Azure, Office 365, Technology

16. Monitoring and maintaining Azure AD

Analysing and investigating sing-in logs to troubleshoot access issues Viewing logs Go to Azure AD -> Sign ins From here view and filter the sign in logs. You can see information like: – IP address – Date time – Applications – Login Status (success/failure) – location If you click on a log entry you get more information such as the…

Continue Reading

Azure, Office 365, Technology

15. Planning, Implementing Privileged Access and Access Reviews

Understanding Privileged Identity Management (PIM) Traditionally we use RBAC to manage administration privileges. We assign privileges to a role, then give a user that role. PIM takes things to another level What is PIM? PIM allow you to manage, control and monitor access to resources in your organisation. These resources include: Azure AD, Azure, O365, Intune etc… PIM allows you…

Continue Reading

Azure, Office 365, Technology

SC-300 Course: Microsoft Identity and Access Administrator (Study Notes)

  I am currently studying for my SC-300: Microsoft Identity and Access Administrator exam. I am studying the content using John Christophers course on Udemy: https://www.udemy.com/course/sc-300-course-microsoft-identity-and-access-administrator/ On the following posts I will be uploading some of my study notes. This keeps me honest with making sure I keep have decent notes and hopefully they will be of help to other…

Continue Reading

Azure, Office 365, Technology

12. Managing Azure AD Protection

Understanding Azure Identity Protection with User and Sign in Risk policies Azure Identity Protection helps with the following tasks: Automate the detection and remediation of identity based risks (compromised accounts, phishing attacks etc…) Investigate risks using easy to find data Export risk data to third part tools for further analysis Identity Risk Detection Engines: Heuristics: the system monitors how the…

Continue Reading

Azure, Office 365, Technology

10. Managing User Authentication

Administering Authentication Methods (FIDO2/Passwordless) Issues with passwords: People get phished People use the same password for many systems Passwordless Based Authentication Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know. Azure and Azure Government offer the following three Passwordless authentication options: Windows Hello for…

Continue Reading

Azure, Office 365, Technology

9. Planning and Implementing Azure Multifactor Authentication (MFA)

Understanding the Concepts of Multifactor Authentication   What is MFA?   Authentication methods: Something you know: password, pin etc… Something you have: smart card, key fob, mobile phone etc… Something you are: biometrics MFA is using a combination of these methods. No single step authentication is strong enough on its own in today’s cyber security climate. Two step verification significantly…

Continue Reading

Azure, Office 365, Technology

8. Implementing & Managing Hybrid Identity

Migration of On Premise Users and Groups You don’t have to sync your whole domain to the cloud. You can select which users to sync using OU’s and Groups. You can include and exclude specific OU’s and Groups     Understanding SSO, PHS, PTA and ADFS Federation Concepts   Azure AD Auth uses different languages to AD on premise. Azure…

Continue Reading

Azure, Office 365, Technology

7. Understanding SSO, PHS, PTA & ADFS SAML Identity Strategies and Concepts

Evaluating Requirements and Solutions – Sync for PHS, PTA and ADFS SAML Federation   Authentication for Hybrid Identity Managed Authentication: Azure AD will handle the authentication locally by using a locally stored hashed version of the password or sends the credentials to an on-premise software agent to be authenticated on the premise by AD DS Federated Authentication: Azure AD redirects…

Continue Reading