Introduction If you are anything like me, you probably get fed up managing Windows Server updates manually pretty quickly. Logging onto servers, checking for updates, installing them, rebooting them, trying to keep track of which servers have been updated, what updates were installed etc… etc… I wanted to automate the process but still have control over when the updates were…
Analysing and investigating sing-in logs to troubleshoot access issues Viewing logs Go to Azure AD -> Sign ins From here view and filter the sign in logs. You can see information like: – IP address – Date time – Applications – Login Status (success/failure) – location If you click on a log entry you get more information such as the…
Understanding Privileged Identity Management (PIM) Traditionally we use RBAC to manage administration privileges. We assign privileges to a role, then give a user that role. PIM takes things to another level What is PIM? PIM allow you to manage, control and monitor access to resources in your organisation. These resources include: Azure AD, Azure, O365, Intune etc… PIM allows you…
Defining Catalogs for Entitlement Management Microsoft provides us with a way a user can self-manage access rights to resources using “self-service”. With this method a user can logon and request access to a particular resource. A catalog is a group of resources like access packages. EG: if the company is doing a big marketing push, you could create a catalog…
Configuring Custom SaaS Enterprise Apps with Token Customisation An example of this is: An app that runs on an onsite managed web server in the DMZ with an internet facing interface. EG: app1.spk.com We want to tie this to Azure AD for authentication so users go to Azure AD to get a token to access the app Azure AD has…
I am currently studying for my SC-300: Microsoft Identity and Access Administrator exam. I am studying the content using John Christophers course on Udemy: https://www.udemy.com/course/sc-300-course-microsoft-identity-and-access-administrator/ On the following posts I will be uploading some of my study notes. This keeps me honest with making sure I keep have decent notes and hopefully they will be of help to other…
Understanding Azure Identity Protection with User and Sign in Risk policies Azure Identity Protection helps with the following tasks: Automate the detection and remediation of identity based risks (compromised accounts, phishing attacks etc…) Investigate risks using easy to find data Export risk data to third part tools for further analysis Identity Risk Detection Engines: Heuristics: the system monitors how the…
Understanding Security Defaults When you first setup your M365 tenant there are number of security defaults put in place automatically. This is a set of basic identity security mechanisms recommended by Microsoft. EG: turn on MFA for Global Administrators These security defaults are in: Azure AD -> Properties At the bottom of the page there is a link that…
Administering Authentication Methods (FIDO2/Passwordless) Issues with passwords: People get phished People use the same password for many systems Passwordless Based Authentication Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know. Azure and Azure Government offer the following three Passwordless authentication options: Windows Hello for…
Understanding the Concepts of Multifactor Authentication What is MFA? Authentication methods: Something you know: password, pin etc… Something you have: smart card, key fob, mobile phone etc… Something you are: biometrics MFA is using a combination of these methods. No single step authentication is strong enough on its own in today’s cyber security climate. Two step verification significantly…