Security

A new feature popped up in Azure AD. Well, not entirely new, I must say. Reading from the docs, Report Suspicious Activity is an enhancement of the Fraud Alert feature that has existed for quite some time. Until now, administrators could enable Fraud Alert for Azure MFA so that users could report when suspicious MFA prompts are received. Users who reported fraud could be automatically blocked so they could no longer sign in. As this is a good feature, it… 

Microsoft released a new feature where the Outlook mobile app now has some of the Microsoft Authenticator App features onboard. Users can now enroll for Azure MFA using just their Outlook mobile app. No additional installation of the Microsoft Authenticator app is needed. This preview brings both push notifications and TOTP to the Outlook mobile app. Users are prompted for enrollment or can manually register their app to work with a Microsoft 365 account once this feature is enabled. What… 

A new feature has popped up in Azure AD: System-preferred multifactor authentication (MFA). This will allow administrators to enforce the most secure method for Azure MFA. For example, if a user has multiple methods registered, the most secure method will be prompted first. How do I know what method is the strongest, you may ask? Here is the current order from most to least secure methods, currently supported in Azure Active Directory: This list is dynamic and may change as… 

In this post, we look at managing Conditional Access policies and, in particular, duplicating existing policies. This can be super handy when you: This can be done in various ways, but today we use two different methods: Duplicate a policy using the Conditional Access UI Now in public preview, Microsoft refreshed the interface and enhanced the user experience with an updated design and a few new improvements. One of them is the ability to duplicate existing policies. Find your “source”… 

Security Defaults is the best thing since sliced bread. I mean, come on! It will enforce MFA for everybody, will block that dirty legacy authentication, and even gives you features that you normally would pay big money for (Azure AD Identity Security). Good enough for a lot of (smaller) organizations out there. Today’s post is about that feature and the use of break-glass accounts. For a lot of folks, this post might be obvious, as this is their daily job… 

I’ve got some exciting news to share today. Microsoft has launched a public preview called “Authentication Methods Policy Convergence.” I was part of the private preview program, and I’m very happy to see this feature going public. In this post, I will give you a brief introduction to this new feature and explain why this is such a big deal. Current situation A while back, I wrote this post where I explained that the SSPR and MFA settings are very… 

Disclaimer Evilginx can be used for nasty stuff. It is the defender’s responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties, or for educational purposes. That being said: on with the show. Today a step-by-step tutorial on how to set up Evilginx and how to use it to phish for Office 365 or… 

This news seems to be kept under the radar a little bit, but I wanted to point out a new feature in Azure AD that might help out some organizations with their Azure MFA implementations. Take a look at this list of supported authentication methods, and notice that passwordless methods can also be used as a form of verification for Azure AD Multi-Factor Authentication: Microsoft Authenticator app Windows Hello for Business FIDO2 security key OATH hardware token (preview) OATH software…