Post - Lukas Beran (@lukasberan)

background image

Lukas Beran


Cybersecurity Consultant

Prague, Czech Republic

Senior Cybersecurity Consultant (DART) at Microsoft focusing on cloud security. Opinions are my own.

93 Posts

  1. How to enable Microsoft Authenticator passkeys in Entra ID

    Microsoft has come out with support for device-bound passkeys in Microsoft Authenticator as a method of Microsoft Entra ID authentication. Passkeys are one of the strongest, phishing-resistant authentication methods available. Learn how to enable it, configure it and how to enroll
  2. Microsoft Entra ID Token Protection explained

    Microsoft Entra ID Token Protection is a security feature within Microsoft Entra's Conditional Access that aims to mitigate token theft by ensuring that a token can only be used from the device it was issued to. This is achieved through a process called token binding, which creat
  3. How to block top-level domains via Microsoft Intune

    There are multiple ways to block specific domains. The easiest way to do this is within Microsoft Defender for Endpoint using Indicators. However, Indicators does not allow you to block top level domains (TLDs). But what if you want to block the entire top level domain, for examp
  4. Microsoft-managed Conditional Access Policies in Microsoft Entra ID

    Microsoft has rolled out so-called Microsoft-managed conditional access policies in November 2023. The policies will be automatically enabled very soon. Do you know what is the impact of the policies on your tenant? Microsoft-managed Conditional Access Policies in Microsoft Entra
  5. How to deploy Microsoft Defender for Endpoint to macOS

    Microsoft Defender for Endpoint is a security product that supports all commonly used platforms, including Apple’s macOS. Many macOS device owners believe they don’t need a security product, but unfortunately, this is a very naive and risky opinion. The opposite is true actually;
  6. Microsoft Entra ID Authentication Strengths explained

    Authentication Strengths in Microsoft Entra ID allows you to granularly define authentication requirements for different situations. It is possible to define different groups of authentication methods and then associate them with conditional access policies. Do you want to know mor
  7. How to manage Microsoft Edge updates in Intune

    A web browser is an essential tool for most people's work. And it is also a potential gateway into the computer for various malicious code, malicious links, etc. How to manage Microsoft Edge updates in Intune That's why you need to keep your web browser up to date. Older versions u
  8. How to secure Microsoft Entra ID tenant

    Microsoft Entra ID has a huge amount of configuration. Unfortunately, the default configuration for new tenants is not optimal from a security perspective. Let’s take a look at the most important settings. 👇 👇 How to secure Microsoft Entra ID tenant #cybersecurity #tips #entraid #con
  9. Service dependencies in Microsoft Entra ID

    Evaluation of Conditional Access Policies in Microsoft Entra ID is relatively simple and straightforward. But what many administrators don't realize are the background dependencies between different services, called service dependencies. Do you know the difference between early-bo
  10. How to manage Microsoft 365 Apps updates in Intune

    Application updates can be managed through Intune or through external tools. External tools typically provide significantly more configuration and customization options. But external tools need to be purchased, set up, integrated and maintained. In many cases, the native capabilit
  11. Recommended Conditional Access Policies in Microsoft Entra ID

    Conditional Access Policies in Microsoft Entra ID are super important because they allow granular control of who can access what and under what conditions. But those policies need to be properly configured and tested. And I almost always see gaps in coverage of conditional access
  12. How to secure your email with SPF, DKIM and DMARC

    #Google and #Yahoo will begin enforcing #DKIM and #SPF for inbound email as early as February 2024. Otherwise, emails might be delayed in delivery or not being delivered at all. And if you send bulk emails, you need to have DMARC set up as well. These are all things you should hav
  13. Understanding Primary Refresh Tokens in Microsoft Entra ID

    Primary Refresh Tokens ( #PRT ) serve as a cornerstone in Microsoft Entra ID’s authentication and access management framework, enabling users to seamlessly access Microsoft services while maintaining stringent security standards. Understanding Primary Refresh Tokens in Microsoft Ent
  14. Microsoft Entra ID device join types

    Microsoft Entra ID supports several device join types, each tailored to accommodate different scenarios, device types, and management requirements. Understanding the nuances among these join types is crucial for implementing an effective device management strategy within an Micro
  15. Lateral Movement Path Detection in Microsoft Defender for Identity

    Lateral movement is a technique where attackers exploit compromised credentials or vulnerabilities to traverse a network, seeking valuable information and escalating their privileges. Learn how Microsoft Defender for Identity can help with detection and prevention of lateral movem
  16. Access tokens, refresh tokens, tokens issuance, token exchange, ... Lots of magic behind Microsoft Entra ID, but important for troubleshooting and also security. Let's take a look under the hood at what happens the moment a user logs into a cloud service. #entraid #azuread #authen
  17. Difference between delegated and application permissions in Microsoft Entra ID

    Delegated permissions versus application permissions in Microsoft Entra ID. Do you know the difference? Delegated permissions allow apps to act on behalf of users. Application permissions allow apps to act directly and are not tied to a specific user. Read the details in my blog po
  18. How to reset domain admin password on an Azure VM

    I was in a situation where a customer completely lost access to their Active Directory. How to reset domain admin password on an Azure VM Fortunately, they had some domain controllers in Azure, which allowed us to do a domain admin password reset directly from the Azure portal and
  19. How to secure your email with SPF, DKIM and DMARC

    Email credibility and deliverability go hand in hand and are usually important to a company's business. No company probably wants its emails to fall into spam or quarantine. How to ensure the best email deliverability? Set up SPF, DKIM and DMARC. How to set this up for emails in O
  20. I have a blog!

    Cybersecurity World I started to write my blog about interesting things from the world of cybersecurity, that's why I called the blog Cybersecurity World 😆 I put there things that I find important, interesting or people ask me about them Please share 🥰

You are viewing a robot-friendly page.Click hereto reload in standard format.