RE: https://infosec.exchange/@franklesniak/115572191076370399
#ActiveDirectory #EntraID #IdentityManagement #AccessManagement #IdentitySecurity #ZeroTrust #GroupPolicy #ConditionalAccess #PrivilegedIdentity #PrivilegedIdentityManagement #PrivilegedAccessManagement #MicrosoftSecurity #PingCastle #PurpleKnight #Maester #DigitalIdentity
@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube.
"Finding Entra ID CA Bypasses - the structured way" @WEareTROOPERS
Last week #Microsoft published #MC1123830 where they announced #Entra #ConditionalAccess updates indicating that #AzureDevOps (ADO) will be separated from Azure Resource Manager (ARM). This means that you might have to update your policies in order to allow access to #ADO.
๐๐ผ๐ ๐๐ผ ๐ฏ๐น๐ผ๐ฐ๐ธ ๐๐ป๐ธ๐ป๐ผ๐๐ป ๐ฝ๐น๐ฎ๐๐ณ๐ผ๐ฟ๐บ๐ ๐ถ๐ป ๐ ๐ถ๐ฐ๐ฟ๐ผ๐๐ผ๐ณ๐ ๐๐ป๐๐ฟ๐ฎ ๐๐
Under conditional access policies, it is possible to block individual device platforms. In general, it is a good idea to eliminate all ways that a potential threat actor could use to compromise the environment. In other words, block everything that is not needed.
This also applies to device platforms within Microsoft Entra ID. For example, if your organization only uses Windows, iOS, and Android, it's a good idea to disable all other platforms. If you also use macOS, you need to add macOS as well, of course.
What I would definitely recommend blocking is Windows Phone and other unknown platforms. Unrecognized / unknown platforms are usually spoofed User Agents, which is mainly used by threat actors.
๐บ Watch my YouTube video bellow ๐ ๐
https://youtu.be/vFhQgwXmqTo
#cswrld #videotutorial #entraid #conditionalaccess #platforms #blocking
This week there are a lot of changes coming down to Windows 11 and Entra. You know, the foundation of everything.
https://link.publicate.it/pub/05c7133d58fd8d
#M365 #Entra #windows11 #conditionalaccess
Authentication Strengths in Microsoft Entra ID allows you to granularly define authentication requirements for different situations.
Before authentication strengths were available, authentication requirements were defined globally for the entire tenant, and then conditional access policies could just say that multi-factor authentication was required, for example. But it was not possible to define what type of multifactor authentication was required. So anything that was available globally could be used by all users in all situations.
Which was not optimal. There are situations where a less secure authentication method like SMS or TOTP might be enough. But there are situations where we only want to use very secure authentication methods like FIDO2 when someone is logging into a global admin account for example.
Such granularity was not possible before. If SMS authentication was enabled for a given tenant, even the global admin could use SMS for authentication.
Watch my YouTube video bellow for more details ๐ ๐
https://youtu.be/8sIX19pbdho
#cswrld #cybersecurity #entraid #authentication #authenticationstrength #conditionalaccess
RECOMMENDED CONDITIONAL ACCESS POLICIES IN MICROSOFT ENTRA ID
Conditional access policies in Microsoft Entra ID allow for very granular security management. The problem is that organizations usually do not have conditional access policies properly defined. There tend to be blind spots, policies donโt cover all applications, all users, and all scenarios.
Many organizations have conditional access policies defined but do not think about them properly. This is because they often target only specific applications or specific users. And when I ask them why the MFA policy only targets Office 365 for example, they tell me they donโt use anything else. Or when I ask why they only target one group of users, they tell me that other users donโt use cloud services.
But thatโs just the wrong approach. You are not primarily protecting the services from your users, but from attackers. And just because you donโt use anything other than Office 365 doesnโt mean an attacker will not use it. Or just because some users donโt use cloud services doesnโt mean those accounts canโt be exploited by an attacker. If those apps or accounts exist in the cloud, they need to be protected whether regular users use them or not. Attackers are looking for the most insecure places, the weakest links.
๐บ Watch my YouTube video bellow where I talk about the conditional access policies that I recommend implementing ๐ ๐
https://youtu.be/LtIgFBDJzXs
#cswrld #videotutorial #entraid #conditionalaccess #recommendation
'What Is Cybersecurity Mesh?' Great discussion with IBM Security about the various elements that make up #cybersecuritymesh https://bit.ly/3Nizvoc #zerotrust #identitymanagement #conditionalaccess #DLP #MFA
#powershell #microsoftgraph #conditionalaccess Automating Sign-In Analysis with PowerShell and Microsoft Graph http://dlvr.it/TFZ30N via PlanetPowerShell
๐ New PowerShell Tool: Get-ConditionalAccessSignIn!
Retrieve Conditional Access Sign-In logs from Microsoft Graph APIโfilter by date & type. ๐
https://github.com/HCRitter/PSMSGraphFunctions/blob/main/Get-ConditionalAccessSignIn.ps1
Conditional Access is hard - gaps can exist and you wonโt even know.
Never mind trying to keep on top of all the different policies and apps you have in place due to changing requirements over the years.
Thatโs why, aligning your policies to user personas is a great way to simplify your setup.
https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-architecture
What are your biggest Entra (AzureAD) Conditional Access questions or pain points? I'm working on a giant Conditional Access post for the #TrustedSec blog -- would welcome your inputs!
