Test: O365 and Azure test lab guides

Microsoft is providing 30 day trial environments for Office 365 and for Azure. These trials can be used to setup a test and development environment by following the step-by-step guides from MS. If you are intending to start using those environments, then these Test Lab Guides can be very usefull way to get familiar on what is available and how it really works.

This test environment setup can also be very usefull for persons working with security, both for competence buildup and for testing the security features and different setups. (30 days trial limit can be very tight, and it might be better first to install only the O365 environment, and extend that one for another 30 days, and only then continue with the Azure environment. ie. follow first the O365 test/dev guides, and then after 30 days repeat the test/dev guides and include Azure in the setup…)

In the beginning it is a little confusing, as the MS guides do not show the overall big picture before starting. This might be partly because the environments are being slightly changed all the time. The picture below is trying to show that in the O365-Azre test/dev environment, there are 3 different Active Directories involved.

  • Azure AD for O365
    • This AD will contain both cloud userids (O365) and CORP userids (from simulated contoso.com, from virtual AD)
    • (note, the userid that was used to subscribe the trial is not in this AD)
  • Azure AD Free
    • This AD will contain the userid that was used to subscribe the trial (newmeail2)
  • Virtual AD (IaaS)
    • to maintain the users in the CORP domain


The different portal structure between O365 and Azure can cause confusion. The picture below is trying to show the different portals used to administrate these environments. In Azure, one portal is used, but in O365 the main Admin portal is used as jump board to access other portals… (I would assume this to change in the future).


Please note that it is possible to login to Azure portal with the O365 userid. This is because Azure is providing the Azure AD function from Azure to the O365.

BTW, after trial period, it is possible to continue this test/dev environment and pay for the services without loosing the data from trial.

Office 365

In Office 365 Admin portal, all what is needed, is there. However, the implementation is done the way that different sub-menus are actually only jump boards to other portals.


For example, Security and Compliance is a separate portal.


When it comes to Roles, then the issue becomes quite complex in the beginning. In the MS approach, security related roles like Security Administrator and Security Reader do not have access to security related configuration within diffrent services, but they only have access to central alerts, classification and policies configurations. I have not yet been able to identify a suitable reader role that could have read-only access to security related configuration in Exhange, Sharepoint, Yammer etc. It seems that this would need a customized role configuration. (Note that in the azure environment, one can have a Reader role for a subscription which can see all data as read-only (“Reader”, not “Security Reader”).


The screenshot below shows how Azure portal looks like after the setup with AD Connect is ready. In order to reduce the costs, it is good practise to stop the VMs when they are not needed.


In Azure portal, the Security Center is build into the portal and is not a separate portal like in Office 365.



All in all, these test lab guides are good way to get started. And there is a lot of information sources available for different tasks and goals. However, the information is still quite scattered, and it can be a challenge to obtain the big picture of the overall security architecture, posture or available settings, best practises and features. Not to mention that certain features require additional licenses. But that is the same with any complex environment, right? That is where security persons are needed to provide some guidance :-)

Posted in Anvanced Tools, Cloud Computing, Cloud Security, Security Management, Security Products and Solutions, Security Training, Awareness and Reports, Tests, Tips | Comments Off

Virtual magnifiying glass

One of the handy tools to have is virtual magnifying glass. It can be a solution when one need to enlarge only a portion of the display. For example, if you want to show some video or demo on a large screen, and the application does not support making it visually bigger. Or it can be a necessary tool for people with low vision.


There also exist a portable version (with portable apps).


  • different browsers might give different results (eg. video might work with firefox but not chrome)
Posted in Audio and Video, Basic Tools, For Fun or Interest, Gadgets, Hobbies and Other Interests, Recommended Free Tools, Tips, Tools | Comments Off

Recommended Book:Enterprise Cybersecurity

I was positively surprised about this book “Enterprise Cybersecurity“, and I can happily recommend it to anyone working with security management. There are more than one way to do the things, and this book is showing one alternative way on how to connect the dots between different concepts in cybersecurity.

