10 Mistakes that a Microsoft 365 Admin Must NEVER Make!

preview_player
Показать описание
In this session I’ll explorer some of the most common mistakes that Admins can make in Microsoft 365. Mistakes that can at first appear simple. But in fact can cause major harm to both your security and your business. This in-depth session uncovers the most common mistakes, but also demonstrates how to fix them. This is a session packed with demos, so if you’re looking to learn or are even preparing to take a certification exam, this will prove to be an invaluable session.

Timecodes
00:00 Introduction
02:00 10 - Using RBAC Wisely
04:58 9 - Entra Identity Protection
09:43 8 - Authentication Method Errors
13:00 7 - Creating a Break Glass Admin Account
15:39 6 - File Sharing Nightmares
19:12 5 - Global Admin No No’s
21:15 4 - Pin Down your Guest Account Defaults
23:29 3 - Deploying Entra ID Security Defaults
24:56 2 - Modern Authentication Nightmares
27:26 1 - Access Reviews (An Absolute Must)
32:30 Session Review
  1. Andy Malone MVP
  2. Microsoft 365 Common Admin Mistakes
  3. Entra ID Admin Mistakes
  4. Errors
  5. Microsoft 365
  6. Andy Malone MVP
Рекомендации по теме
10 Mistakes that 0:33:06

10 Mistakes that a Microsoft 365 Admin Must NEVER Make!

10 Mistakes to 0:08:14

10 Mistakes to Avoid in Microsoft Interviews

Microsoft 365: The 0:32:11

Microsoft 365: The Top 5 Admin Mistakes and HOW to avoid them!

10 Microsoft XBOX 0:12:05

10 Microsoft XBOX MISTAKES They Want You To Forget

Avoid These 5 0:14:33

Avoid These 5 Microsoft 365 Management Mistakes with 10X Microsoft MVP Christian Buckley

Microsoft's 3 Biggest 0:30:01

Microsoft's 3 Biggest Mistakes

Top 10 C# 0:15:11

Top 10 C# Mistakes that will get you in trouble

5 Worst Mistakes 0:03:33

5 Worst Mistakes Everyone Makes On Windows 10/11

BsidesSLC 2014 - 0:45:43

BsidesSLC 2014 - Top 10 Mistakes Made With Using Microsoft As The Foundation - Adam Steed

STOP Making These 0:15:09

STOP Making These 5 Microsoft Project Mistakes!

The Top 10 1:37:38

The Top 10 Developer Mistakes That Won't Scale on Microsoft SQL Server

Ms Word Tips 0:00:20

Ms Word Tips And Tricks//Ms Word Shortcut Keys//Ms Word Magic code #shorts #youtubeshorts #shortfeed

If your PC 0:00:14

If your PC is running slow do this…

FIX Microsoft Purview 0:10:03

FIX Microsoft Purview DLP Mistakes in 10 Minutes or Less!

Top 10 Biggest 0:12:22

Top 10 Biggest Microsoft Mistakes Ever

10 most common 0:29:33

10 most common mistakes using Microsoft Teams

More Windows 10 0:00:18

More Windows 10 BSOD

Windows 11: Mistakes 0:06:57

Windows 11: Mistakes Microsoft can't repeat

3 THINGS TO 0:00:53

3 THINGS TO NEVER SAY in a JOB INTERVIEW! Interview Tips! #interviewtips #mindset

ATC makes a 0:00:36

ATC makes a terrible mistake | Real ATC Audio | MSFS reenactment

STOP Making These 0:12:33

STOP Making These 7 Common MISTAKES in your Windows PC/laptop

Working at Microsoft 0:00:47

Working at Microsoft is … weird

Avoid these 10 0:00:57

Avoid these 10 IELTS Mistakes: FULL VIDEO OUT NOW

Top 15 Microsoft 0:20:34

Top 15 Microsoft Word Tips & Tricks

Комментарии
Автор

Good video, thanks for the tips.
As someone who is fairly new to 365 administration, I find it a bit discouraging that so many important security features are hidden in obscure areas, or paywalled behind licenses.
Security defaults are great, but once you enable them you cant go in and customize things. For example when security defaults are enabled there is no option to turn off the "first contact safety tip" for emails, even if the setting is disabled in the spam policy.

