• Dave Kennedy

Updated: 4 hours ago

Here is my straightforward advice – If you read no further please take note of this:

Separate Microsoft 365 Global Admin permissions from day to day users.

If a user requires Global Admin permissions this should be granted through a second account secured with MFA used only for Admin Tasks and then logged back out.

DO NOT have Global Admin Permissions assigned to a user account used for day to day login and functionality. This is a Security Concern.

How can a compromised Global Admin User Account be used?

  • Change functional and security settings on its own account

  • Create additional user accounts

  • Add Licenses

  • Redirect email flow

  • Access All Data stored within an M365 service directly or grant permissions to it.

  • Run PowerShell commands and scripts against the tenant.

  • It can do anything at all within the Microsoft 365 Tenant up to and including closing it down.

Potential Compromise:

I have not researched how this could be done but while assisting a customer recently I conceived an attack such as the following could be possible.

An account even with MFA enabled could be compromised through an attack instigated with a Social Engineering or Phishing.

If a user that had global admin permissions is tricked into clicking on or running "something" which would run a PowerShell script to disable MFA for the user itself or something similar it make access easier for a nefarious party to then gain further access or functionality to the Microsoft 365 tenant.

8 views0 comments

I have been waiting a very long time to get my hands on the Lenovo Go Wireless ANC Headset and had very high hopes, I was not disappointed in the least. From packaging to user experience I'm extremely impressed with all aspects.

I like the minimalist but effective packaging. Its exactly what is needed and no more to get the headset to you and provide picture instruction.

Keen to give the headset a test drive and I have it 10 to 20 mins charge out of the box and it reported 12 hour battery life.

Build quality, materials, are all excellent and looks and feels like a professional durable device with well placed intuitive controls.

Setting up was extremely quick. It paired quickly with Windows Bluetooth, but using the accompanying dongle brought more options and increased control with the Lenovo Go Accessories App.

The headset is lightweight and comfortable, it was no problem to wear for most of my entire work day. It was on my head for most of 8 hours and caused no discomfort. Sound quality was excellent and there was no lag sound from calls or media.

There are a number of cool little features like the indicator light on the USB receiver. Normal connection & audio playback on the receiver is indicated by a blue light. A

Microsoft Teams call or conference connection is indicated by purple.

The only downside I have found to the headset of note is that it dampens background sound so well, 3 unexpected visits to my office by family members triggered fight of flight response and a need to add a lock to my office door!!

13 views0 comments
  • Dave Kennedy

I was asked recently to give an opinion if Chrome OS Flex would be suitable for a specific business to roll out across all existing laptops.

The business goal was to primarily rejuvenate their aging hardware, in addition they would gain more uniform user experience and begin to make use of Google Workspace Endpoint Management or a similar MDM.

Chrome OS has been available pre-installed on a variety of devices from Google, Lenovo, HP and other manufactures for about 10 years. The OS is based around the Chrome browser as the user interface and is relatively locked down in much the same way as a mobile operating system. Chrome OS Flex allows for the operating system to be installed on pre-existing hardware such as Windows Laptops and Macs. There is a Google maintained compatibility list of devices which have been tested, but in theory the operating system could be installed on a broader range of devices potentially with some minor issues.

The operating system is free, natively quite secure, restrictive when it comes to user misconfiguration and is compatible with a number of Mobile Device Management solutions. Does this make it ideal for business?

Chrome OS Flex does seem to tick a number of boxes for ease of support, centralised management and compliance etc. However I would suggest outside of a few select circumstances it might not have a broad purpose.

In the specific case I was asked to assess, and I suspect many cases “Rejuvenating” hardware might not be the bonus it appears. Chrome OS Flex is almost certainly a more lightweight operating system than Windows and MacOS and will give a snappier user experience for browser based tasks and apps. Unfortunately if a businesses machines are not performing as they once were with the operating system they shipped with, this is likely to indicative that the machine might be aging to a point it will need to be replaced.

  • Committing time, and cost for alternative apps to rebuild business machines that are 5 years or more old, will likely be lost within a short period when machines start to experience hardware failure.

  • From a compliance point of view firmware and fully updated drivers from the hardware manufacture can be critical. The manufacturer is unlikely to produce drivers for an operating system not shipped with the original hardware and any firmware would usually be applied via a tool through the original operating system.

My thought generally is if you want to move to Chrome OS for businesses, buy machines which come with that operating system from a main stream maker like Lenovo who have a number of Chromebook devices including some aimed a business and education. Support will be better and warranties will be reliable. If replacing in one go isn't practical consider replacing them as they age out.

In the business context Chrome OS Flex is a No from me. I haven't seen a scenario yet where I would choose it.

23 views0 comments