Moving to Part 3, in this post I will go through the process of installing Visual Studio Code. Let’s get started.
What is Visual Studio Code? Visual Studio Code combines the simplicity of a source code editor with powerful developer tooling, like IntelliSense code completion and debugging. First and foremost, it is an editor that gets out of your way. The delightfully frictionless edit-build-debug cycle means less time fiddling with your environment, and more time executing on your ideas. For more information on Visual Studio Code click the following link Microsoft.
Following on from a previous post where I installed and configured Terraform, see How to Install Terraform, in this post I will continue my journey learning Terraform by going through the process of installing a useful tool known Azure command-line interface (Azure CLI).
The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation. It’s a useful tool to have installed on my machine so let’s get started.
To comply with business standards and industry regulations, organisations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security and Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.
In this blog post I will go through the process of preventing users from forwarding emails including UK Financial Data to anyone outside the organisation. UK Financial data category includes the below by default:
Credit Card Number
EU Debit Card Number
Login to the Microsoft 365 Portal and click on the Security Admin Center
2. Click Data Loss Prevention and click Policy
3. Click + Create a policy
4. For the purpose of this demo I am configuring a policy to protect U.K Financial Data. As you can see from the screenshot below, Microsoft have already defined what requires protecting.
You also have the option to protect other information relating to Medical and Health, Privacy and you could also select a custom sensitivity type or label you have already created.
5. Click Next 6. Give your policy a name and description, click Next
7. Here you could select to protect all documents including UK Financial Data from locations such as Exchange email, Teams Chats and Channel Messages and OneDrive and SharePoint Documents. Or choose a specific location.
8. For the purpose of this demo, I am only selecting Exchange Email so I have selected Let me choose specific locations, click Next
9. And here are your options where you can select the location, include and exclude groups.
10. For the purpose of this demo, I have selected the location as Exchange Email and allowed the policy to apply to all users. Click next
11. I want to detect when the content including UK Financial Data is shared with people outside my organisation. The other option is only with people inside my organisation.
Before I move on you may have noticed the option, Use advanced settings. This is where you can configure the scoring for low volume and high volume of content detected.
Clicking low volume of content displays the screen below and the default criteria setup by Microsoft. The default scoring can be amended and you can also additional criteria/conditions.
The advanced settings option can also be useful if you wish to add an exception, for example, you may want to exclude a partner domain from the policy, configure user notifications, enable incident reports, configure override or customise policy tips or email text, and more. I would recommend that you review the various options.
Note: you can always edit the policy including advanced settings at a later time.
12. Back at the original screen I click next
13. here are the default settings
14. For the purpose of this demo, I have amended detect when content that’s being shared contains at least 1instance
and I will block people from sharing and restrict access to shared content
Customize the tip and email – provides the information below. I will leave this as the default but you could amend now or at a later date.
Send incident reports in email – displays the information below. You may wish to exclude certain information from the incident report, or add additional people to receive notifications.
15. Click next and we come to the screen below. Configure as required and click Next
To block people outside your organisation, you must go back to the ‘Customize the type of content you want to protect’ page and choose to detect content that’s shared with people outside your organization.
If you wish to warn the user but allow them to override the policy, see options below.
15. After clicking next, the screen below appears where you have the options to turn on the policy right away, leave it disabled or test it out. Select your preferred option and click next.
16. Review settings and edit if required, click Create
and that’s the policy created
Click the policy if you wish to edit any of the settings. The window below appears to allow you to edit or delete the policy as required.
It would be great to know how you have found Microsoft 365 DLP. Please comment below if you have anything further to share. Thank you
I thought it would be useful to share this post in the event anyone experiences this issue.
A friend contacted me recently and mentioned that he was experiencing performance issues with his laptop. Upon investigating I launched task manager and clicked the performance tab. As shown below, I found that his HDD was running at 100%
After some investigation, I found that there was a disk defrag scheduled to run daily which was causing the disk to run at 100%
Disabling this task allowed for the HDD performance to stabilise.
Here is the result after disabling the defrag schedule.
If you’re experiencing this issue, it’s worth checking if there is a defrag schedule configured.
Click start > search and click Defragment and Optimize drives
In this blog post I will go through the process of enabling a user sign-in and user risk policy within Azure Identity Protection located within the Azure Portal.
Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory.
User risk policy With the user risk policy turned on, Azure Active Directory detects the probability that a user account has been compromised. As an administrator, you can configure a user risk conditional access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.
Identity Protection categorises risk into three tiers: low, medium, and high. While Microsoft does not provide specific details about how risk is calculated, Microsoft say that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.
User sign-in policy Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multi-factor authentication (MFA). Note that if MFA is not enabled for the user, access will be blocked.
Note: to make use of these features every user that benefits or is affected from a feature exclusive to the Azure AD P2 offerings needs a Azure AD P2 licence or a licence including Azure AD P2, for example 365 E5 – Source: Microsoft
Login to your Azure Portal (portal.azure.com
Search and click Azure AD Identity Protection
3. Below is a screenshot displaying both user risk policy and sign-in risk policies We’ll start with user risk policy
4. Click user risk policy and below are the parameters available
5. Click all users and below I can apply this policy to all users or target individuals or groups.
I can also exclude users or groups as shown in the screenshot below
Note: exclusions over ride inclusions, so if a user is in two groups, one excluded and the other included, the excluded will policy will take priority.
For the purpose of this demo, I will be leaving the default of all users
6. Next, move onto user risk which assesses the likelihood that the user account is compromised.
7. The below risks (High, Medium and above, low and above) are based on a Microsoft Algorithm. While Microsoft does not provide specific details about how risk is calculated, they say that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user. For common questions, visit the following Microsoft article – Common Questions
I’ll be setting the user risk as High so I’m going to be looking for something that has been flagged as a high risk which means there is an account which has highly likely been compromised. Click Done
8. Next, I move onto Access located under Controls
9. Here is where we configure the action if the condition is met. For the purpose of this demo, I will click Allow access but will force the user to change the password. You could also block the user when a high risk is identified. Click done
10. Select On and click save
11. That’s the user risk policy set
Let’s move onto Sign-in Risk Policy
Click Sign-in risk policy
2. I’ll be leaving the default setting to apply the policy to all users
3. Next I click on Sign-in risk which is based on the likelihood that the sign-in is coming from someone else other than the user.
4. I set this to high and click done
5. Click access located under Controls
6. I click allow but the user will be forced to perform multi-factor authentication, click done
Note: If multi-factor is not configured for the user, the user will be blocked
7. Finally, I turn on the policy and click save
That’s both policies configured
To view risk alerts, click the options located under Report in the menu located towards the left.
Further down the menu, we have notify on users at risk detected alerts and weekly digest. Users in the Global administrator, Security administrator, or Security reader roles are automatically added to this list if that user has a valid email or alternate email configured. Microsoft attempt to send emails to the first 20 members of each role. If a user is enrolled in PIM to elevate to one of these roles on demand then they will only receive emails if they are elevated at the time the email is sent.
By default admins are alerted based on high risk alerts as shown below
Subscribe to new tech posts.
We will never send you spam email or forward your details to third parties.
This will close in 0 seconds