#Microsoft #Entra #AzureAD #Azure #ConditionalAccess #conditionalaccesspolicies
Whatโs you biggest #conditionalaccess configuration pet peeve?
Mine is not having a policy to manage guest accounts - especially as the default in #ms365 is to allow guests to invite guests ๐คฏ
๐คHarden your Microsoft Entra ID security with Entra ID Conditional Access policies, which enforces access controls based on user identity, device health, and session risk levels. #ConditionalAccess #AADSecurity
Looking for this magic crowd knowledge! I seem to recall news somewhere (here, LinkedIn, newsletter, maybe?), that #EntraID would support #Passkeys during the MFA registration prompt when signing in. Like the experience to enroll your Authenticator app. Sadly, I can't rediscover this :sad_panda: Would anybody have an idea or pointer? Maybe @merill
Any pointers, boosts, etc welcome! Thaks!
Edit: OF COURSE one finds what one searchs less than an hour after asking other people. Well, thanks for reading anyways!
https://mc.merill.net/message/MC718260
(Caveat is, I'm not sure if this is really what I thought it meant originally).
Anybody having weird issues with Microsoft CAP policies? We have a CAP that is supposed to enforce MFA on the Admin Portals and for some reason today it it's hitting all Microsoft like Office 365. We just started getting bombarded with users not being able to log in because we enforce stricter MFA for Admins. #microsoft #azure #entraID #conditionalaccess #cap
Authentication Strengths in Microsoft Entra ID allows you to granularly define authentication requirements for different situations.
Before authentication strengths were available, authentication requirements were defined globally for the entire tenant, and then conditional access policies could just say that multi-factor authentication was required, for example. But it was not possible to define what type of multifactor authentication was required. So anything that was available globally could be used by all users in all situations.
Which was not optimal. There are situations where a less secure authentication method like SMS or TOTP might be enough. But there are situations where we only want to use very secure authentication methods like FIDO2 when someone is logging into a global admin account for example.
Such granularity was not possible before. If SMS authentication was enabled for a given tenant, even the global admin could use SMS for authentication.
๐บ ๐๐๐ญ๐๐ก ๐ญ๐ก๐ ๐ซ๐๐๐จ๐ซ๐๐ข๐ง๐ ๐จ๐ง ๐ฆ๐ฒ ๐๐๐ญ๐ซ๐๐จ๐ง https://www.patreon.com/posts/microsoft-entra-105282804?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link
The recording is also available in Czech language on
๐
๐จ๐ซ๐๐ง๐๐จ๐ซ๐ฌ https://www.forendors.cz/p/646afdb06ee2fa16eeabe6c7c27a8627
๐๐๐ซ๐จ๐ก๐๐ซ๐จ
https://herohero.co/cswrld/post/bceroxowdykkdqmwkexieitgvtiobpq
๐Share, like, comment!
#entraid #authentication #authenticationstrengths #conditionalaccess #cybersecurity #recommendations #tips #videotutorial
One of the most popular posts on my blog is an article about recommended conditional access policies in Microsoft Entra ID https://www.cswrld.com/2024/02/recommended-conditional-access-policies-in-microsoft-entra-id/
In this article, I describe the most important conditional access policies that every organization should have implemented.
I have received a lot of positive feedback on the article, for which I am very grateful! However, people also wrote that they would like more details about the configuration of each policy if possible, and that they would like more details about the configuration of other conditional access policies as well.
So I made a very detailed video of over an hour, describing in detail a total of 28 conditional access policies that I recommend to consider deploying in all organizations, regardless of their size.
Cloud identity security is absolutely critical, and unfortunately I regularly see security gaps in conditional access policies.
๐บWatch the recording on my Patreon https://www.patreon.com/posts/recommended-in-105019232?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link
The recording is also available in Czech language on
Forendors https://www.forendors.cz/p/d4210cfb79de8b0c2cdfcfd4c3a7b5b2
Herohero https://herohero.co/cswrld/post/bceroxowdykkdsviexrujbiknuqywrxa
๐Share, like, comment!
#conditionalaccess #entraid #cybersecurity #recommendations #tips
This weeks guide relates to blocking legacy authentication for #sharepoint online apps.
We do not want apps bypassing #MFA or #conditionalaccess so this is an important setting to review, and implement if possible.
#cybersecurity #blueteam #securebydefault
https://strategic-cyber.co.uk/2024/05/07/securing-sharepoint-1-block-legacy-authentication
RT by @SwiftOnSecurity: Microsoft Entra ID Token Protection is a security feature within Microsoft Entraโs Conditional Access that aims to mitigate token theft by ensuring that a token can only be used from the device it was issued to. This is achieved through a process called token binding, which creates a cryptographically secure link between the token and the device.
If a threat actor were to steal a token, without the corresponding client secret from the device, the token would be rendered useless.
This protection is particularly important because token theft, while relatively rare, can lead to significant security breaches if the threat actor impersonates the victim until the token expires or is revoked.
Do you want to learn more about token protection and how to enforce it in Microsoft Entra ID? Read my latest blog post! ๐๐
https://www.cswrld.com/2024/04/microsoft-entra-id-token-protection-explained/
#entraid #authentication #tokenprotection #tokentheft #conditionalaccess #cybersecurity #tips
๐ฆ๐: https://nitter.oksocial.net/lukasberancz/status/1778023275303469466#m
[2024/04/10 11:32]
