Matt

  This will be my post on LinkedIn and X (Twitter) about CIS policies.   We are all trying to secure our environment as much as possible, however, we keep it accessible so users can do their jobs.   I came across a recommendation to secure Office and Exchange by using Microsoft Defender for Office, which involves configuring an Antimalware policy to block certain file types.   On page 109 of the CIS Benchmark version 5.0 for M365 Level 2 Security, blocking file types is discussed, and a list of files included in that script is provided. Please review and note that I found one of the files is (. ics ), which is used as the main file for webinars and attending online sessions like Microsoft events. These events will be blocked. So if you applied it without reviewing all extensions, you'll encounter the same issue I did, since I applied the policy and don't see a Microsoft event coming when I registered for it. So I reviewed the policy today and found this...

  Have you previously operated a device to mitigate vulnerabilities and subsequently received an extensive list of vulnerabilities from cybersecurity for that device? You are not alone in this experience.   This isn't a new feature, we are fortunate to have talented individuals in the community, such as Fabian Bader and Nathen McNulty, who have made significant contributions in this area. I have documented their efforts and recommended their work to my clients during my collaborations.   During my previous engagement with the Intune team, I observed that their permissions were highly restricted. They lacked access to cybersecurity tools such as Defender, Tenable, CrowdStrike, and Entra. As a result, they were unable to independently identify device deficiencies or vulnerabilities, relying instead on their cybersecurity team for such information. When I recommended community solutions, they expressed appreciation. However, they do not possess the authority to develop appli...

  🔐 5 Quick CIS Security Wins to Strengthen Your Microsoft 365 Tenant Today   As IT professionals, we all want a secure tenant, but between tickets, deployments, and patching, configuring new settings in Intune, Entra, Defender, etc. security hardening often gets pushed to ‘will do later.’ The problem? ⚠ ️ Attackers will never wait us! I found a couple of settings, some of them so simple, but we miss them because we are always busy. I was digging in Defender and M365 Admin Center: 1.       📅 CIS Benchmark L2 for M365 recommended to disable calendar share with external.   One of the main reasons attackers need to know about your organization before they attack it is that if we allow our users to publicly share their calendars, it can help attackers learn more about the organization and its users. They can then use this information to exploit situations like when employees are out of the office, traveling, etc.  2.     ...

  How many times do you want to get a quick look at vulnerabilities in your tenant without having to go to Entra to activate your PIM, then to Defender, and navigate deep?   This is exactly what I was dealing with this past weekend, especially in the USA, since we had a long weekend because Monday is MLK holiday, which gave me time to dig deeper.   I came across 2 GitHub repos from two amazing friends, MVPs in our community. All credit to our friends:-   1.       Fabian Bader f-bader/MSRC-PatchReview: A PowerShell variant of the amazing patch_review.py by kevthehermit amazing script, to run on your device to get all CVEs. ·          Keep in mind this script targets BaseScore 8.0,  if your company or customer, like my customers, they wants more security, you have to lower the BaseScore to 7.0 or less. You can see that in line ‘75’ from the script. ·          ...