Category: Microsoft Security | Microsoft Community Hub

Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Recent Discussions

How Can I Remove Password from Windows 11 PC?
I have a home pc that changed the password two week ago. Unfortunately, I forgot to save the password like I did in the past. Now, I can't login the PC and unable to get to the Windows 11 desktop. Is there any way to remove password from Windows 11 without losing data? I tried Ophcrack password recovery tool but it does not work on a Windows 11 PC.
Solved
Yarisyoyo
Iron Contributor
Mar 06, 2023 Place Microsoft Security
Passwordless Authentication
security
630KViews
1like
14Comments
Convert On-Prem AD Users from Office 365/Azure AD to In-Cloud accounts
Hi We have currently setup a ADConnect Sync to Office 365, this is working well. We would like to start converting Sync'ed accounts in Office 365/Azure AD to "In Cloud" accounts. Can you advise or does anyone know how we might approach this? Or can point to alternative resources? We need to ensure the accounts in Office 365/Azure AD remain active and usable. Much appreciated Paul
Paul Bullock
MVP
Feb 01, 2017 Place Microsoft Security
azure active directory
321KViews
0likes
62Comments
Encrypt button disappearing from Outlook
Hello, We seem to be having an issue with the Office 365 Office Message Encryption (OME) for a couple of customers. They are properly licensed with Business Premium and AIP Plan 1 and have the latest version of the Office desktop (1812.11126.20196). The button has just disappeared. Recently, it's been upgraded from the previous envelope with red circle to the new lock icon. Yesterday, it is now either grayed out or the tab has completely been removed from the "New" message window in the "Options" section. It was working fine the day before. Not sure if this is related to the recent update of the Office client, but other customers with the same set up are not experiencing this issue. The current affected customers still have the ability to use OWA to use the Protect/Encrypt button or mail flow rules I created for a work around. I have also tried using the Online Repair option, new Outlook profile, and uninstall and reinstall. These do not resolved the issue. Also, they do not have the AIP client software installed. I have not checked this out yet, has the other customers with the same licensing and set up or working as expected.
Alex Melching
Iron Contributor
Jan 10, 2019 Place Microsoft Security
information protection and governance
microsoft information protection
Rights Management
214KViews
0likes
28Comments
Using the extensionAttributes in Active Directory
So I'm working on expanding the data stored about User Objects in an Active Directory, but we are looking for possible candidates to store the data in, as a lot of the fields have already been used. We found the fields 'extensionAttribute(1-15)' and looked online for some information about them. I couldn't find a lot of information about them. What I found was they are a result of implementing Exchange to your system. Are they suited for adding extra data to an User Object? Will they not be removed at a point? Can I find some more documentation about them somewhere? Won't they be affected when we may want to implement other systems in the future?
Dylan Martens
Copper Contributor
Dec 14, 2017 Place Microsoft Security
azure active directory
identity and access management
197KViews
0likes
5Comments
Displaying a warning message when sending emails to external recipients with attachements
Is it possible to 'display a warning message to users when they try to send attachments to external recipients' using AIP.
Gurdev Singh
Iron Contributor
Jul 25, 2018 Place Microsoft Security
information protection and governance
microsoft information protection
Rights Management
159KViews
0likes
4Comments
App secret (application secret) Azure AD - Azure AD App Secrets
Hello everyone, Please , I want to know what is a "Secret App", by default what is the secret app lifetime ? What is the lifespan of App Secret ? is it recommended to use short-lived app secrets or use certificate authentication ??? How do you find secret apps? commentscanner to find Secret App?
Solved
ayoub92635
Copper Contributor
Mar 22, 2023 Place Microsoft Defender for Identity
142KViews
0likes
10Comments
How to: Enabling MFA for Active Directory Domain Admins with Passwordless Authentication
Administer on premise Active Directory Using Azure Passwordless Authentication removing Domain Admins passwords Hello Guys, I am here just to demonstrate that today is technically possible (Proof of Concept): Configure a modern MFA solution to access on prem Windows 10 PC Use that solution to protect privileged accounts passwords Eradicate from the domain the password presence for those privileged accounts (make impossible to use a password to log on to domain to prevent some king of password attacks) Have the ability to use multiple PAWs (privileged access workstation) with same MFA credential Have only one identity with one strong credential Same credential can be used on prem and in cloud (if needed) Connect to Domain Controller thorough RDP form the PAW using SSO (Single Sign On) Obtain above with a sort of simplicity and costs control I am not here to discuss if this document in any parts adhere to all principles and best practices of a secure administration environment, I just want to show a feature as a proof of concept. It’s up to you to integer this work into your security posture and evaluate impacts. No direct or indirect guarantee is given, and this cannot be considered official documentation. The content is provided “As Is”. Have look more deeply above points: Many customers asked me, after they have used Azure/Office 365 MFA: is it possible to use something like that to log on to the domain/on prem resources. The solution is today present : the use a security key (FIDO2) : Passwordless security key sign-in to on-premises resources - Azure Active Directory | Microsoft Docs. Please have a look also at Plan a passwordless authentication deployment with Azure AD | Microsoft Docs. I wanted to demonstrate that this solution can protect also Domain Admins