Browsing: Azure & M365 Tips

(Azure) Block Foreign Signins

This rule will help secure your environment from foreign countries that your business does not operate in.

Create a Conditional Access policy.
Under locations, specify which countries you operate in.
Check the box for “Include unknown areas”. The reason for this is that Microsoft does not detect the location from IPv6 (yet) so this will allow them. Attacks carried out via IPv6 are much more rare. In “Named Locations” you can opt into the preview which allows you to whitelist IPv6 ranges. You would likely have to contact your company’s mobile provider for their ranges if you use this.
Under policy rules, set access controls to “Block”, Include all, Exclude your locations.

When team members travel out of country, have them notify IT so you can create an exclusion under “Users and groups”.

{ Add a Comment }

(M365) Disabling Forwarding Rules to Outside Domains

This rule will help with email compromises which export email data to an external source or a company policy that enforces DLP.

Create a new rule in the Exchange admin center.
Add a bounce back message so that users will know right away if they have been compromised in this fashion or to notify that they are not allowed to funnel email to another source.

{ Add a Comment }

(M365) Add Warning to Emails Received From Outside

Creating this rule will help bring visibility phishing attempts that impersonate another person in your organization.

Go into the Exchange admin center and create a new rule.
Add an exception with your disclaimer text so that the warning message isn’t duplicated on subsequent emails.

{ Add a Comment }