On world password day, Microsoft says fewer passwords, more passkeys

And we agree. If there is a cybersecurity themed day that we would like to get rid as soon as possible it’s world password day. Sorry, old friend, but you’re outdated, and it looks like your days are numbered. Let's switch to passkeys. To quote Microsoft: “As the world shifts from passwords to...

Microsoft will disable Basic authentication for Exchange Online in less than a month

Microsoft has posted a reminder on the Exchange Team blog that Basic authentication for Exchange Online will be disabled in less than a month, on October 1, 2022. The first announcement of the change stems from September 20, 2019. With so much warning you might expect organizations to be ready, a...

CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1

CISA has released guidance on switching from Basic Authentication “Basic Auth” in Microsoft Exchange Online to Modern Authentication "Modern Auth" before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support...

A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365

Microsoft 365 M365, formerly called Office 365 O365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and...

Raider - Web Authentication Testing Framework

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication...

Authorization for organizations with modern app-only authentication fails due to expired SSL certificate

Challenge An attempt to authenticate a tenant connection using Veeam Backup for Microsoft 365 REST API fails with an invalid/expired certificate error. Cause The SSL certificate for the login.microsoftonline.com site has expired in the local certificate store. Solution To update an expired...

Empowering employees to securely work from anywhere with an internet-first model and Zero Trust

Like many this year, our Microsoft workforce had to quickly transition to a work from the home model in response to COVID-19. While nobody could have predicted the world’s current state, it has provided a very real-world test of the investments we have made implementing a Zero Trust security mode...

Empowering employees to securely work from anywhere with an internet-first model and Zero Trust

Like many this year, our Microsoft workforce had to quickly transition to a work from the home model in response to COVID-19. While nobody could have predicted the world’s current state, it has provided a very real-world test of the investments we have made implementing a Zero Trust security mode...

MS15-099: Description of the security update for Excel 2013: September 8, 2015

Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office...

Changing the Monolith—Part 4: Quick tech wins for a cloud-first world

You may have heard that identity is the “new” perimeter. Indeed, with the proliferation of phishing attacks over the past few years, one of the best ways to secure data is to ensure that identity—the primary way we access data—can be trusted. How do we secure identity? Start by evaluating how use...

Veeam Backup for Office 365 Complete Permissions

This KB is being phased out The content of this article is being transitioned to the Veeam Backup for Microsoft 365 User Guide. An up-to-date list of Required Permission is available in the Veeam Backup for Microsoft 365 User Guide. Authentication Modes Summary Depending on the Microsoft 365...

Description of the security update for Office 2013: April 10, 2018

Description of the security update for Office 2013: April 10, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Description of the security update for SharePoint Server 2016: June 13, 2017

Description of the security update for SharePoint Server 2016: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...