group to protect high privileged accounts (important notice about is present in this document : (FAQs for hybrid FIDO2 security key deployment - Azure Active Directory | Microsoft Docs – “FIDO2 security key sign-in isn't working for my Domain Admin or other high privilege accounts. Why?”). After having substituted the password with one MFA credential (private key + primary factor) (here more information : Azure Active Directory passwordless sign-in | Microsoft Docs) we can configure a way to make the password not necessary for domain administration, very long and complex, and disabled: Passwordless Strategy - Microsoft 365 Security | Microsoft Docs With other MFA tool (e.g. Windows Hello for Business), if we want to use different PAWs (secured workstations from which the Administrator connects with privileged accounts Why are privileged access devices important | Microsoft Docs) we need to configure and enroll the solution machine per machine (create different private keys one for any windows desktop). With the described solution below the enrollment happens only once (the private key is only one per identity and is portable and only present inside the USB FIDO key) and is potentially usable on all secure desktop/PAWs in the domain. The dream is: to have one identity and one strong credential: this credential (private key installed in the FIDO physical key) is protected by a second factor (what you know (PIN) or what you are (biometric), it is portable and usable to consume services and applications on premises and in cloud To connect using RDP to another/third system after this kind of strong authentication is performed on the physical PC a password is needed (but we really want to eradicate the use of a password)….So.. We can use a Windows 10 / Windows 2016 and afterwards feature (Remote Credential Guard Protect Remote Desktop credentials with Windows Defender Remote Credential Guard (Windows 10) - Microsoft 365 Security | Microsoft Docs) to remove this limitation. If you have a certain hybrid infrastructure already in place (What is hybrid identity with Azure Active Directory? | Microsoft Docs, Configure hybrid Azure Active Directory join for managed domains | Microsoft Docs, etc.), the activation of this solution is simple and there are no important added costs (a FIDO key costs around 20 / 30 euros) The solution is based on 3 important features: AzureAD/Fido Keys, Remote Credential Guard and primarily Active Directory SCRIL Feature [ https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/passwordless-strategy#transition-into-a-passwordless-deployment-step-3 : "...SCRIL setting for a user on Active Directory Users and Computers. When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users are effectively passwordless because: the do not know their password. their password is 128 random bits of data and is likely to include non-typable characters. the user is not asked to change their password domain controllers do not allow passwords for interactive authentication ...] Chapter 1 – Enable Passwordless authentication and create your key Enable the use of FIDO Keys for Passwordless authentication. In Azure AD \ Security \ Authentication methods, enable the use of a security key for a specific group and set the keys settings in accordance with the HW provider of the key (in my case Force Attestation and Key Restriction set to off). Confirm Hybrid Device Join. Confirm your Windows 10 2004+ PC are Hybrid Device Joined. Confirm users and all involved groups are hybrid Confirm all involved users or groups are correctly replicated by AD Connect, have Azure Active Directory properly configured and login in cloud works correctly Implement Kerberos Server to foster on prem SSO (Single Sign On) for on prem resources follow this guidance Passwordless security key sign-in to on-premises resources - Azure Active Directory | Microsoft Docs Enroll the key. Please don’t use Incognito Web Mode (sign out already connected users and use “switch to a different account”). If during enrollment errors come up, check if any user is already signed into the browser (in the new Edge use “Browse as Guest” that is different from “Incognito Mode”). Login to Office.com with the user you want to provide the USB KEY and reach My Account page In My Account page open Security Info and initialize the USB Key. https://mysignins.microsoft.com/security-info If not completed before, enable MFA authentication by using a phone (SMS) or Authenticator App (in this case the user was not already provided of MFA , so the systems automatically make you enroll the authenticator app in your phone) Now, because you have an MFA tool, you can create/enroll a security key: add method / USB Key. The browser challenges you to insert a key.. to inject your identity into it Create a new PIN ! Confirm touching the key Name the key Done - security Key is enrolled with your identity Perform an Office365 Passwordless Authentication Verify you are able to sign on to O365 using the Key w/o the use of a password. Please use Microsoft Edge, if already logged click right corner and “browse as a guest” Please remember to click in “Sign in Options” to trigger key authentication : Well done: you are logged in the cloud Passwordless! Chapter 2 – Enable on prem multifactor login Deploy a GPO – Group Policy Object- to enable FIDO2 on prem login with Windows 10 2004+. In your on prem environment we can enable the use of USB key credential provider (Windows has multiple credential providers: password, usb key, smartcard, et.). Enable and link this setting to your Windows 10 2004+ machines. Restart involved machines. Now you will see a new icon to login to the PC. Clicking on sign in option you can use this new credential provides – FIDO security key - . Insert the Usb key, type the PIN… On some FIDO Keys you can avoid PIN with biometric (fingerprint). You can use the same identity/credential in all the PC with the FIDO credential provider enabled. Remember that currently for on prem sign on only one user per key is available (you can’t have multiple identity on the same usb key). Please note that this kind of authentication is recognized by Azure/O365 cloud as one