM that might be attached to your subscription.
  3. Where can you automate? Automation and standard procedures are key to realizing the full benefit of the cloud. This helps minimize costs by automatically provisioning and decommissioning and implementing configurations without intervention. Infrastructure as Code will only continue to be more vital to cloud management.
  4. Who is responsible for each piece of the stack? As you embrace more and more components delivered entirely as a Service, you must understand which entity is responsible for their management and potential failure. Obviously the underlying hardware is not yours to command, and a hardware-level failure would fall upon the service provider. But issue-resolution can be a difficult gray area. Be prepared to work with the cloud provider and have processes in place for issue tracking and resolution as well as version control and backup/restore.
  5. How are you managing cloud governance? Depending on your management models, it may be much easier for users within or outside the IT department to provision their own resources. It was much harder to order, install, and configure a physical server than to simply click a few times to have a virtual one ready to go. You must be ready to protect and secure your data from inside and outside risks, while also reining in sprawl and maintaining compliance. Automation tools and code are a good place to start with governance and compliance.

Manage office atp alerts like a boss

Image by Gerhard G. from Pixabay

Let’s face it: Sometimes you get false positives in Office ATP phishing Email alerts. Either this is caused by the system or you may have scheduled a phishing simulation from a third party provider that cannot be properly whitelisted.

In such cases, you find yourself sitting in front of an infinite list of either investigation events:

or infront of a likewise infinite list of the associated alerts:

Both lists have one thing in common: filtering and modification of additional columns is very limited. In fact, both lists do not provide any valuable data in this overview. To get more information, you have to click an entry of one of those lists and then you might have to click even further only to find out, you don’t have to touch that alert, cause it is a false positive.

From a defender’s perspective, this is not…

View original post 188 more words

Licensing Details for Litigation Hold in Office 365

Legal Hold can be used as an alternative to using third-party backup solutions since all emails are retained and cannot be deleted by the user or admin, except by retention policies.

Admins can place mailboxes on litigation hold or in-place hold. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.

Litigation hold in O365 originally only existed for Exchange Online mailbox data, but has been extended to SharePoint Online, Teams, OneDrive, etc.

The user you wish to place on hold must a subscription that includes at least Exchange Online (Plan 2). This includes the following online licenses:

  • Microsoft 365 E5
  • Microsoft 365 E3
  • Office 365 E5
  • Office 365 E3
Users in subscriptions that include Exchange Online (Plan 1) can also be put on hold if the user has the add-on Exchange Online Archiving . Holds only apply to mailbox data with this license.

One great advantages of hold is that the user account can be deleted after they leave the company and the data will still be preserved for eDiscovery. So you won’t be burning a license for a user who does not access their mailbox any longer.

For more information about litigation or legal hold in Office 365, read In-Place Hold and Litigation Hold in Exchange Server.

Monitor Azure AD Smart Lockouts with Log Analytics

Following my last post about Azure AD Smart Lockout, have you ever wonder, how to monitor those events? Of Course, we can do it with Log Analytics

HOW TO MONITOR SMART LOCKOUT?

Integrating the monitor and alerting of Smart Lockout is very simple, this post will explain you how to do it:

  1. In Azure Portal, Select Azure Active Directory > Diagnostic settings -> Add diagnostic setting. select Export Settings from the Audit Logs or Sign-ins page to get to the diagnostic settings configuration page.
  2. In the Diagnostic settings menu, select the Send to Log Analytics workspace check box, and then select Configure.
  3. Select the Log Analytics workspace you want to send the logs to, or create a new workspace in the provided dialog box.
  4. Select one or both of the following:
    • To send audit logs to the Log Analytics workspace, select the AuditLogs check box
    • To send sign-in logs to the Log Analytics workspace, select the SignInLogs check box
  5. Select Save to save the setting.

Now, what we will need to do is wait, probably in 5-10 minutes we will start to have data into workspace.

The logs we are looking for are in the AuditLogs and SigninLogs tables in the workspace.

SigninLogs
| limit 50

and click on run to get the last 50 sign-ins listed. As we are interested into the actual Smart-Lockouts (ResultType 50053), we need to add a filter criteria to our query and we probably want to limit it to the last seven days only.

SigninLogs 
| where CreatedDateTime >= ago(7d)
| where ResultType == "50053" 

And because we like to get notified, we can also set an Alert Rule on this type of query. Click on New Alert Rule, which will bring you the next blade.

Then we need to reuse and Action Group or create a new one, this is used to be alerted when the signal occurs. we have to be aware that depending of the frequency of the alert, we will be charged in €€€

Another thing to keep in mind is that we will have a lag between the alert and the action when it happens, it’s not inmediately.

that’s all, have fun!

AzureAD Smart Lockout

Have you ever wondered how Microsoft prevents password guessing attacks or brute force attacks on Azure AD? Well, it is basically the same method as you would do on your on-premises User Directory! It is just smarter!

