SharePoint Tidbit – Disabling SMB1 so that you can sleep better at night

Hello All, Recently I performed a RaaS with a customer and it provided a new recommendation that I thought would be great to pass along to you. Disable SMB1 on your server. This is an amazing suggestion as we have other versions of the protocol to do the work for you and due to the…


SPO Tidbit – Securing the Site Collection

Hello All, I will assume that you have set the permissions on your Site Collections correctly, but if that still leaves the security team uncomfortable we can always look to perform several other steps using Conditional Access and SharePoint admin. The Microsoft team approaches this by classifying 3 types of sites Baseline, Sensitive, and Highly…


O365 Tidbit – Working with CISO and securing

Hello All, As you dive further into your O365 tenant and look to start rolling out the services you will have to work with your security officers to insure that you are compliant with that group. Microsoft has provided several resources Microsoft Trust Center Penetration Testing Rules of Engagement Microsoft Cloud Bounty Program For an…


O365 Tidbit – Discovering O365 Security best practices

Hello All, I was reading about this tool during an internal discussion on security and thought you might be interested…. You can use Office 365 Secure Score to realize which security best practices your following, and then using the results improve your security using the built-in features provided but that you have not implemented. The…


What’s going on with Auditing in O365

Hello All, Recently was working with a customer and looking at Audit data, it surprised me when I discovered that they were looking at the audit logs in the Site Settings instead of in the Security & Compliance portal. If you didn’t realize the Security & Compliance portal has been receiving a ton of updates…


O365 Groups Tidbit – Compliance in O365 Groups (Retention policies)

Hello All, I think we can all agree that compliance in any technology is important in todays world, and I believe that with Groups this becomes very important since they are used everywhere in O365.  So let’s take a quick look at Retention policies as part of your Compliance plan in O365. NOTE: You will…


SPO Tidbit – Change to external users in O365

Hello All, Microsoft is updating the behavior and governance of access by external users in Microsoft Office 365. After 3/23/2018, an external user will see only the content that’s shared with that user or with groups to which that user belongs. External users will no longer see content that’s shared with Everyone, All Authenticated Users, or All Forms…


Microsoft Teams – Security and Compliance

Hello All, Question about Teams retention police came from another customer and I thought it might interest you.  At Ignite there had been a session that touched on the subject, if you would like to watch the session (Go here https://www.youtube.com/watch?time_continue=5&v=cpMhjhjvaQU) at minute 28 they jump into a demo but I think you will find…


Exposing SharePoint to the Internet

Hey Guys, This is a very high level view of how to expose SharePoint to the internet. Methods:       Place all of SharePoint or SharePoint WFE in DMZ.       Allow traffic thru DMZ passing into internal network (Using router or Load balancer).       Place TMG or similar product in DMZ. Pro's and Con's: 1. Place…

3