already claimed MFA so when you open your preferred application the connection is in SSO (you don’t have to re-authenticate or perform another strong auth). Please note that with the same key you can login to the cloud applications using MFA from external computers w/o any modifications (like kiosks, byod computers, etc). Please note that you have access to all on prem services because the Kerberos server we installed above is useful to foster the obtention of Kerberos tickets for on prem AD service consumption Chapter 3 – Use FIDO KEYS to protect privileged users (Domain Admins) and De-materialize their password. Now we are going to enable a FIDO key for the Domain Admin or configure FIDO KEYS to work with privileged users. The default security policy doesn't grant Azure AD permission to sign high privilege accounts on to on-premises resources. To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object (e.g. CN=AzureADKerberos,OU=Domain Controllers,<domain-DN>). Remove all privileged groups you want to use with FIDO KEYS. Consider one user might be member of different groups, so remove all wanted user is member of. I removed all groups with the exception of Domain Controllers .. Make the test user member of Domain Admins group Wait AD Connect Sync Time (normally at least of 30 min) Now enroll the FIDO Usb Key for the privileged account following Chapter 1 of this guide Now test the Login with the Domain Admin using the FIDO KEY and check the possibility to be authenticated to onprem services (e.g. Fileshares, MMC - ADUC Consoles, etc.). Try the high privilege like creating a new user…. Now that we have one alternative way to Sign In on prem and in cloud (instead of password) we can work on password eradication. Obviously, every application we want to use must not use passwords (work in SSO with AD or Azure AD). This is not a problem for a privileged accounts because these should not have any application access nut only accesses to administrative consoles We will enable SCRIL policy (Smart Card is required for interactive logons) for the privileged user: Smart Card is required for interactive logon = the user password is reset and made random and complex, unknown by humanity, the use of password for interactive login is disabled Test you can’t access with password anymore To complete and strengthen the password eradication we want to prevent the use of the password also for network authentications using the NTLM protocol, so we are going to make the user member of “protected users” group Protected Users Security Group | Microsoft Docs. This because if a bad guy reset that user’s password, he/she might use the NTLM protocol to log on using password, bypassing interactive log on. Protected Users disables the entire usability of NTLM protocol that is not needed to common AD administration. If you don’t want to disable NTLM protocol and If you have Domain Functional Level 2016 you can also enable NTLM rolling to make NTLM password hash to cycle every login and improve the password eradication What's new in Credential Protection | Microsoft Docs (Rolling public key only user's NTLM secrets) Probably you want to use that user to log in to privileged systems with Remote Desktop. By default, Remote Desktop Protocol requests the use of passwords … Here we don’t have a password to write because the password is unknown by humanity….. so … how to? The simplest way to solve the above problem is to use Remote Credential Guard feature if you have the needed requirements (..Windows 10, version 1607 or Windows Server 2016.. or above) What's new in Credential Protection | Microsoft Docs To enable it on the server we want to connect to, just add this registry key using the example command reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD From the client where we used the FIDO login, just run RDP with the parameter /RemoteGuard Now also the RDP remote authentication performs well without passwords!!! Now we signed in a Domain Controller using a MFA key and is no more possible to use a password for domain administration. Update1: using temporary access password might be possible to never assign even a beginning password to a Domain Admin neither need a phone authentication. Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods | Microsoft Docs As detailed above, create a Domain Admin on prem, immediately enable SCRIL and Protected Users, wait AD connect sync time, create a temporary password for that admin user (the temporary password can only be used to enable an MFA credential w/o using a Phone and w/o the risk of someone else accessing applications during the configuration phase). We recommend to maintain Azure Global Admins and Active Directory Domain Admins identities separately, so don't make synced Domain Admins member of Azure Global Admins role.
Dabona
Microsoft
Oct 01, 2021 Place Microsoft Security
Passwordless Authentication
security
130KViews
7likes
18Comments
PasswordLastChanged or PwdLastSet
I'm trying to get the fields PasswordLastChanged or PwdLastSet so i can notify my users when they have to change their password but i dont know how to get that fields
Ooster1
Copper Contributor
May 08, 2019 Place Microsoft Graph Security API
125KViews
0likes
3Comments
Sensitivity button grayed out
Hi Previously the Sensitivity button was working fine in word 8latest ProPlus) - now its grayed out. Classifications Labels are defined and scoped/re-published to an O365 group/members through the compliance center - however, the button remains grayed out - got E3 licenses. The group also has a 'Team' and therefor SharePoint site where there are files that need to be classified Why is this suddenly stopped working? - how to troubleshoot this?
Taen keren
Steel Contributor
Aug 26, 2020 Place Microsoft Security
96KViews
0likes
4Comments
Enabling MFA on admin level access to On premise AD
