News

Microsoft Enables Longer Azure Active Directory Passwords

with 1 Comment by Tony Redmond

You can now protect your Azure Active Directory account with a 256-character password, including spaces. This news will bring much joy to Office 365 administrators and others who hated the previous 16-character limit, but please don't rush into forcing users to change their passwords without taking the time to pause and consider how best to proceed. Longer passwords are good, but they should be only one part of a strategy to protect user accounts.

Microsoft Previews Azure Active Directory Entitlement Management

by Tony Redmond

Microsoft launched the preview of Entitlement Management, a new part of their Azure Active Directory Identity Governance program. The idea is that you can manage access to resources via policy, which seems to be a good thing, especially in large organizations where objects like Office 365 Groups, SharePoint Sites, and Teams might just get a little out of hand. The preview is interesting, but like all previews, it needs some work to be ready for prime time.

Exchange and the Turla LightNeuron Attack

by Tony Redmond

Turla, a Russian cyber-espionage group is reported as being behind an attack on Exchange on-premises servers that uses transport agents to capture and process messages for selected users. It's an attack vector that hasn't been seen before and raises the question of how often administrators should review transport agents active on their servers. The important point is that unless your network is compromised, hackers cannot install transport agents on Exchange servers and this attack is more theoretical than practical.