Greenbush K12 Tech Blog

Most schools today run either Google Workspace for Education or Microsoft 365 for email, collaboration, and identity. Unfortunately, attackers know this too, and they target school accounts with phishing, password spraying, and credential theft. The good news is you don’t need to buy premium licenses to improve security. Both platforms include free settings that can significantly reduce risk if you enable them. Here are 5 to prioritize in every school environment. 1. Require Multi-Factor Authentication (MFA) Why it matters: Passwords alone aren’t enough. MFA stops most account takeover attempts cold. Microsoft 365 / Entra: Go to Entra Admin Center → Security → Conditional Access . Enforce MFA for admins first, then expand to all staff. Students can be handled differently depending on age/policy. Google Workspace: Admin Console → Security → Authentication → 2-Step Verification. Enforce for staff and administrators. Use security keys or mobile apps for stronger protection. Impact: Eve...

Cybersecurity doesn’t have to mean expensive software and massive budgets. In fact, many schools and small IT teams have successfully built strong defenses using free and open-source tools. Here are five that I’ve seen make a real difference in education and resource-constrained environments. 1. Wazuh – Free SIEM and EDR Platform Why it matters: Schools often can’t afford Splunk or CrowdStrike, but they still need visibility into logs and endpoints. Wazuh provides free SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) capabilities. Key Features: Collects logs from Windows, Linux, firewalls, and more. Detects suspicious behavior with built-in rules. Provides dashboards and alerting. How to start: Deploy Wazuh on a Linux VM and forward logs from endpoints. Even with a small deployment, you’ll gain valuable visibility. Documentation: Installing Wazuh 2. Sysmon (Sysinternals) Why it matters: Windows’ default logs don’t always give enough detail. Sy...

GAM is a powerful tool but with great power comes great responsibility. Some commands can cause irreversible changes if used incorrectly, so always test and proceed with caution. GAM Documentation and Installation Instructions:  https://github.com/GAM-team/GAM/wiki GAM Commands Query User Inbox for a Specific Message You can locate a specific email by Message-ID or by Subject line . gam user <user email> show messages query "rfc822msgid:<message ID>" Or: gam user <user email> messages query "subject:<Email Subject>" Delete a Single Email To delete an email (after exporting for safety), use: gam user <user email> export messages query "rfc822msgid:<message ID>" targetfolder <folder path> Delete a Single Email From Multiple Accounts If you need to remove a message across many accounts, use a CSV list of users. By Message-ID: gam csv "users.txt" gam user "~<file header name>...