Hello everyone. I've run into a puzzler and I'm hoping someone can give me a tip on how to solve this. I have received a "cyber security attestation" document from a major insurance provider and must be able to say yes to all of the items on it as a baseline to receive a policy. Here's the one I'm stuck on: multi-factor authentication is required for the following, including such access provided to 3rd party service providers: All internal & remote admin access to directory services (active directory, LDAP, etc.). I'm not aware of a way to set up any MFA for admin access to Active Directory itself, but I'm all ears if someone knows of a way. What I think the only viable solution would be is to set up MFA for access to any Domain Controller in the domain. In order for that to be adequate though, I then need to be able to prevent RSAT connections to Active Directory. I'm not sure if there's a way to restrict that or not, so that's where i'm currently stuck. Can anyone point me in the direction of a solution for either preventing RSAT access or (fingers crossed) enabling MFA on AD itself? Thanks, Joel
JHanson1821
Copper Contributor
May 12, 2021 Place Microsoft Security
87KViews
0likes
15Comments
Enriched NTLM authentication data using Windows Event 8004
Have you previously experienced NTLM authentications activities that came from unknown devices, such as Workstation or MSTSC? Would you like to discover the actual server being accessed inside the network? This information is now available in Azure ATP! Starting from Version 2.96, Azure ATP sensors parse Windows event 8004 for NTLM authentications. When NTLM auditing is enabled and Windows event 8004 are logged, Azure ATP sensors now automatically read the event and enrich your NTLM authentications activities display with the accessed server data. New Resource Access over NTLM activity is now available, showing the source user, source device and the accessed resource: Joye Parsons (1) is accessing CLIENT2 from W10-000100 device over NTLM. Enriched Failed log on activities providing the destination computer the user attempted, but failed to access: Joye Parsons (1) failing to log on to CLIENT2 from W10-000100 device over NTLM. In a future release, this data will also be available directly in authentication based Azure ATP security alerts such as Brute Force and Account Enumeration. Stay tuned for more updates. As always, your feedback and questions are welcome!
Tali Ash
Microsoft
Sep 24, 2019 Place Microsoft Defender for Identity
63KViews
7likes
10Comments
Allow Use of Microsoft Authenticator OTP in Azure AD
Hi All, We wanted to enabled number matching and Passwordless with Microsoft Authenticator app and when I go to there I could see the below setting under configurations. But I wanted to make sure what that setting is and what it the recommended configurations for this "Allow Use of Microsoft Authenticator OTP" before configure in production environment. appreciate if anyone could help me on this. Thanks, Dilan
Solved
dilanmic
Iron Contributor
Nov 18, 2022 Place Microsoft Security
azure active directory
Conditional Access
identity and access management
identity protection
Multifactor Authentication
60KViews
0likes
7Comments
403 Forbidden response when requesting Microsoft Security Graph API
Hello, i am developing an app, nodejs, and running into http 403 when calling the https://graph.microsoft.com/v1.0/security/alerts endpoint. I have assigned myself and my app the `security reader` and `security admin` roles. I have delegated api permission to the azure ad app `SecurityEvents.Read.All`. I can call https://graph.microsoft.com/v1.0/security/alerts using the graph explorer no problem, but in my own app, i simply get 403. I have consented to the popup when it was displayed the first time i signed in and called the graph.. For testing, i cal successfully call other endpoints, like https://graph.microsoft.com/v1.0/me and https://graph.microsoft.com/v1.0/me/messages What am i missing.
Solved
AndrewX
Iron Contributor
Feb 09, 2019 Place Microsoft Graph Security API
59KViews
1like
6Comments
Announcement: Office 365 Secure Score Released to Public Preview
Microsoft is pleased to announce the preview availability of a new security analytics service called the Office 365 Secure Score. The Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to further reduce that risk. We think of it as a credit score for security. Our approach to this experience was very simple. First, we created a full inventory of all the security configurations and behaviors that our customers can do to mitigate risks to their data in Office 365 (there are about 77 total things that we identified). Then, we evaluated the extent to which each of those controls mitigated a specific set of risks and awarded the control some points. More points means a more effective control for that risk. Lastly, we measure the extent to which your service has adopted the recommended controls, add up your points, and present it as a single score. The core idea is that it is useful to rationalize and contextualize all of your cloud security configuration and behavioral options into one simple, analytical framework, and to make it very easy for you to take incremental action to improve your score over time. Rather than constructing a model with findings slotted into critical, moderate, or low severity, we wanted to give you a non-reactive way to evaluate your risk and make incremental changes over time that add up to a very effective risk mitigation plan. The Office 365 Secure Score is a preview experience, so you may find issues, and you will note that not all of the controls are being measured. Please share any issues on the Office Network Group for Security. You can access the Secure Score at https://securescore.office.com. The Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted controls which can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way. Your Secure Score Summary The first, most important piece of the Secure Score experience is the Score Summary. This panel gives you your current Secure Score, and the total number of points that are available to you, given your subscription level, the date that your score was measured, as well as a simple pie chart of your score. The denominator of your score is not intended to be a goal number to achieve. The full set of controls includes several that are very aggressive and will potentially have an adverse impact on your users’ productivity. Your goal should be to optimize your action to take every possible risk mitigating action while preserving your users’ productivity. As mentioned, the Office 365 Secure Score is in a preview release. Over the coming months you will see us continue to add new controls, new measurements, and improvements to the remediation experiences. If you like what you see, please share with your network. If you see something we can improve, please share it with us on the Office Network Group for Security. We’re looking forward to seeing your scores go up, and making the Secure Score experience as useful, simple, and easy as it can be. Read More Here: https://blogs.technet.microsoft.com/office365security/new-security-analytics-service-finding-and-fixing-risk-in-office-365/
