TagMicrosoft 365

Block AdHoc subscriptions in Office 365

To block users from creating trial and adhoc subscriptions for Office 365 services or even PowerPlatform services you can turn a switch and block it.

Set-MsolCompanySettings -AllowAdhocSubscriptions $false

To check if this is set to “False” for your tenant you can run this

Get-MsolCompanyInformation |fl AllowAdhocSubscriptions 

Sensitivity labels available in Outlook Web

The first step into enabling the use of Unified labels in Office Web apps is here! Today i got the “Sensitivity” bar enabled in my tenants.

Sorry for the Norwegian text in the picture, as “Følsomhet” is the Norwegian word for “Sensitivity”

To get started with Sensitivity labels – head over to Microsoft 365 Security portal and open the “classification” menu.

From there head in to “Sensitivity” and create a label.

Next – choose the tab for Label Policies and publish the label you created.

When testing the feature, remember to only publish the label to your self so that you not enable all users in your company to use and test it. 🙂

Get started with MFA – part two

So in the previously post I went through how to activate MFA for Administrator roles i a really simple and effective way.

In this post we will focus on activating MFA for all regular users. And first off all we need to evaluate who should be activated first or should we activate on all users at the same time and do a evaluation on service accounts! If we enable MFA on for example a serivce account used for scan to email on “multi functional printers” or on a mailbox account witch are used on a thirdparty ticketingsystem (POP/IMAP) we could break those service by just enabling MFA on all users.

My recomandation is when you are more then 30 users in your company you should select a few ambasadeurs who is getting the MFA activated first and can therefore be the power users who can help others with the registration if there is any hick-ups (should not be many).

And to activate MFA for end users I highly recomend to use Conditional Access for

  • all users and exclude a AzureAD Group which contains a “Break the glass Admin” and other service accounts.
  • All cloud apps (no exeptions)
  • Grant Access – but require MFA

Easy like that! And It`s a realy quick solution for your company.

Drawback here is that you need “Azure AD Premium P1” licenses to use Conditional Access and a second drawback is that it`s not scored at the Microsoft Secure Score.

© 2020 IdefixWiki

Theme by Anders NorénUp ↑