Security related items and thoughts
Sender Policy Framework (SPF) is a fundamental component of modern e-mail authentication, designed to reduce the risk of spoofing and phishing attacks. By publishing a DNS record that specifies which mail servers are authorised to send messages on behalf of a domain, SPF allows receiving systems to validate whether an incoming message genuinely originates from the claimed sender. SPF alone does no… Read the rest “SPF Record Fun”
On-premises users were unable to use Entra SSPR to reset their passwords. This needs to use the Password Writeback feature, and in this case Entra Connect was used. Nowadays there is also Entra Cloud Sync, but that was not an option for this customer. Users were able to access the SSPR page at https://aka.ms/SSPR and successfully go through all of the steps of the wizard. This included the CAPT… Read the rest “Entra SSPR Failing–Unexpected Error During A Set Password Operation”
In today’s hybrid work environment, securing access to cloud applications is more critical than ever. Microsoft Defender for Cloud Apps offers a powerful way to enforce granular access controls using different policies. Organisations want to ensure that only authorised and compliant devices can access sensitive cloud resources. Requiring device compliance can be achieved with Intune as an MDM a… Read the rest “Defender for Cloud Apps Access Policy Not Applied to Desktop Applications”
The 14th of October 2025 marks another pivotal moment in Microsoft’s product lifecycle, as a large spectrum of very popular and widely deployed software reaches end-of-support. This includes Windows 10 and Windows 11 22H2. On the productivity front, the extended support for Office 2016 and 2019, along with Visio 2016/2019, Project 2016/2019, and server-side tools like Exchange Server 2016/2019, S… Read the rest “Save The Date 14th October 2025”
Previously we looked at how to use nslookup to retrieve the main Domain Based Message Reporting And Conformance (DMARC) DNS record. One of the often overlooked and behind the scenes aspect of DMARC is that a 3rd party DMARC provider has to actually grant permission for DMARC reports to be sent to them for a given domain. Without that permission, email service providers will not be able to send DM… Read the rest “How To Use Nslookup To Check DMARC External Domain Validation (EDV) Record”
Data processing and handling considerations must be reviewed as part of deploying any cloud product. With Copilot for Security there are two aspects that need to be fully understood. One is where the tenant’s data is stored. Secondly is where the AI prompts are processed. It may be the case that these are different locations.
We can use the Copilot for Security (CfS) portal https://securitycopi… Read the rest “How to View Copilot for Security Prompt Processing Location And Cross Region Details”
Copilot for Security has multiple integration points which can be accessed via either:
Standalone experience
Copilot for Security, accessed through https://securitycopilot.microsoft.com, is considered the standalone experience.
Embedded experience
Accessing Copilot for Security embedded experiences in other Microsoft security products is considered an embedded experience.
For the current list of embedded… Read the rest “Copilot for Security – Global Admin Required to Enable Microsoft 365 Service Data Access”
Many customers have completed or are completing the rollout of SPF, DKIM and DMARC to improve email security. Once DMARC has been moved to 100% quarantine that means that all of the issues have been identified and resolved. So what’s next?
Typically this is where MTA-STS comes in. Mail Transfer Agent - Strict Transport Security (MTA-STS) is intended to provide additional security to email transpo… Read the rest “MTA-STS–Comments On Deploying Azure Static Web App”
When delivering Copilot for Security engagements to customers, we frequently want to reference external articles, content and news. There is also the occasional squirrel moment due to how my brain operates.
This post is a collection of the various artifacts that we typically discuss. They are all collected into one spot so that it is easier to send out as a curated resource after the engagement h… Read the rest “Copilot for Security Workshop Links”
Starting a setup of Copilot for Security in a demo tenant led to an interesting issue where the expected bootstrap process was not launched. As an eligible administrator, when you navigate to https://securitycopilot.microsoft.com you will either access the previously deployed Copilot for Security (CfS) instance or be prompted to create it. This assumes that you are logged on as either a Global Ad… Read the rest “Unable to Setup Copilot for Security – Can’t get account information”