Solved
Brandon Koeller
Microsoft
Aug 12, 2016 Place Microsoft Security
55KViews
25likes
72Comments
New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center Microsoft continues our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help customers detect, investigate, and mitigate attacks, as well as guidance for using Microsoft security solutions to increase resilience against related attacks. We will update this blog with information and protection details as they become available. In addition to monitoring the threat landscape for attacks and developing customer protections, our security teams have been analyzing our products and services to understand where Apache Log4j may be used and are taking expedited steps to mitigate any instances. If we identify any customer impact, we will notify the affected party. Our investigation to date has identified mitigation steps customers could take in their environments as well as on our services.
AshleyMartin
Microsoft
Dec 13, 2021 Place Microsoft Security
azure active directory
azure application gateway
Azure Web Application Firewall
cloud security
55KViews
0likes
3Comments
message.rpmsg
Hi, I'm trying to find an answer to an issue that I am experiencing. If I send an Azure Information Protection email message to one of my clients, they receive an email with an attachment - 'message.rpmsg' and the subject indicating that they are the recipient of a protected message. If the client attempts to opens the file using an iOS device using Microsoft Outlook, the file cannot be opened or shared. If they attempt to open the attachment with the native email client, they get the option to share the file with the AIP Viewer app they've downloaded and once authenticated they're good to go (albeit a clunky process). If they client tries to open the attachment using their email app on their PC, say Outlook 2016, the file cannot be handled and the user is unable to open, even if they try and associate it with Outlook or the AIP viewer or the AIP client. I can't believe that such a great solution in principal, is so complex to use and I have therefore come to the conclusion that the solution has been implemented incorrectly. BTW, I am currently engaging with MS Support Services which, without sounding too disparaging, is tedious. Can anyone put me on the right path? BTW, I watched this video and it suggested that new functionality is coming to make this easier?? Many thanks.
Solved
NEIL MARLOWE
Copper Contributor
Dec 05, 2017 Place Microsoft Security
information protection and governance
microsoft information protection
51KViews
1like
3Comments
Overrides and false positives in DLP policy end user experience
Ok so a user gets a policy applied to his/her document for let's say PCI compliance. On the policy tip we give the user the option to override with a business justification or to report as a false positive. If they click the "report" button in the policy tip where does that go? where do I as an admin go to review those and presumably take some kind of action on that report? allow and reclassify or keep the classification and inform the user. I'd expect to see something in the S&C reports but I can't see a thing. I can view my overrides report and view where a user has overridden a classification but nothing anywhere else that lets me interact with any reported "cases"
Solved
mikerowlandlondon
Brass Contributor
Jun 11, 2018 Place Microsoft Security
compliance
data loss prevention
security
51KViews
1like
18Comments
Suspected brute-force attack and None of the passwords attempted where previously used passwords
Suspected brute-force attack (Kerberos, NTLM) and None of the passwords attempted where previously used passwords. This makes me wonder. It knows it is a password that was not used before. But did the account try to login 100x times with this password or did it do 100x times a try with 100 passwords that where not used before. If it is the 100 tries with just 1 never used password it is possible just someone who made a typo in a script (password) for example. If it was 100 different password it is a much bigger issue. I can not find this the documentation how i should read this. I am also not aware if there is a option to figure this out (kusto query for example). Anyone a idea?
Jeroen_van_der_Broek
Copper Contributor
Feb 27, 2023 Place Microsoft Defender for Identity
51KViews
0likes
4Comments
Onenote Files used in Malware attacks
Hi Folks, Any comments or recommendations regarding the increase of attacks via onenote files as noted in the below articles? I'm seeing a increased number of recommendations for blocking .one and .onepkg mail attachments. One issue is onepkg files currently cannot be added to the malware filter. Microsoft OneNote Abuse for Malware Delivery Surges - SecurityWeek Detecting OneNote Abuse | WithSecure™ Labs B Joshua
Solved
Joshua Bines
Iron Contributor
Mar 09, 2023 Place Microsoft Security
email security
Endpoint Security
microsoft 365 defender
50KViews
0likes
2Comments
Attack Simulation Training - external tag
I am testing the Attack Simulation Training. I noticed on the phishing email I received, that the "External" tag that Outlook assigns was missing. That would be a red flag for many people. Is there a way to make this more realistic and have the External tag? Attack Simulation Training
JG-Burke
Brass Contributor
Apr 13, 2023 Place Microsoft Security
Attack Simulation Training
50KViews
0likes
6Comments

