Microsoft 365 users are frequently targeted by attacks such as anonymous IP sign-ins, unfamiliar sign-in properties, and password compromise. When such activity is detected, users are flagged as risky. Admins can review and take actions like risk remediation, dismissal, confirm compromise, or block the account. To streamline risk remediation, Microsoft introduced the Require risk remediation option in Conditional…
3 min read
Managing organizational data at scale requires a balance between automation and control. While auto-apply retention labels in Microsoft 365 help administrators efficiently classify and manage large volumes of SharePoint, OneDrive, and Exchange Online content, they also introduce risk when deletion is automated. A retention label with a delete action can…
9 min read
Imagine a Microsoft 365 user approves an OAuth consent requested from a malicious third-party application that appears legitimate. No credentials are compromised, MFA is not bypassed, and no security alerts are triggered. For admins, the environment remains compliant and secure. However, the consent given to the malicious app has persistent access to M365 resources, such as mailboxes,…
5 min read
Generative AI has rapidly become a core part of modern enterprises. Organizations are not only adopting Gen AI applications but are also building their own AI solutions to automate everyday tasks. However, this rapid adoption has also introduced security risks, some of which originate from as simple as prompts given. Research shows that 56% of prompt-injection…
9 min read
Sometimes, your organization needs to remove a domain, such as when moving it to a different subscription, deleting an unused domain, or cancelling a subscription. If domains are not removed properly, serious issues can arise. For example, an external client might send emails to an old address, or communication may…
8 min read
Every organization’s ultimate goal is to keep its Microsoft 365 environment secure. Among the many security measures, monitoring user sign-ins keeps you stay one step ahead of potential attacks. For example, repeated occurrence of sign-in failures may indicate attempts to compromise user accounts or result from Conditional Access policies blocking sign-ins. …
5 min read
With Microsoft 365’s powerful suite of tools like SharePoint, OneDrive, and Teams, users can easily share files and collaborate in multiple ways. While this flexibility is great for productivity, it can also cause mix-ups. In large organizations, it’s common for files to be shared more broadly than necessary. Sensitive documents…
8 min read
Ever wondered who activated a privileged role at 2 AM last night? Or why someone deactivated a critical admin role right before a deployment? If you’re managing Microsoft 365 environments, questions like these are part of the job. That’s where Privileged Identity Management (PIM) auditing comes into play. Auditing PIM…
7 min read
Break glass accounts in Microsoft 365 are used for emergency access when admin accounts get locked out. 🔒 But since they hold global admin privileges, they’re a prime target for attackers. Imagine an attacker target one of these? If it happens, it can pose a serious risk like account compromise,…
5 min read
In our earlier blog we explored how to export all sharing links to track and audit file sharing across your SharePoint Online environment. The post helped admins identify various link types, spot risky shares, and gain visibility into shared content across sites. After receiving several requests from our readers, we’re…
10 min read