Welcome back!
Last time (2025 – Automating updated Named Locations – like a boss! – -Have you patched yet?) we wanted to automate blocking malicious IP’s by importing these into a Named Location Conditional Access policy. This time we have a scenario where we want to automate blocking malicious urls/domains by importing these into Defender IOC’s with Defender API.
Continue reading “2025 – Automating updated DefenderIOCs – like a boss!”Welcome to another blogpost.
This time we have a scenario where we want to automate blocking malicious IP’s by downloading them and importing these into a Named Location Conditional Access policy.
Welcome back!
This is part 2 in the CA series – if you haven’t checked Part 1 yet, you can find it here; https://prottecio.com/2025/03/02/2025-conditional-access-ca-policy-part-1-get-started/
Today we will build a policy to block risky sign-in, risky user, securing device registration and more!
Continue reading “2025 – Conditional Access (CA) policy part 2”Welcome back!
Today we will look into the world of Conditional Access – I’ll short it to CA from now.
Even though this could be done at a really fine-grained level and with great complexity – fear not; I will provide you some examples on some really great and fairly easy policies you can implement quickly and improve your security posture with low effort.
Let’s go get those low hanging fruits first!
Continue reading “2025 – Conditional Access (CA) policy part 1 – Get started!”Hi and welcome back!
Today we will talk about Privileged Identity Management (PIM) and I will show you the idea of how you can enable this for your admin users in your tenant.
First – what is a Microsoft Entra role and why can’t all your admins just be Global Admins 24/7?!?
Continue reading “2025 – Enable Privileged Identity Management (PIM) in your tenant”Hi and welcome back!
Do you want your employees to be able to log on without passwords in your tenant? And even better, do you want them to get phishing-resistant logon? Let’s go ahead and set it up!
This picture is Microsoft’s, and I’m just borrowing it for reference.
For more information on authentication and verification methods, you can visit Microsoft Learn here; Authentication methods and features – Microsoft Entra ID | Microsoft Learn
Everything is better then just a username and password. If you don’t have MFA setup in your tenant yet, do it.
Continue reading “2025 – Enable Phishing-resistant MFA in your tenant”It’s been too long since my last post. Life caught up to me, so did work. It’s been a long 1,5 years, to cut it short I acted as IT-leader in Voss herad (a municipality in Norway) from June 2023 to June 2024 before I then got the job and title permanently. A big task, a big responsibility and a big opportunity – right now I wouldn’t be any other place then working with my talented IT-crew here – we have done a lot of good work the last couple of years and we have a lot of cool stuff on the threshold for 2025!
The blog has been lurking in the back of my head but I just couldn’t find enough time to do it right, so I didn’t. The way I started out I wanted to do a scenario from A-Z with all details covered. A way bigger project than I first thought it to be.
But a couple of weeks ago, after posting a bit on LinkedIn about FIDO and phishing-resistant authentication, I stated something along the line; “don’t wait to implement something security related just because you can’t do it 100% the first time – it’s better to do something than nothing at all. 10% is better than 0%”
Wow, 3 months since last post already. I blame it on a crazy busy end of the year at work combined with all the different closing-parties for the kids on school, activities and so-on – and everything that needed sorting out for Christmas. Christmas for me was all about mental wellness and spending some much needed quality time with the wife, the kids and family in general.
2023 is here, and boy has it been busy already. And what better way to start the first blog of the new year on a big Friday 13th crisis – at least if you are using Microsoft ASR(Attack Surface Reduction)-rules.
Continue reading “#ASRmageddon – All your shortcuts are belonging to us….”If you are running Exchange-servers locally, I would recommend you read this. According to several posts since yesterday, there is a new 0-day exploit going on; https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html#:~:text=Temporary%20containment%20measures
Welcome to the first ever blogpost on PROTTECIO!
This blog is a work-in-progress – just like my own skills. I always strive to learn new stuff, to see new connections, to get to know like-minded peers, to improve the workflow for others, to secure something unsecure, and so on.
Hopefully this blog will inspire you to not being afraid to start something new, learn something new, something you don’t know or improve something you do know. And if you fail, even better – failure is key to improvement and learning! It’s not about being the best in what you do, it’s all about being the best you can be at what you do. And to be the best version of you, you need to try, fail, try again, and succeed. And don’t stop there; repeat the process and improve – over and over again!
The tip of the iceberg!