Events

Tune into Microsoft Entra Suite webinar series!

Microsoft Entra Suite scenario deep dive: Secure access to internet resources with Microsoft Entra Suite

in 10 hours

Microsoft Entra Suite helps enforce Conditional Access to cloud apps and internet resources. Watch our product expert demo how to implement secure risk-based access to all resources with Microsoft En...

Thursday, Mar 13, 2025, 07:00 AM PDT

Online

2likes

242Attendees

0Comments

Recent Blogs

3 MIN READ
Blog Series: Charting Your Path to Cyber Resiliency
Part 1: What Is Cyber Resiliency and How Do I Get It? Recently I was on a call with some Security leaders who were interested in how we at Microsoft could help them with cyber resiliency. But when ...
LizTesch Microsoft Security Blog
Mar 10, 2025
enterprise security
216Views
2likes
0Comments
5 MIN READ
ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison
When managing identities across multiple tenants, organizations often face a crucial decision: should they choose ADSS (Active Directory Synchronization Service) Tenant Sync or Entra Native Cross-Ten...
SankaraNarayananMS Microsoft Security Blog
Mar 06, 2025
identity and access management
identity migration service
microsoft entra
417Views
0likes
0Comments

Resources

Share

Tags

cloud security1084

microsoft information protection765

information protection and governance659

microsoft 365541

microsoft sentinel359

microsoft purview350

data loss prevention318