Enterprise cybersecurity

  • Title: Enterprise Cybersecurity
  • Author : Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.
  • Publisher: Apress
  • Date: 2015
  • Number of pages: 490
  • Overview
    • Book is showing a holistic view on the cybersecurity, and is able to do it in a good guiding way.
  • Evaluation
    • I like the presentation thread in the first 4 chapters:
      • New Cybersecurity Mindset Figure 1-8
      • Effective Enterprise Cybersecurity Program Figure 1-9
      • Effective cyberdefense framework Figure 2-1
      • Cybersecurity Process Figure 2-3
      • Risk Management Process Figure 2-4, 2-5
      • Cybersecurity Controls Figure 2-7, 2-8
      • Enterprise Cybersecurity Architecture Figure 2-12
        • 11 functional areas:
        • Systems Administration
        • Network Security
        • Application Security
        • Endpoint, Server, and Device Security
        • Identity, Authentication, and Access Management
        • Data Protection and Cryptography
        • Monitoring, Vulnerability, and Patch Management
        • High Availability, Disaster Recovery, and Physical Protection
        • Incident Response
        • Asset Management and Supply Chain
        • Policy, Audit, E-Discovery, and Training
      • Defining Security Scopes Figure 4-3
      • Eight Types of Security Scopes Figure 4-4
      • Security Scopes for the Typical Enterprise Figure 4-7
      • Selecting Security Controls Figure 4-8
      • Selecting Security Capabilities Figure 4-9
      • Selecting Security Technologies Figure 4-10
      • Considering Security Effectiveness Figure 4-11
    • Even though there are several references to NIST framework, it is still used as part of the bigger program, and would not restrict to use any other framework as a base.


    • Part I: The Cybersecurity Challenge
      • Chapter 1: Defining the Cybersecurity Challenge
      • Chapter 2: Meeting the Cybersecurity Challenge
    • Part II: A New Enterprise Cybersecurity Architecture
      • Chapter 3: Enterprise Cybersecurity Architecture
      • Chapter 4: Implementing Enterprise Cybersecurity
      • Chapter 5: Operating Enterprise Cybersecurity
      • Chapter 6: Enterprise Cybersecurity and the Cloud
      • Chapter 7: Enterprise Cybersecurity for Mobile and BYOD
    • Part III: The Art of Cyberdefense
      • Chapter 8: Building an Effective Defense
      • Chapter 9: Responding to Incidents
      • Chapter 10: Managing a Cybersecurity Crisis
    • Part IV: Enterprise Cyberdefense Assessment
      • Chapter 11: Assessing Enterprise Cybersecurity
      • Chapter 12: Measuring a Cybersecurity Program
      • Chapter 13: Mapping Against Cybersecurity Frameworks
    • Part V: Enterprise Cybersecurity Program
      • Chapter 14: Managing an Enterprise Cybersecurity Program
      • Chapter 15: Looking to the Future
    • Part VI: Appendices
      • Appendix A: Common Cyberattacks
      • Appendix B: Cybersecurity Frameworks
      • Appendix C: Enterprise Cybersecurity Capabilities
      • Appendix D: Sample Cybersecurity Policy
      • Appendix E: Cybersecurity Operational Processes
      • Appendix F: Object Measurement
      • Appendix G: Cybersecurity Capability Value Scales
      • Appendix H: Cybersecurity Sample Assessment
      • Appendix I: Network Segmentation
    Posted in Cybersecurity, ICT Books, ICT Leadership and Management, Risk Management, Security Management | Comments Off

    Six Thinking Hats, a method to talk about ideas, problems and challenges

    Six Thinking Hats method can be useful when taking a discussion/workshop with several participants and at the same time you want to make sure that you will get some concrete results out of the session. This method nicely gives a structured approach on how to run the session, instead of letting participants to go from one extreme into another.

    To get a quick introduction, I highly recommend to see one of the following videos:

    The picture below is from the first video.


    A concrete example is available here, and a powerpoint template is here.

    How the session could look like, in which order to use the hats etc, then one could have a look here. With some examples:

    First ideas:

    • blue – definition of subject
    • white – ready knowledge
    • green – generating ideas

    Problem Solving:

    • blue – definition of problem
    • white – available info
    • green – possible solutions
    • yellow – reality check solutions
    • black – weak points solutions
    • white – connect to info
    • blue – draw conclusion

    Decision Making:

    • blue – topic of decision
    • green – offer alternatives
    • white – factual situation
    • yellow – suitability alternatives
    • black – un-suitability alternatives
    • red – making the decision
    • black – assessing decision
    Posted in ICT Leadership and Management, ICT Training and Courses, Innovation and new tech, Personal Development, Security Management, Tips | Comments Off

    Tip: flip mirror can be handy for taking photos with telescope

    I recently purchased a flip mirror and I find it very usefull when trying to take photos with telescope. In this setup one can both view the target visually and take photos. It takes some time to get the camera and visual eyepiece adjusted, but after that is done, then one only need to flip (turn) the mirror.


