https://buff.ly/3n0GNCT 5 Great Reasons to Use Azure Conditional Access for Azure Active Directory by @mrdenny was recently published to show people what the benifits are Azure Conditional Access are. #AzureAD #conditionalAccess

#PowerPlatform 's protection is an important part of a #governance strategy and I thought sharing some learning on the topic could be interesting 😊

What better place than the authentication to start this tour: https://medium.com/raphaël-pothin/power-platforms-protection-azure-ad-conditional-access-aad61810851e

#Security #AzureAD #ConditionalAccess

Is anybody out there using this #conditionalaccess feature in practice?
Let me know if you do

Using Authentication Context to Secure SharePoint | Practical365 https://practical365.com/using-authentication-context-with-azure-ad-conditional-access-policies-to-secure-access-to-sensitive-sharepoint-content/

Practical Protection: #AzureAD #ConditionalAccess – Location, Location, Location #LocationLocation https://bit.ly/3Z8ZMZ8 #Microsoft #Office #Office365

Merill Fernando, a Microsoft Product Manager for AAD has done it again! #IdentityPowerToys https://idpowertoys.com - with the ability to now export your
#AzureAD #ConditionalAccess - straight to PowerPoint!

Adversary-in-the-middle (AiTM) phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality.

Dig into an example of a real-life attack and explore how to mitigate these types of attacks.

https://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/

#AiTM #mfa #2fa #multifactorauthentication #azure #azuread #azureactivedirectory #defender #xdr #microsoft365defender #microsoft #microsoftsecurity #microsoft365 #conditionalaccess #antiphishing #sentinel #microsoftsentinel #identity #identityprotection #reverseproxy #cybersecurity #iam #iag #ueba #credentialtheft #phishing #soc #securityanalyst #monitoring #risk

Integration of Authentication Context in #AzureAD PIM is a great addition for implementing #ConditionalAccess. It allows to trigger a policy when an eligible #AzureAD, #Azure or Group membership will be requested. I like to share some of my notes from the field...

ℹ️ Auth. Context will not enforce re-authentication. There is no step-up if you are already satisfied conditions/controls by token claim (e.g. previously Passwordless sign-in will not re-prompt for PIN or Biometric). It would be great to combine the feature with SIF Everytime.

💡 I experimented with following step-up: FIDO2/WHfB is already enforced in CA policy (Auth. Strength). Auth. Context is requesting GPS-based Location from Auth. App to verify access from allowed countries. User will be prompted for Number Match + GPS during role activation.

⚠️ Owner and User Access Administrator can change or remove assignment to Authentication Context from PIM role settings:
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings

But also Classic Administrators (e.g., from EA Portal) are able to modify PIM role settings. Keep this in mind!

Duplicate Azure Active Directory Conditional Access policies https://rodtrent.com/b1z

#Azure #ConditionalAccess

Does your company have external IPv6 addresses and you use #AzureAD ?
Then better update your named locations.

#CAP #ConditionalAccess

https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/azure-ad-ipv6-support?WT.mc_id=AZ-MVP-5004810

IPv6 Coming to Azure AD.
Microsoft will begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.

https://lnkd.in/dYnz7k4f
#microsoft #ipv6 #azure #azure #azuread #azureactivedirectory #ipv4 #conditionalaccess #microsoftentra #identity #identityprovider #idp #iam #iag

Common security policies for Microsoft 365 organizations https://rodtrent.com/z00

#Security #MicrosoftSecurity #Cybersecurity #AppProtection #Intune #DeviceProtection #ConditionalAccess #WhyNoMFA

New blog post: "Securing privileged user access with #AzureAD #ConditionalAccess and #IdentityGovernance"

Overview and considerations to enforce security controls for using #PAW, strong authentication and manage access for privileged roles based on tiering levels.

https://www.cloud-architekt.net/securing-privileged-access-conditionalaccess-governance/

New blog post: "Securing privileged user access with #AzureAD #ConditionalAccess and #IdentityGovernance"

Overview and considerations to enforce security controls for using #PAW, strong authentication and manage access for privileged roles based on tiering levels.

https://www.cloud-architekt.net/securing-privileged-access-conditionalaccess-governance/

It’s great seeing people start to see the benefit and power of conditional access policies. A friend is deploying them for their org, and they have well and truly fell down the rabbit hole. First it was MFA for all, then device profiles… now full on passwordless, TAP and strong authentication types.

#aad #azureAd #conditionalaccess #iam

Microsoft conditional access en Jamf Pro, better together!

#ConditionalAccess #bettertogether #Mac #Jamf #TrustedAccess

https://www.jamf.com/blog/microsoft-intune-and-jamf-pro-better-together-to-manage-and-secure-macs/

Microsoft conditional access en Jamf Pro, better together!

#ConditionalAccess #bettertogether #Mac #Jamf #TrustedAccess

https://www.jamf.com/blog/microsoft-intune-and-jamf-pro-better-together-to-manage-and-secure-macs/

I've started to work on the next part of the blog series about securing privileged access in #AzureAD and #Azure. Designing #ConditionalAccess policies and configuring #AccessPackages (in consideration of Enterprise Access/Tiering Model) will be the focus of the upcoming article.

I‘m very looking forward to talk about #AADOps 🚀 PoC at M365 Security & Compliance User Group next week! Join this demo-driven session to learn more about automated deployment and management of #AzureAD #ConditionalAccess with #AzureDevOps

Free registration and more details: https://www.meetup.com/m365sandcug/events/289835138/

@zimmergren I am very much a "in the weeds" director. Lead from the front so to speak. I took over this position a year ago from my predecessor that had the mentality of: "we are in the cloud, I don't have to worry about security."

So I was going through and setting up #ConditionalAccess and it had been a few years since I configured that, so I looked up the docs. If you are using #O365, you get pointed to Security Center to configure it. But Microsoft centralized that in a new interface and asks if you want to move your legacy policies into the new location. Anyway, what they don't tell you is that you must first set up Conditional Access in #AzureAD, then set up application specific policies in O365. None of the docs explain that. #AAD CA covers your azure environment and establishes the parameters for CA in O365, but the policies define how it's used. So if you didn't set up the policies you get partial CA.

Another obscurity is DLP in that the training/learning group doesn't work like you would think it does. But that's a book on it's own.

I left out a lot of details, but I hope that kind of covers it.

I agree the docs have gotten better over time, but I feel like the security based docs are lagging behind general IT docs.

Attackers Horn in on MFA Bypass Options for Account Takeovers - Legacy applications don't support modern authentication -- and cybercriminals know this. https://threatpost.com/attackers-mfa-bypass-account-takeovers/158189/ #multifactorauthentication #businessemailcompromise #legacyapplications #conditionalaccess #abnormalsecurity #vulnerabilities #accounttakeover #mobilesecurity #cloudsecurity #websecurity #mfabypass #office365 #privacy #breach #hacks