EricaZelic
@ericazelic.bsky.social
Security Engineer / IAM Security. Defending against people like me.
Some nuances to look out for: Depending on tenant settings (some orgs are very complex), you may need to check both *@yourdomain.yourtopleveldomain and *@yourdomainmoera.onmicrosoft.yourtopleveldomain. This depends on your DNS records and mail gateways.
Another gotcha is the UTC time. Be careful.
Another gotcha is the UTC time. Be careful.
March 16, 2025 at 8:13 PM
Some nuances to look out for: Depending on tenant settings (some orgs are very complex), you may need to check both *@yourdomain.yourtopleveldomain and *@yourdomainmoera.onmicrosoft.yourtopleveldomain. This depends on your DNS records and mail gateways.
Another gotcha is the UTC time. Be careful.
Another gotcha is the UTC time. Be careful.
You can also run Exchange Message Trace reports from either Exchange Online Admin Center or Security Admin Center. There is a selection the Message Trace that allows you to search for failed/bounced messages or all messages in the past 1 day. You can update the search time to look back further.
March 16, 2025 at 8:10 PM
You can also run Exchange Message Trace reports from either Exchange Online Admin Center or Security Admin Center. There is a selection the Message Trace that allows you to search for failed/bounced messages or all messages in the past 1 day. You can update the search time to look back further.
The first thing you can check is the NDR report in Exchange Online Admin Cetner: admin.exchange.microsoft.com --> Reports --> Mail Flow --> Non-delivery details report.
March 16, 2025 at 8:06 PM
The first thing you can check is the NDR report in Exchange Online Admin Cetner: admin.exchange.microsoft.com --> Reports --> Mail Flow --> Non-delivery details report.
As many people are aware, there have been ongoing issues with Exchange the past few weeks. The latest *incident* (not advisory) is about NDRs. We have been seeing tons of NDRs but do not match the NDR codes in the Incident. /1
March 16, 2025 at 8:03 PM
As many people are aware, there have been ongoing issues with Exchange the past few weeks. The latest *incident* (not advisory) is about NDRs. We have been seeing tons of NDRs but do not match the NDR codes in the Incident. /1
for clarity, I'm talking about this part:
learn.microsoft.com/en-us/entra/...
learn.microsoft.com/en-us/entra/...
March 16, 2025 at 6:47 PM
for clarity, I'm talking about this part:
learn.microsoft.com/en-us/entra/...
learn.microsoft.com/en-us/entra/...
It always has this configuration. There is never a client certificate or secret, no redirect URI, and the APP ID URI is a certificate.
March 16, 2025 at 5:19 PM
It always has this configuration. There is never a client certificate or secret, no redirect URI, and the APP ID URI is a certificate.
Can someone tell me what this app registration is that I see absolutely everywhere?
March 16, 2025 at 5:16 PM
Can someone tell me what this app registration is that I see absolutely everywhere?
Before enabling B2B collaboration, a security plan is required based on your vertical and compliance needs. See steps 1-11 below for a quick start guide. This only pertains to B2B. There are many changes that need to made across the tenant admin centers. learn.microsoft.com/en-us/entra/...
March 2, 2025 at 12:56 AM
Before enabling B2B collaboration, a security plan is required based on your vertical and compliance needs. See steps 1-11 below for a quick start guide. This only pertains to B2B. There are many changes that need to made across the tenant admin centers. learn.microsoft.com/en-us/entra/...
This is why I don't like Guests or Anonymous Users
March 1, 2025 at 6:21 PM
This is why I don't like Guests or Anonymous Users
From the reference above, this is a Microsoft recommendation of where the CAP comes in for managing authentication strengths for B2B Guests
March 1, 2025 at 5:37 PM
From the reference above, this is a Microsoft recommendation of where the CAP comes in for managing authentication strengths for B2B Guests
For orgs that allow Guests, the tenant-wide configurations that are required to secure controlled data are numerous and include creation of attribute based dynamic groups to enforce authentication strengths and other CAPs, as well as Teams, SPO/OneDrive, and Exchange hardening.
March 1, 2025 at 5:22 PM
For orgs that allow Guests, the tenant-wide configurations that are required to secure controlled data are numerous and include creation of attribute based dynamic groups to enforce authentication strengths and other CAPs, as well as Teams, SPO/OneDrive, and Exchange hardening.
External Access deviates from traditional IAM controls. Most organizations DO NOT UNDERSTAND THIS.
March 1, 2025 at 5:17 PM
External Access deviates from traditional IAM controls. Most organizations DO NOT UNDERSTAND THIS.
This is SUPER IMPORTANT for orgs who store controlled data in their tenants
March 1, 2025 at 5:14 PM
This is SUPER IMPORTANT for orgs who store controlled data in their tenants
Guest Access should NEVER be without Entra ID B2B in Zero Trust. This requires approval from both business tenants and is managed via External Identities in Entra ID AS WELL AS Teams Admin Center.
March 1, 2025 at 5:11 PM
Guest Access should NEVER be without Entra ID B2B in Zero Trust. This requires approval from both business tenants and is managed via External Identities in Entra ID AS WELL AS Teams Admin Center.
Teams dependent services architecture:
March 1, 2025 at 5:08 PM
Teams dependent services architecture:
If your org's approved architecture is based on Zero Trust and you use Teams, here is a nifty chart from Microsoft which lays out your plan. If you store any type of controlled data in your tenant, anywhere, you will fall into the Specialized Security Category.
learn.microsoft.com/en-us/securi...
learn.microsoft.com/en-us/securi...
March 1, 2025 at 4:58 PM
If your org's approved architecture is based on Zero Trust and you use Teams, here is a nifty chart from Microsoft which lays out your plan. If you store any type of controlled data in your tenant, anywhere, you will fall into the Specialized Security Category.
learn.microsoft.com/en-us/securi...
learn.microsoft.com/en-us/securi...
Sydney Sweeney approves this idea
February 23, 2025 at 9:00 PM
Sydney Sweeney approves this idea