    When using high magnification, then eyepiece projection is good way to achieve that. The picture below shows the 2 eyepieces that are needed in this kind of setup. Camera is connected on the left (not in picture).



    The photo below shows other ways to connect a camera to an eyepiece. They do work, but are not as practical as flip mirror with DSLR. It is also possible to combine these two, and use these adapter to flip mirror in place of DSLR …



    Posted in For Fun or Interest, Gadgets, Hobbies and Other Interests, Tips, Tools | Comments Off

    loosing weight by walking, the first 1 million steps

    With the help of an Activity tracker it might be easier to achieve your weight loosing goals. These trackers take care of the tedious work to log everything. Just place the activity tracker on your wrist, and start walking…

    This blog will show some real results, when using an activity tracker during the first 1 million steps.

    This huge number of steps came as pleasant surprise, and was a good milestone to write this blog. When buying the activity tracker, the intention was to loose weight; especially by walking.

    In this period of 1M steps, one could loose weight for about 7-8 kg, which is close to 1kg/week.

    The figure below shows the weight (kg) for the 56 days (close to 9 weeks).

    The figure below shows the number of steps for each of the 9 weeks.

    The figure below shows the estimated extra Calories (C = kcal), over BMR, for each of the 9 weeks. (The numbers are given by the activity tracker).

    Lessons learned:

    • One needs at least 2 different tracks: one for regular short walk (min 1h), and the other for longer exercise (min 2h).
      • If you can afford, then take the long track. It is more difficult to get started than to continue walking…
      • (in my case, my favorite tracks are short walk “1h15min” and long walk “2h35min”)
    • Don’t force the walking speed too much, the duration of walking is actually even more important as this is about fat burning and not competition
    • There is such a thing as limited speed of change (weigth loss), even if you walk a lot one day, you will not loose all weight in one day; the affect takes longer to adjust
    • Yes, you can eat. If you increase your exercise (walking), then there is less chance to get more weight. Yes, sometimes the weight jumps after party, but it is not permanent.
    • Yes, you can have day(s) without exercise as long as you try to maintain some routine and monitor that you don’t start to gain weight too much.
    • At the end, it is about routine and habits. Walk when you feel for it, it can clear your mind :-)

    About activity meter

    • the activity meter on the wrist is only the data collector. The collected data is synced with the server, and that location varies depending on company. Some persons might prefer to choose to select a manufacturer that keeps the exercise data in EU…
    • The estimated calories varies depending on if you have HR (heart rate) measurement active or not.
      • With HR active, it records more calories
    • the battery does not last “long” if you have HR, GPS or bluetooth active
      • bluetooth can be used if you install an android app


    Posted in DIY, For Fun or Interest, Gadgets, GPS, Hobbies and Other Interests, Tips | Comments Off

    Test, DIY tuning a piano key

    I promised to “have a look” on a piano that did not sound “right” any longer; not for some time. A piano tuning professional had said that he does not know any piano with this name.

    After opening the piano, it turned out that the manufacturer name is visible only in the inside, and that the outside name is something else. So no wonder the professional did not recognize this piano. I had already received the piano tuning key from a local music store, and as a good surprise one of the 3 key heads fit nicely to this piano, see photo below. In some pianos, there is an agraffe that is used to guide the strings (see the horizontal metal sheet).


    After reading the instructions in the Links chapter, it finally was quite straight forward to tune one key.

    In this piano, each key, on the right hand side of the piano, are connected to 3 strings. Before tuning, it is good to check how much the keys are out of tune, for example with and android application like Pano Tuner. Then in the tuning process, you need to damp the other strings of the same key either by finger or by home made tool (like photo below).


    As the first timer, it took considerable amount of time for this one key. Even though I did fine tune some other keys, it would be totally another effort to try to fine tune the whole piano. At the moment, it would be way too much, as that would require a lot of “time and effort”, and coffee breaks…


    Posted in Audio and Video, Basic Tools, DIY, For Fun or Interest, Hobbies and Other Interests, Piano, Tests, Tips, Tools | Comments Off