Jeffero
Автор

One of the best video's you've ever done, Andy. Superb presentation !!! Loved it !!! Thank you.

adrianclarke
Автор

On the "Using RBAC wisely", i prefer to assign permissions to a user via PIM & JIT, then when the role is activated have a CA rule that allows admins access only after MFA (number matching) and with no persistent browsing and session life of max 4 hours (or the max hours a role can be activated). Then to top it off only from an Intune managed marked as compliant device and/or hybrid domain joined device. No use of safe zones allowed, zero trust. And if you really want to kill it, plug it in with the Defender suite (identity/endpoint)

bingbonus
Автор

Thanks as always Andy! And thank you so much for putting that banner in at 5:13 telling people which license they need! That's very helpful indeed!

standardnerd
Автор

Can't stop watching your videos. Very informative 👏

uswigglabyronchishava
Автор

Great video. I have learnt alot from you since subscribing. From this tutorial, I realized I was making 5 mistakes. I have changed those settings. Thank you.

harryanderson
Автор

I'm considering setting "Allow external users to remove themselves from your organization" to No instead of the recommended Yes. If a guest user has unintended or unwarranted access to the tenant and exfiltrates data or whatever, and then the guest user removes itself, unless one has a routine for going through access and security logs, then the data exfiltration may well go under the radar and remain undiscovered. Checking the user list and discovering a guest user that should not be there is more of a low hanging fruit than perusing logs.

undixgalore
Автор

Hi Andy, I really enjoy your content, it's clear and always well presented.

It's something I can't really say about Microsoft. I find azure and a lot of Microsoft products/services (with the exception perhaps of 365 as I spend so much time in it), so poorly laid out, difficult to navigate around and also confusing - especially their licensing models - I don't think many Microsoft employees know themselves when it comes to licensing! Part of it, is of course the sheer complexity and breadth of what is on offer.

As an MSP based in the UK, and, dealing with a lot of SMBs, the IASME cyber security certification is gathering a lot of traction, (it's now often a requirement in order for a business to be eligble for a tender etc.).

I know there are lots of elements (intune, entra id - conditional access etc.) that are relevant to this, but I really wanted to ask you if there is a specific format or logical order in which to learn and deploy azure services - ie. the full understanding of one element of azure builds the foundations neccessary to understand and deploy another, or is it more of a cherry picking excerise?

For example, I am personally interested at this very moment in intune, for mobile device management, and, it's something i am currently playing with / reading up on (i have watched your video on this also). Before we would ever offer a service to customers, I always want to be sure that we are best placed to get the best out of it and to be able to use all of the particular services' features to it's maximum potential. I tend to stumble across another feature on top of another when really delving into it to the point of "brain freeze".

Dealing with I.T. firms (large and small and a couple of well known names), I don't think I've come across any one person in particular that has a full grasp of azure and the majority of it's abilities leading me to believe there must be lots of wrongly configured or not very efficient deployments.

aaron
Автор

Hey Andy, I love your Videos. Thank you for sharing so easy to learn stuff, keep up the good work. I have a question. I am studying for the AZ-500. I keep coming to questions that are sign-in risk Level related, but i can't find a List with recommended risk Levels (already in Azure as standard). I know that you choose them for every policy. My question is. Are the Questions just old. Or does Azure have the recommended risk Levels already in Azure as standard that i need to learn. Thanks!

Alphazero
Автор

SOLID best practices i will surely practice these tips

EllyOguttu
Автор

Thanks Andy im about start my work role.
Ill be hear more of you in your videos on YT to get some ideas and basic.

secondlast
Автор

Great stuff Andy. Worth watching over and over.

mshamatuli
Автор

Hi Andy, I remember the times when we were proctoring at TechEd or ITForum... such good times then

dummylopez
Автор

Hi Andy, I'm a regular viewer of your YouTube videos and have just subscribed. On your Patreon site, you have a course that has MS-900 (MS 365 Fundamentals) in the artwork, but SC-900 (security, compliance and identity...) in the description. I'm confused as to what the course actually is. Please can you confirm? Thanks. Kevin.

newtonapplemusic
Автор

Well in some cases admins DO need a license. For administering and checking some aspects of Teams for instance a mailbox teams and SharePoint license is needed. Mostly for administering org wide teams. but for most tasks a license isn’t needed. We do separate admin accounts of course but in some instances they do have a license. Business basic for instance.

driver
Автор

Great tips, unfortunately Microsoft dangle the carrot of features that should be standard. Why have a product that has security flaws built it that you have to pay to guard against them.

MegaSlowmoman
Автор

Fantastic video! Lots of useful info here. Question, what if you are using Per-User MFA and enable Security Defaults, do users have to do anything like re-register MFA or is it transparent to them?

unificomp
Автор

Interesting at the 9min mark. So, are you saying you highly recommend SSPR be switched to Off for the entire tenant if you are hybrid (running Azure AD connect for example)? In a hybrid scenario, with a on-prem AD, what do you recommend for users to reset their passwords?

ggoben
Автор

Hi, How to alert mails to admins when creation new user, deletion and roles change. Kindly make a video

anthonyrajt
Автор

Hey Andy, I wonder how can password writeback be used as a backdoor.

vegasjosejavier
visit shbcf.ru