Full Transcript
Just like me, you're probably sat there thinking, "Microsoft 365 security, it's changed again. What on earth is going on?" Well, don't worry. In this session, I've got your back. Check it out. >> Learn [Music] Microsoft 365 doesn't back up your configurations. So, if your settings get wiped out, your whole tenant gets wiped out. CoreView backs up your configs. That way, your tenant can be restored as soon as possible. Go to coreview.com to learn how you can get your tenant back online quickly after an incident. That's coreview.com. Hey everyone, first of all, a very happy new year to all of you. Uh, welcome to 2026. And in this episode, I thought we'd talk about some of the recent security changes that Microsoft have made again to Microsoft 365. But the good news is that these changes really do make sense and just a few minutes of your time, you're going to learn all about them. So in this session, we're going to talk about baseline security mode. We're going to talk about the agents, security agents and how to manage them and how to configure them. And we'll also talk about security co-piloter. This new amazing feature uh which in the Microsoft have now made it free for E5 customers but it comes at a slight cost and we'll talk about that uh in a wee while. Now if you've not subscribed come on board with me. Uh come and click on that like button up there. Click on that subscribe button and come and join my learning community. It would be great to have you on board. And of course, as always, any questions and comments, get those down below. I really do appreciate those. Okay, so without any further ado, let's jump in and take a look first of all at baseline security mode. So, first up, let's take a look at the brand new baseline security mode. This can be found in your Microsoft 365 admin center by coming down to settings into organizational settings and then click on security and privacy. And you can see here we have baseline security mode. Now the idea of this isn't entirely new. Um I'll jump over to another tenant here. And if I flip into let's say Intune. So, Microsoft Intune of course is a means to manage all your devices and this has also been going through quite a number of changes and I'm going to be covering this in a session very shortly. But if we go into this option here, endpoint security, and in here we have something called security baselines. And security baselines are perfect for Microsoft devices, Windows devices, uh, browsers and so on. However, this was great if you were in Microsoft Intune. So now what Microsoft have done is they basically brought this technology into Microsoft 365. So essentially what this does is it reduces what Microsoft refers to as your attack surface. So, like most operating systems like Windows or browsers or PCs, Macs, whatever you're working on, you're going to have ports open. You're going to have software running. You're going to have features running that could potentially allow backdoor access or fishing attacks or something like that. So, there is an article. So it can take you through to the article which explains exactly uh how this works and what it does for you. Um so typically it's an automated set of tools. Now um that's fine. I can click onto this. But before you click onto that and actually get it up and running, one of the things you want to think about is okay, what are the policies actually doing and is it going to affect my account as an administrator? Now bearing in mind that this is fantastic for consultants, for MSPs, for companies uh who have got new clients and this really kind of uh enforces and increases the security of uh customers, tenants. So typically what are those policies? Well, you can see those policies are here. So turn on restricted uh management for consent. So that consent happens when you install apps or it requires an elevation of privileges. Uh block files from opening um FP uh RFPC. FP is front page. My goodness. So if any of you have been using really old versions of Microsoft products, you'll be familiar with the web service front page remote procedure calls. This could allow potential backdoor access. So we definitely want to shut that down. Uh remove access to the Microsoft Store for SharePoint. Okay. So in other words, rather than having multiple stores, let's keep all your apps in the Microsoft 365 um uh store there. Um open ancient legacy formats in protected view. Absolutely. And things like old formats, object linking, embedding. And we also have reports here as well. So generate reports and consent uh for admins. So um if you so this is fine you can go in here you can have a look at these um however you might want a little bit more information. So you can click on to this open up um baseline security mode and there are there's a whole bunch of kind of recommendations here that you can take in. Now as you can see um require fishing resistant credentials for admins. So fishing resistant credentials of course are those pho keys, facial recognition, biometrics and so on, not usernames and passwords. Now basically you can see it shows me how many users at risk. I've just got a couple of users here. Um you can click into this policy require fishing resistant credentials. You can see here it excludes one user. So for example, if you've currently logged on as a global admin or something like that, the idea is that you can then enforce this using a slightly different policy. So and of course it doesn't potentially um lock you out. So you can the idea is that you can go through first of all these legacy authentication. So options things like yes I definitely want to block um passwords new passwords in legacy apps. So legacy apps are apps that typically don't support um multiffactor authentication or ooth open authentication. So again it shows me here opt in to view the protected data. So again you can see if there's any protected data for your users. certain users might need to opt in to view that and of course that could be a sensitive issue but again like I said you can customize that policy so really nice so the idea is again you can you see block password changes uh block legacy authentication so no usernames and passwords Microsoft are actually already kind of rolling this out already actually um block access to exchange web services So that is a good idea um because if you're in hybrid mode basically everything's going through um Exchange online not on premises. So that's probably quite a good idea. Yes, I can go ahead and I can apply that change. So the idea is that you see what I mean? You go through these settings and it's not something you would just lightly go through and just go yes click click click click. you need to understand how this is going to affect your organization. So