Recently, Uber appeared to be hacked in what is called a MFA Fatigue attack. The attacker continuously sent MFA requests to an end user hoping they would accidentally approve one of them. Microsoft has several items to help prevent MFA fatigue attacks that you can configure and enable for your end users. Traditionally, MFA notifications are push notifications where a user can either accept or deny the request. Some improvements to this have been multiple number options where the end user must select one of four numbers that is presented on the screen they are logging into. The problem with this is that leaves a 1 in 4 chance an accidental selection may result in unauthorized access.
Configure Fraud Alerts
Fraud Alerts allow your users to report fraud if they receive a two-step verification request that they didn’t initiate and automatically block their account from sign-on.
Go to the Azure … Continue...
In this write up I will be configuring Microsoft Defender for Cloud Apps (old name is Cloud App Security) and Conditional Access to block outdated operating systems from accessing Microsoft 365 services within my tenant.
First thing you want to figure out, is licensing. You must have a license that enables “Microsoft Defender for Cloud Apps Discovery” and not “Microsoft Defender for Cloud Apps.” At the time of writing EM+S E5 sku will not work but Microsoft 365 E5 Security sku will. You will also need Azure Active Directory Premium P2 license.
Setting up Conditional Access
Once we have the proper licensing we need to route applications to Microsoft Defender for Cloud Apps. In the Azure Portal, go to Conditional Access and create a new Policy.
In my assignments, I selected all users and excluded my break-glass account.
Cloud Apps or Actions
Next, I selected the Office … Continue...
Recently the Exchange Online Module v2 came out with support for connecting to Exchange Online via a managed identity. The module has several parameters:
When using the ManagedIdentity parameter you must also call the Organization parameter which is the initial, or ‘.onmicrosoft’ domain.
What You Will Need
- Az PowerShell Module (install-module az)
- The Microsoft Graph SDK (install-module Microsoft.Graph
Create the Managed Identity, Permissions, and Runbook
Connect to Azure
First thing we must do is connect to Azure using the Az module. Open a PowerShell window and run
Create a Resource Group
After we are connected we need to create a Resource Group to house everything. In my example I will create a new Resource Group in the Central US region.
$rgname = "rg-exchangeautomation"
$location = "centralus"
New-AzResourceGroup -Name $rgname -Location $location
Create the Automation Account
Next, we need to create the Automation Account that runs … Continue...
In this write-up I will be creating a basic off-boarding automation that uses SharePoint as the front end, and PowerShell, the Graph API, and Azure Runbooks as the back-end. HR will input the users UPN or Email, offboard date/time, and a forwarding address to forward email to. Once the off-boarding datetime is within 1hr the automation will check the user in Azure AD to ensure its valid, the forwarding user is valid in Azure AD, document in SharePoint the users e-mail address, any and all licenses, and all group memberships. After that, it will proceed with the off-boarding where it will remove all licenses from the user, remove all group memberships, and forward email to our forwarding user. It will log everything back to SharePoint where one can review it.
In Pending we have just submitted our user and the automation has not seen it, or it … Continue...