Cloud Business & Technology -

M365 Mail Security with DKIM and DMARC - Technical implementation and best practices

8. September 20252. September 2025 by Yannic Graber

Banner - M365 Mail Security with DKIM and DMARC

Forged sender addresses and domain-based spoofing attacks continue to be among the most effective attack vectors in email traffic. In the Microsoft 365 world, SPF, DKIM and DMARC are important and necessary building blocks for protecting sender domains, optimizing deliverability and making abuse transparent. However, consistent, technically sound implementation and ongoing operation are crucial. In this article, I will show you how to correctly implement DKIM and DMARC in Microsoft 365, what pitfalls there are and how to efficiently secure operations.

Easter Egg: User blocked during Easter - cause and solution

23. April 202523. April 2025 by Yannic Graber

Over the Easter weekend of 2025, many organizations using Microsoft Entra ID (formerly Azure AD) were caught off guard when a significant number of users were suddenly blocked from accessing corporate resources. The cause? Entra ID categorized these accounts as “high risk” due to “leaked credentials”. Conditional Access Policies blocked these users from attempting access due to the existing risk. In this post, I'll explain what happened, why it happened, and most importantly, provide a simple and secure solution to the problem.

Archiving of unlicensed OneDrive users

26. January 202524. January 2025 by Yannic Graber

Microsoft has announced that OneDrive users without a valid license will no longer be archived. Unless you decide to pay for it. This news has caused quite a stir, especially among users and organizations that relied on the previous archiving services. The paid archiving of unlicensed OneDrive users is a fact. In this blog post, I will discuss this and show you how to find out which OneDrives are affected.

M365 Log-Size Calculation for Sentinel

9. August 202428. May 2024 by Yannic Graber

Microsoft Sentinel is ideal for extending the functions of Microsoft Defender XDR and other Defender products. I have already explained this in more detail in the blog entry https://www.graber.cloud/microsoft-sentinel-for-microsoft-365-a-must-have/. But what does Microsoft Sentinel for Microsoft 365 actually cost? There is no clear answer to this question, which is due to the difficulty of calculating the M365 log size for Microsoft Sentinel. This blog deals with precisely this question. It is intended to serve as a guide for cost estimation and shed some light on the darkness of log size and Sentinel costs. M365 Log-Size Calculation for Sentinel - a guide to cost estimation.

Microsoft Sentinel for Microsoft 365 – a must have!

12. December 2023 by Yannic Graber

Microsoft Sentinel is a cloud-native SIEM and SOAR solution. Microsoft 365 offers integrated security functions for Azure Active Directory (Entra), Microsoft Defender for Office 365, Microsoft Defender for Endpoint and Microsoft Cloud App Security. However, these features do not cover all possible attack vectors and vulnerabilities that hackers could exploit. In this blog post, I explore how Microsoft Sentinel extends the capabilities of Microsoft Defender XDR (and other Defender products).

AADSTS50131: Device is not in required device state

17. August 2023 by Yannic Graber

Banner for blogpost on how to resolve aadsts50131 error

The error "AADSTS50131: Device is not in required device state" is not encountered every day. But when it does occur, many are often at a loss. Not least because this error and its cause is hardly documented or difficult to find. You can find out how to fix the AADSTS50131 error here.

Defender for Servers without Azure Arc

12. June 2023 by Yannic Graber

Header for Blogpost "Defender for Cloud without Azure Arc

If you want to protect your servers from cyber threats, you may be relying on Defender for Servers from Microsoft, a leader in the Gartner Magic Quadrant. Microsoft has now announced the direct onboarding of Defender for Servers without Azure Arc and is now officially available. Direct onboarding is a new feature that allows you to add the servers you want to protect to Defender for Servers without needing Azure Arc for Servers. In this blog post, I'll explain what this means, the benefits of this option, and who can benefit from it. I will also compare the new option with Azure Arc for Servers.

Protecting AAD identities with the right MFA method

17. April 202316. April 2023 by Yannic Graber

It's no secret: cyberattacks are becoming more frequent and more sophisticated. But even the simplest techniques often lead the attackers to success. After all, the weakest link in the defense against cyber attacks is the human being. In this post, I show how you can protect Azure Active Directory (AAD) identities with the right MFA method without neglecting the human factor. Not only is the security aspect important to consider, but also user acceptance.

Number Matching MFA Rollout

25. January 2023 by Yannic Graber

Azure multi-factor authentication (MFA) is undergoing a major change with the global rollout of the "Number Matching" feature for all Azure tenants. The now announced and dated rollout is the next step in Microsoft's push toward "passwordless" authentication.

Azure AD Connect Cloud Sync Announcement

4. January 2023 by Yannic Graber

Azure AD Connect (AADC) is an identity synchronization tool from Microsoft, responsible for synchronizing identity data from the local directory service to Azure Active Directory (AAD). Microsoft is announcing that the Azure AD Connect identity synchronization tool is giving way to a successor and will likely be retired in the future. Microsoft's announcement states that the successor, Azure AD Connect Cloud Sync, will take over completely.