Category: advisory
-
September 14: Device Management in GCC High for Secure, Compliant Access
“Trust, but verify.” Ronald Reagan Government contractors moving to Microsoft 365 GCC High face unique device management challenges. IT directors and MSPs must balance compliance, user productivity, and simplicity. This post explores how organizations can manage devices for GCC High environments confidently – whether by leveraging existing Commercial cloud devices, creating a secure virtual enclave, or…
-
September 7: Simple, Reliable Cross-Cloud Teams Collab in GCC High
“Less but better” Dieter Rams Two years out of Microsoft, I’m more convinced than ever of the power of simple, coherent design. Cross-cloud collaboration between Commercial and GCC High offers many paths, but, in my experience, only one is worth your time — and even that path is strewn with small but critical quirks. I’ve…
-
January 21: How To Achieve CJIS Compliance With M365
“It is my ambition to say in ten sentences what others say in a whole book.” Friedrich Nietzsche In my work with state and local government trying to achieve CJIS compliance with M365, I’ve found the security requirements needlessly complex. Take the Criminal Justice Information Services (CJIS) Security Policy section covering authentication – “IA-5 AUTHENTICATOR…
-
November 29: How to Deploy Phishing Resistant Authentication
“Those who cannot remember the past are condemned to repeat it.” George Santayana As I’ve said here, here, and here, the best way to protect your organization is with phishing-resistant MFA. I’ve collected lessons from recent engagements and Microsoft updates into an eBook that may help you. Here is the table of contents. Provide your…
-
February 12: New Ways to Secure Multi-Tenant GCC High
“Everything should be made as simple as possible, but no simpler.” Albert Einstein 2024.02.17 Update: Patrick Abel from Summit 7 has this great post on Cross-Cloud B2B and Teams Cross-Cloud Guest Access in GCC High. This post is an unofficial elaboration of the official Microsoft guidance to Defense Industrial Base companies operating in multi-tenant Microsoft…
-
January 29: New Lessons Learned From Microsoft’s Security Breach
when faced with multiple explanations for a phenomenon, the simplest one that adequately explains the observed evidence is likely to be the most accurate The Principle of Parsimony The three lessons below should be considered a supplement to 25 Simple Ways To Secure Your Apps. Secure by Design: Beyond User Vigilance The root cause of…
-
October 30: 25 Simple Ways To Secure Your Apps
He that is without sin among you, let him first cast a stone… go, and sin no more. Jesus Christ, John 8:7-11 2024.01.29 update: Microsoft’s Midnight Blizzard breach prompted three more simple ways to secure your apps, bringing the total to 28. 2024.01.31 update: CISA Director Jen Easterly’s statement before Congress: “The technology underpinning our…
-
August 8: How to sync multi-forest managers to Azure AD
How to sync multi-forest managers to Azure AD. This solution does not require an intermediate forest and uses supported Azure AD Connect functionality.