Azure AD Smart lockout is a feature being applied to every sign-in processed by Azure AD, regardless if the user has a managed account or a synced accounts using password hash sync or pass-through authentication.
The smart part comes from the ability to distinguish valid users from attackers. It locks out the attackers while letting your users continue to access their accounts and be productive.

smartlockout

If you still run ADFS, there is also a Feature available named Extranet Smart Lockout but this one is not as smart as the one in Azure AD. https://support.microsoft.com/en-us/help/4096478/extranet-smart-lockout-feature-in-windows-server-2016

The default lockout setting kicks in after ten invalid login attempts for one minute. The account locks again after each subsequent failed attempt, for one minute at first and longer periods in subsequent attempts. Also, smart lockout tracks the last three bad password hashes to avoid incrementing the lockout counter for the same password, basically, if the same bad password is entered multiple times, it will not cause another lockout.

Note: The monitoring of the same sign-in attempt is only available for the Password Hash sync scenario, as the Pass-Through password validation happens against your on-premise AD domain controllers.

Smart Lockout is always turned on for all Azure AD customers. If you want to modify the default behavior of 10 invalid attempts to trigger a one-minute lockout, then you require Azure AD P1 or P2 licenses for your users.

Office 365 Your Organisation Needs More Information To Keep Your Account Secure

I know that we have to take security seriously, but I faced this problem so many times. Have you recently created a new Microsoft 365 or Office 365 account and users are being forced to setup MFA within 14 days despite MFA not being configured?

we are in the same boat!

I’m constantly setting up new tenants for clients and performing migrations and while enforcing MFA is a great idea and having it enabled by default is good it does cause issues during the configuration stage of a tenant.

The issue is being caused by a new security default policies being applied to the tenant.

Here is how to temporally (take it seriosly yo!) disable the new security default policies to turn off this behaviour.

Log into your tenant and go to the Admin console https://admin.microsoft.com and click in ‘Azure Active Directory’ from the left hand menu.

now click on ‘Azure Active Directory’ then ‘Properties’ then ‘Manage Security Defaults’.

Set ‘Enable Security Defaults’ to ‘No’.

Tick an option which most applies to you and click ‘Save’.

Now users will not be forced to configure MFA but remember weak passwords are causing us all major issues so please enable MFA for user accounts as soon as you can.

Top 10 Microsoft Defender ATP Advantages

I’m in love with MDATP, so take your time to read it all 😉

Kiran NR Cyber-security blog

I just thought of sharing some insights about Microsoft Defender ATP today.

Microsoft Defender ATP is a unified platform for preventive protection, post-breach protection, automated investigation, and response.

Top 10 MDATP Advantages

Threat Vulnerability and Management: is the latest innovation in Microsoft Defender ATP, which continues to evolve to provide customers with powerful, real-time, and integrated means to discover, prioritize, and remediate threats.

Vulnerability Management Maturity Model

Microsoft Threat Experts: Threat Experts from Microsoft provide technical consultation on relevant detection’s and adversaries. MTE provide your Security Operations Center with expert-level threat monitoring over your de-identified data, threat analysis, and support to discover and respond to critical threats in your unique environment.

MDATP: Microsoft Defender ATP offers out of the box integration with Azure AD, Azure ATP, Azure Security Center, Azure Information Protection, Microsoft Cloud App Security, Microsoft Intune, and Office 365 ATP.

View original post

Securing guest access in Teams

What we have to take inito account when we have guests in out tenant? In this post I want to throw some guides about it:

Limitations for guests

Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of:

  • Per licensed user you can add up to five guests (1:5 ratio)
  • Guest user permissions in Azure AD are limited by default
    • cannot browse other tenant information
    • but can view their own profile
    • but can retrieve input on other users if he/she searches for a UPN or object ID
  • Guest user permissions in Office 365 groups are limited
  • Guest user permissions in Teams are limited
    • no One Drive for Business
    • no people search outside of Teams
    • no calendar
    • no meeting scheduling
    • no pstn/telephony
    • no org chart
    • no teams creation/revision
    • no teams browsing
    • no file upload in P2P chats

What you can do to secure your Microsoft 365 guest identities?

The following are simply recommendations, so it will change depending the security you want to apply to your tenant:

  • enforce multi-factor authentication for guests
  • provide terms which guests musts agree on
  • regularly review permission needs are still valid
  • restrict access for guest to web-only / browser-only
  • set session timeout to enforce regular/daily authentication by guests
  • classify content by using sensitivity labels
  • auto classify defined sensitive information to highly confidential
  • auto remove guests access from files labeled high confidential

Unable to see Public Teams or join them

My customer had an issue where public teams are no longer showing in Teams application or Browser, whenever you go to “Join Team” or “Create Team”

Also, something weird is that the search box on the right hand of the screen was missing, so the screen that they were seeing, was similar to the following one:

searchteams

So in order to solve that, you need to do the following:

  • Access to https://admin.teams.microsoft.com with at least a Teams Administrator role in the company
  • Go to Org-Wide Settings –> Team Settings
  • At the bottom of the Teams settings, there is a Search by Name section. Ensure this is turned OFF

Once this has been turned off, it takes about 30 minutes for the tenant to update with the changes. Take into account that some changes done via UI will take up to 24 hours (in some cases I faced it)

If you go back to ‘Join or create a team’ you should see the search box and the public teams. Probably you will need to clean cache in the browser and in the Teams App ( https://albandrodsmemory.wordpress.com/2019/01/04/microsoft-teams-how-to-clean-cache )

Hope it helps!