we have different um classifications. You have authentication here of course. Then we have got things like um room devices. So if you've got devices in tune so things like teams of course here and then very importantly things like how is how your file access how's it going to work with file access. So things like do you want to block Microsoft publisher? Well yes it's a fairly legacy app now. So you can see um as you go through these it gives you a really nice status. As I've said Microsoft have had products like this before, but it's really nice. Um so definitely take a little bit of time to go through and enable baseline security mode. And as you can see, you get a score that shows you you kind of want to make it as usable as possible, of course. Okay. So, baseline security mode. Um, we also have in here the reporting settings as well. So, again, you might want to view reports on enduser identities and activity. So, again, you can switch these features on and you can generate audit logs for these as well. Which brings me to another point. Um, things like mailbox auditing. We now have a new unified audit log. Um, well, to be honest, it's not new. We've had it a while, but it's nice to see that Microsoft are switching off the old mailbox auditing logs and going for a single solution, which is kind of really nice. So, there you have it, the baseline security mode. Make sure that you read the documentation, but I got to say, I'm a big fan of this. Anything to keep the bad guys out um and keep your users and your environment safe is a good thing. Now, you'll get no argument from me that chat GPT and of course Microsoft 365 C-Pilot and so on uh have had a profound effect on the world of computing today. And in fact, the early versions of Chat GPT, you could add and analyze documents. you we also had these prompts with many many different solutions available but now chat GPT and co-pilot have gone to a whole new level and the introduction of agents and agents don't just analyze your work and give suggestions and ideas they also action it so this can have a profound effect on security and with so many agents now available it's really a great thing that Microsoft have now introduced security features in Microsoft 365 and these new security features can be found throughout Microsoft 365 than the various admin centers and various portals and for example in the identity portal in in tune and so on. I'm going to be covering these in the upcoming weeks but for today I just want to come in here and of course we've got Microsoft 365 copilot here. If I click on the drop-own arrow, you get the overview of it. Um, you get the various connectors which help you connect to third-party data sources. Again, make sure that you've got security in place for that. Um, if you're do using the paid solution with Microsoft 365, of course, u Microsoft have just brought down the price of that to $30 in addition to your uh subscriptions. That's now included in Microsoft 365. Um, but also the settings are important. So, it's super important that you come in and of course that you have a look at the various settings here. Do you want to set up things like pay as you go billing? Of course, you would need to make sure that you put in a credit card for that. Um, do you want how do you want to control and manage uh things like co-pilot in Microsoft Edge? Uh, as well as other features there. So, super useful. But what I really like are these tools here, a means to control agents. So here we can see if there are any agents within my organizations and it shows me that we have an agent registry. I've got a whole bunch of agents that are available here. So I can come in and I can view which agents I'm actually using. You'll notice that many of these are third-party agents. So when it comes to security, you really need to look at these in the same way that you would look at managing and deploying apps. Whereas unlike the apps, agents can actually act on behalf of users and they can perform actions. So it's super important that we come in and we're aware of what these agents are and what they're doing. And in fact uh tools like uh defender for cloud now also includes agent protection. So we have a whole bunch of tools here uh and you can see here that these are for the most part Microsoft uh based. Um, so for example, if I go into one here, um, if I go into the Microsoft SharePoint here, you can see it talks a little bit about exactly what this agent is, what its functionality, if it's available, and I can then decide whether I want to deploy or not deploy that particular agent. Um, the other thing that we've got, we've also got, as I said, a number of settings here. And this is really important when it comes to how the agents perform, uh, and some of the types that they're, um, some of the tasks that they're able to do. So, for example, what type of agents are you going to use? Allow apps and agents built by Microsoft, agents uh, built within your organization, assuming that you've tested them. But also you've got this one here by external publishers. So do you want to allow external publishers or agents on your network? So again you may need to think about that one carefully there. So once you've made your choice of course and this affects the entire tenant. So just uh be aware of that. Okay. So, the recent good news from Microsoft is that if you've got an E5 license, then Microsoft Security C-Pilot is now included. And with that, of course, you also get security co-pilot agents. And these, of course, are automations which will essentially replace the need to have a physical person, a security person or an analyst within your organization. Now, to be honest, it's kind of designed really for very large organizations. Um, and the idea is it uses something called security compute units. And these typically come in at around $4 per hour and they're build on an hourly basis. Now, if you have got, let's say, a,000 licenses, then of course you're going to get 400 SCUs per month included free of charge. However, if you've only got, let's say, for example, 100 users, then of course, you're only going to get 40 SCUs and above. However, I'm going to include just below here a complete setup guide to get you up and running, but security copilot is definitely a good solution. So, there you have it. Some of the big changes when it comes to security in Microsoft 365, which just goes to prove you don't need to be afraid of change. Okay. Hey, listen. I really appreciate you joining me this week. Um, if you've enjoyed the session, give me a big thumbs up, hit that like button, and also come and join me as a subscriber as well. I really do uh appreciate it. Okay, that's it for this week. You stay safe, and thanks very much for joining me. Thanks.