Recently, Uber appeared to be hacked in what is called a MFA Fatigue attack. The attacker continuously sent MFA requests to an end user hoping they would accidentally approve one of them. Microsoft has several items to help prevent MFA fatigue attacks that you can configure and enable for your end users. Traditionally, MFA notifications are push notifications where a user can either accept or deny the request. Some improvements to this have been multiple number options where the end user must select one of four numbers that is presented on the screen they are logging into. The problem with this is that leaves a 1 in 4 chance an accidental selection may result in unauthorized access.
Configure Fraud Alerts
Fraud Alerts allow your users to report fraud if they receive a two-step verification request that they didn’t initiate and automatically block their account from sign-on.
Go to the Azure … Continue...
In this write up I will be configuring Microsoft Defender for Cloud Apps (old name is Cloud App Security) and Conditional Access to block outdated operating systems from accessing Microsoft 365 services within my tenant.
First thing you want to figure out, is licensing. You must have a license that enables “Microsoft Defender for Cloud Apps Discovery” and not “Microsoft Defender for Cloud Apps.” At the time of writing EM+S E5 sku will not work but Microsoft 365 E5 Security sku will. You will also need Azure Active Directory Premium P2 license.
Setting up Conditional Access
Once we have the proper licensing we need to route applications to Microsoft Defender for Cloud Apps. In the Azure Portal, go to Conditional Access and create a new Policy.
In my assignments, I selected all users and excluded my break-glass account.
Cloud Apps or Actions
Next, I selected the Office … Continue...
Recently the Exchange Online Module v2 came out with support for connecting to Exchange Online via a managed identity. The module has several parameters:
When using the ManagedIdentity parameter you must also call the Organization parameter which is the initial, or ‘.onmicrosoft’ domain.
What You Will Need
- Az PowerShell Module (install-module az)
- The Microsoft Graph SDK (install-module Microsoft.Graph
Create the Managed Identity, Permissions, and Runbook
Connect to Azure
First thing we must do is connect to Azure using the Az module. Open a PowerShell window and run
Create a Resource Group
After we are connected we need to create a Resource Group to house everything. In my example I will create a new Resource Group in the Central US region.
$rgname = "rg-exchangeautomation"
$location = "centralus"
New-AzResourceGroup -Name $rgname -Location $location
Create the Automation Account
Next, we need to create the Automation Account that runs … Continue...
In this write-up I will be creating a basic off-boarding automation that uses SharePoint as the front end, and PowerShell, the Graph API, and Azure Runbooks as the back-end. HR will input the users UPN or Email, offboard date/time, and a forwarding address to forward email to. Once the off-boarding datetime is within 1hr the automation will check the user in Azure AD to ensure its valid, the forwarding user is valid in Azure AD, document in SharePoint the users e-mail address, any and all licenses, and all group memberships. After that, it will proceed with the off-boarding where it will remove all licenses from the user, remove all group memberships, and forward email to our forwarding user. It will log everything back to SharePoint where one can review it.
In Pending we have just submitted our user and the automation has not seen it, or it … Continue...
I wanted to create an automated alert that would notify me of Office 365 mailboxes that were approaching full, and found a terrific PowerShell reporting script by Ruud (LazyAdmin.nl). If you have not checked out his blog, stop reading now and head on over there. There is a ton of great scripts and write ups! The script connects to your Office 365 environment and exports the following:
- Display name
- Primary Email address
- Mailbox type
- Last user action time
- Total mailbox size
- Mailbox Free Space (NEW!)
- Deleted item size
- Item Count
- Deleted Item Count
- Issue Warning Size
- Prohibit Send Receive Quota (max mailbox size)
- Archive size (if the user has an archive)
- Archive Item Count
- Archive Mailbox Free Space (NEW!)
- Archive Deleted Item Count
- Archive warning quota
- Archive quota
It also allows you to filter the mailbox type that you want to gather results for. By … Continue...
I was recently tasked with clearing out a Yammer Communities auto-welcoming posts. If you are not familiar with auto-welcoming posts, Yammer used to automatically post a message whenever someone joined a community. It looked something like this, “Bradley Wyatt joined the Lazy Administrator network. Take a moment to welcome Brad.”
Thankfully, Microsoft removed this feature so your community is not littered with auto welcoming messages anymore. But, if your community existed prior to this change you may be faced with hundreds, if not thousands of these posts that you may want to remove.
- Register a New App so we can interface with the Yammer API
- Next, click “Generate a developer token for this application.” Save the token for later as you will need it.
- Next, navigate to the Yammer Admin page and click “Export Network Data” under Content and Security.
- Select the date range you want
With the rise of Phishing emails, a popular method to help your users not get phished is to append warnings to emails that either originate outside the organization or if they originate outside the organization and the display name matches that of a internal user. I myself have posted a blog on how to do this and get around the mail flow limitations.
A problem with this method however, is since it prepends a message or warning to the email, users can no longer view previews of the emails either in outlook or on mobile because all they will see is the warning message. A possible solution that I have rolled out several times is to prepend a warning unicode character (⚠️) to the message. The warning symbol was approved as part of Unicode 4.0 in 2003 and added to emoji 1.0 in 2015. As long as the receiving end … Continue...
If you have not checked out my other series, “Getting Started with Bicep” then I would highly suggest starting there so you can familiarize yourself with Azure Bicep including some basic syntax and how to write your first template. This article will walk you through more advanced syntax topics including output variables, loops and more!
Comments in code help you or others figure out what something may do or why it’s there in the first place. While it does not replace full documentation, it is a great way to get a picture of what your code does.
Single Line Comment
You can comment a single line of bicep code by adding ‘//’ to it. In the example below you can see my comment added to the tagging resource that we will go over next!
Instead of adding ‘//’ to every line you want to comment … Continue...
In the first post of the ‘Getting Started with Bicep’ series we learned what is Azure Bicep and how to install it and begin working with it. Next, we learned how to create our first Bicep template and user parameters and variables and the different data types there are. Now, in this section we will learn how to compile our Bicep templates and deploy them to Azure.
Compile Bicep to ARM
The first item we need to do is to compile or transpile (Transpiling is a specific term for taking source code written in one language and transforming into another language that has a similar level of abstraction.) our Bicep code to ARM (JSON) code. Then, once compiled, the resulting ARM (JSON) template will be deployed to Microsoft Azure.
From our previous post on ‘Getting Started with Bicep: Building your First Bicep Template‘ we created a basic Bicep … Continue...