Category Archives: Security

TODO: Stream additional logs from Azure AD for optimal visibility

Over the past six months, I’ve shown you ways to get to know the devices that people in your organization use App Passwords on, set an alert to notify when an additional person is assigned the Azure AD Global Administrator role and set an alert to notify when an Azure AD emergency access account is […]

0  

Experiences with Zero Trust

Recently, people responsible for identity, security and governance have embraced the vision of Zero Trust. It is the logical evolution of our thinking towards an actionable, more thorough and holistic approach to access, based on the mantra ‘trust no-one, verify everything’. Today, I'm sharing my early experiences in this field.   The idea of Zero […]

0  

TODO: Require MFA from four more Azure AD Roles through your Conditional Access Policies

As part of MC224734, Microsoft has communicated publicly that they are requiring multi-factor authentication (MFA) from four more Azure AD privileged roles through the Security Defaults functionality. Organizations leveraging Conditional Access to require MFA from privileged accounts should take note.   About Security Defaults Security Defaults is an Identity security feature. When enabled, it requires […]

0  

Five things to know about the Office 365 app in Azure AD Conditional Access

After being in Public Preview since February 2020, Microsoft made the Office 365 app in Azure AD Conditional Access Generally Available. The below image sums up what is in the Office 365 app: The Office 365 app helps with common challenges Microsoft 365 admins have: All the individual services in the Office 365 Suite are […]

Mainstream support for Microsoft Advanced Threat Analytics (ATA) ends in three months

We’ve helped organizations embrace Microsoft’s Advanced Threat Analytics (ATA) solution to protect their Active Directory environments from attacks. On January 12th, 2021, mainstream support for this product ends. ATA version 1.9.3, released on September 14th, 2020 is the final update as part of mainstream support. It’s time to move on to Microsoft Defender for Identity. […]

1  

HOWTO: Harden Remote Desktop connections to Domain Controllers

Workstations that are allowed to communicate to Domain Controllers pose a risk of lateral movement. To mitigate some of these risks, we can harden the Remote Desktop connections to Domain Controllers. Note: For organizations that have implemented the Active Directory administrative tier model, or are striving to embrace, their Privileged Access Workstations (PAWs) pose a […]

0  

HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases

This entry is part 27 of 27 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In the pervious post of this series, we discussed encrypting traffic between AD FS Servers, servers running Azure […]

0  

HOWTO: Set an alert to notify when an additional person is assigned the Azure AD Global Administrator role

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. User objects with the Global administrator role are the highest privileged objects in Azure AD and should be monitored.   The challenge with Global Admins Some organizations have opted for a Technical State […]

0  

HOWTO: Disable Office for the Web for your Microsoft 365 users

Office for the Web (previously known as Office Web Apps) is one of the nicest features in Microsoft 365. It allows people to view and interact with documents in their web browser, without the need to install or use any of the native Microsoft 365 apps. Alas, there are some privacy concerns, and some organizations […]

0  

HOWTO: Set an alert to notify when an Azure AD emergency access account is used

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. For administrative access at al times and under all circumstances, Microsoft recommends to create at least one emergency access account in Azure Active Directory when an organization has Azure AD Premium P1 and/or […]

0