Skip to content

Company branding and custom CSS in Azure Active Directory

Company branding in Azure AD is a nice feature that allows administrators to prettify the sign-in experience for their end-users. It also comes with the possibility of ingesting custom CSS code. A client recently moved from ADFS to Azure AD, and they wanted to update the sign-in screen to look more like the good old ADFS theme. Now, this is pretty easy to do, but by default, the background image comes with an overlay to improve contrast and legibility. Time… 

Running Evilginx 3.0 on Windows

In case you missed it: Evilginx 3 was recently launched to the public. This release is a quality-of-life update and has many fixes and a few new features onboard. You can find the changelog here. Big thanks to the creator Kuba Gretzky for this! With the new release, the tool no longer has built-in phishlets onboard but is re-launched as a framework where red-teamers can build phishlets for basically any web application. Due to some changes under the hood, the… 

Step-up authentication with Defender for Cloud Apps and Authentication Context

In this post, I will show you how you can integrate Azure AD’s Authentication Context with Defender for Cloud Apps to require step-up authentication for specific scenarios. Step-up authentication allows you to re-evaluate Azure AD Conditional Access policies when users take sensitive actions during a session. To demonstrate this feature, we need to do the following steps: 1. Create Authentication Context (tag) First, we’ll need to define the Authentication Context̀. This will be used to ‘tag’ resources or actions. Go… 

Send an email on a new Azure MFA method registration

I’ve done quite some Azure MFA projects over time (and counting), and as we mainly focus on the technical side, there are also practical sides to consider. Every project has its own approach and challenges, and more importantly: the user is impacted more or less, and that asks for some guidance. Now, this solution comes in handy if you want to act on new registrations for Azure MFA methods. That can be an action of any kind. To give you… 

Microsoft icons

That’s the post for today. Just a bunch of sources with icons from Microsoft 365, Azure, Azure AD, and other Microsoft-related services. This can be super handy if you need high-quality images for your excellent slides and documentation. Enjoy! Do you have a source to add? Drop me an email! Happy to keep this list going. Amazing Icon Downloader Amazing Icon Downloader – Microsoft Edge Addons Awesome extension for Edge & Chrome. This works pretty well if you use the… 

Report Suspicious Activity & Fraud Alert for Azure MFA

A new feature popped up in Azure AD. Well, not entirely new, I must say. Reading from the docs, Report Suspicious Activity is an enhancement of the Fraud Alert feature that has existed for quite some time. Until now, administrators could enable Fraud Alert for Azure MFA so that users could report when suspicious MFA prompts are received. Users who reported fraud could be automatically blocked so they could no longer sign in. As this is a good feature, it… 

Authenticator Lite – Approve Azure MFA prompts with the Outlook app

Microsoft released a new feature where the Outlook mobile app now has some of the Microsoft Authenticator App features onboard. Users can now enroll for Azure MFA using just their Outlook mobile app. No additional installation of the Microsoft Authenticator app is needed. This preview brings both push notifications and TOTP to the Outlook mobile app. Users are prompted for enrollment or can manually register their app to work with a Microsoft 365 account once this feature is enabled. What… 

System-preferred multifactor authentication in Azure AD. Don’t settle for less.

A new feature has popped up in Azure AD: System-preferred multifactor authentication (MFA). This will allow administrators to enforce the most secure method for Azure MFA. For example, if a user has multiple methods registered, the most secure method will be prompted first. How do I know what method is the strongest, you may ask? Here is the current order from most to least secure methods, currently supported in Azure Active Directory: This list is dynamic and may change as… 

Duplicate Azure Active Directory Conditional Access policies

In this post, we look at managing Conditional Access policies and, in particular, duplicating existing policies. This can be super handy when you: This can be done in various ways, but today we use two different methods: Duplicate a policy using the Conditional Access UI Now in public preview, Microsoft refreshed the interface and enhanced the user experience with an updated design and a few new improvements. One of them is the ability to duplicate existing policies. Find your “source”… 

Mailbox usage reports, Graph API, and Logic Apps. What’s not to like?

Exchange Online does a pretty good job when it comes to alerting on mailbox storage. Exchange Online provides three kinds of notifications when a user’s mailbox is nearing or at capacity: And still, we find ourselves getting helpdesk tickets about mailboxes that can no longer send or receive email. It’s time to dive into the Exchange Storage reports. A good report can be downloaded from the Microsoft 365 admin center, but that is a manual action. What if we could…