Having worked for Microsoft partners, and with Microsoft technologies, getting certified by Microsoft can be useful - however, like so many other vendors, Microsoft offers a large selection of certifications, and retires and launches new certifications on a regular basis.

Following on from an earlier post, this post is the first in a series of articles covering the overall MS certification offering and how it may be of relevance from a security perspective.

More details have been added for specific areas in the MS365, Azure, and Security and Compliance pages.

As of the end of June 2023 March 2024, Powershell modules AzureAD, AzureADPreview, and MSOnline will be deprecated. The provided replacement is Microsoft Graph Powershell.

However, you may be surprised to find out just what's required in order to get it working, and may find that you need to re-evaluate your Powershell automation projects.

Earlier this month I came across an article covering a recent development in malware scanning in MS365.

While putting a file in a password-protected Zip archive has been a traditional method of bypassing malware filtering (often with good reason), the changes in how Microsoft scans files traversing their services has made this no longer reliable.

Earlier this year Microsoft announced the retirement of Microsoft 365 Security Administrator certification (commonly known by its exam designation MS-500). This wasn't a surprise as the content was generally replaced by the newer specialty certifications and the SC line of exams.

However I was surprised to find that Microsoft also retired the Microsoft 365 Enterprise Administrator syllabus and exams, and its replacement is far more security focused than before.

As many of us now work remotely, and have many devices of various trust in our homes, there has been a good use case for keeping them separate. Turns out, this can be quite easy to accomplish on inexpensive network equipment.

Following from the prior post discussing MFA use cases and bypasses, this post expands on the prior article and adds further ideas on protecting your users' identities.

Ever since Multi Factor Authentication (MFA) started gaining popularity as a means to limit the usefulness of stolen credentials, it was only a matter of time before attackers adapted to the new reality (as demanded by the Red Queen Effect).

In this article I look at common MFA methods that are not phishing resistant, as well as a recent attack that bypasses MFA.

Check the follow-up post for a different take on bypassing MFA and the resulting implications.

Following from the prior post discussing Azure security and networking, I felt that additional coverage of Azure Network Security Groups was needed, as it is not the most obvious topic (and the design is quite different from how AWS does it).

I'd recently renewed my Azure Network Engineer certification, and it's good to see how much of the syllabus is still highly relevant from a cloud security angle. From a certain perspective, it's a stepping stone to the Azure Security Engineer certification (AZ-500), and a good check for useful knowledge.

I'd recently come across WatchGuard's Internet Security Report for last quarter (available here and a summary article here). The findings are surprising, and if the report's results are broadly accurate, indicate a notable lack of tuning of the relevant network security tools.