This blog was inspired by an Azure AD Mailbag blog about Azure AD Identity Protection. In the article, Microsoft provided a PowerShell script sample that you can use for bulk dismissal of risky users. Today I will show you how you can use either Power Automate or Logic Apps to do the same. You could use the Graph API with an HTTP request for this, but to make things simple, I created a custom connector. I used the riksyUser Graph…
Part 2 – Automation In the previous blog post of this series, I’ve shown you the use of the Graph API and how you could manually populate the phone methods for your users. Today, we are going to take it a step further. We’re going to add some automation with Power Automate by using a custom connector. What are we building? Today we are going to add a phone method for all your users using Power Automate and a custom…
Part 1 – Graph API What is the number one task if we want to protect our identity? Right. Turn on MFA.What is the number one task our helpdesk is busy with all day (and night)? Right. Password Resets.What is the number one struggle when we want to implement security? Right. User experience.So, what are you gonna get by reading this blog post? Some light at the end of the tunnel. Buckle up! What’s the case here? I start at…
This blog is about Azure AD Identity Protection and Conditional Access, and how these two features are working together. This is not my first article on this subject. (neither my last) In previous blogs, I covered the sign-in risk and user risk policies as part of the Secure Score Series, and in my blog, about Azure Multifactor Authentication I talked about Azure AD Identity Protection, and how it can be used to roll out MFA in your organization. Microsoft released…
Last week, I was working on a new blog for the Secure Score Series regarding global admin and break glass accounts. I came to the point where I was thinking of possible scenarios that could go wrong with these accounts. What if someone accidentally added these users to a certain group? What if that group would be triggered in some policy or maintenance tasks? A lot of these actions can be discovered using Microsoft Cloud App Security and Azure Monitor.…
Designate more than one global admin Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It’s important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach. Having too many global admins is no good. But having only one global admin is even worse. Let’s talk about global…
Set automated notifications for new and trending cloud applications in your organization With Cloud Discovery policies, you can set alerts that notify you when new apps are detected within your organization. And again, we’re back at Cloud App Security. Earlier I showed how MCAS can help you to discover shadow IT in your organization by ingesting your firewall and proxy log files. Today, we take a look at the app discovery policies that are available. If you are new to…
Recently, Microsoft introduced Administrative Units in Azure Active Directory. At the time of writing, this feature is in preview. Today we take a first look at how this is going to help organizations managing users and groups in Azure Active Directory. But to understand why this feature is such a big deal, we need to know what the difference is between the “classic” Active Directory and the “modern” Azure Active Directory structure. Active Directory To illustrate this, I created a…
Turning on the customer lockbox feature requires that approval is obtained for data center operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There’s an expiration time on the request and content access is removed after the support engineer has fixed the issue. Today we are going to talk about the Customer Lockbox feature in Office 365. Some privacy regulations like HIPAA and FEDRAMP require procedures…
With the user risk policy turned on, Azure AD detects the probability that a user account has been compromised. As an administrator, you can configure a user risk conditional access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state. Today, we take a look at Azure AD Identity Protection. More specifically, the ability to take…