Categories
Azure-AD Conditional Access Identity Passwordless

How to enable MFA Code Matching & Context in Azure AD Portal (Public Preview)

Microsoft have now released a new(ish) MFA method that will be available for both users running Passwordless and regular authentication combined with MFA/Conditional Access, currently in Public Preview.With the new code matching, users will be required to type in a code within the Microsoft Authenticator app, that will be presented by Microsoft when the end-user […]

Categories
Azure-AD Conditional Access

Block Access for all non-Intune MDM enrolled mobile devices in Conditional Access

During last week an customer had the need to make sure that all mobile devices that weren’t MDM enrolled into intune should get blocked for accessing Azure AD resources using mobile apps.This due to start forcing specific users to start MDM enroll devices without having compliance policies at place within intune.To achieve this, we will […]

Categories
Azure-AD

Detect when compromised end-user connects to Azure-AD for reconnaissance

In the recent investigations of compromised Microsoft 365 tenants I’ve been involved in, we have seen that one of the first actions the attacker make is connecting to Azure-AD as the compromised user.This is most likely to exfiltrate information about the employees and all other accounts that is present in your Azure-AD.In several cases, I’ve […]

Categories
Conditional Access

Keeping track of Conditional Access changes

Conditional Access is an amazing feature within Azure-AD and is more or less the zero trust engine in the Microsoft 365 platform.It lets us gather a lot of signals from the end-users sign-in process to decide how they should access the company data.We can for example take decision based on location, device type, device os, […]

Categories
Azure-AD Detect

Find changes in end-users MFA authentication methods

Not too long ago I where involved in a security incident where the attacker used phishing to gain access to several end-users Microsoft 365 credentials.In this case, the customer didn’t have MFA or Conditional Access implemented, leaving them exposed for this type of general attack that unfortunately is really common.To make a long story short, […]

Categories
Azure-AD Identity MCAS Passwordless

Setup and monitor emergency Azure-AD accounts

All organizations who is utilizing workloads within Azure Active Directory should always make sure to have an emergency account within their tenant, so the organization always have a way into the tenant. One of the most common scenarios when an organization is locking themselves out from a tenant is due to a miss configuration of […]

Categories
Azure-AD Identity

Manage Azure-AD logs with Azure Monitoring

Many organizations is starting to understand the power of using Azure-AD as an idP (identity provider) for both SaaS applications and on-prem applications these days. During the last year i’ve been involved with several projects where customers is starting to centralize their identity to Azure-AD for the benefits of all security features.It’s simply great to […]

Categories
Azure-AD Conditional Access Identity

Tracking excluded Conditional Access users with Identity Governance

When you implement Conditional Access to protect your end-users and the company data there will often be different Conditional Access frameworks for different user types and licenses.For example you might have production users within your environment, that only needs to be allowed to sign-in from a compliant device from a specific corporate network.On the other […]

Categories
Azure-AD

Why you need to take care of Legacy Authentication, RIGHT NOW!

Microsoft first announced that they would disable legacy authentication in the Exchange Online Service 13th of October 2020. Due to the COVID-19 pandemic, they decided to postpone this to the second half of 2021Let’s face it, it’s really about time to start blocking old authentication protocols that is almost used in every single Password Spray […]