blog.icewolf.ch

Let's talk about IT!
posts - 2147, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Security

Patches, Updates, Applications, Windows, Virus, Trojans
AzureADAssessement and PowerBI Reports

Hi All, Recently i came across an interessting Project. Now i had some Time to check it out. Microsoft Azure AD Assessment https://github.com/AzureAD/AzureADAssessment ## Install Module Install-Module AzureADAssessment ## Authenticate using a Global Admin or Global Reader account. Connect-AADAssessment ## Export data to "C:\AzureADAssessment" into a single output package. Invoke-AADAssessmentDataCollection It's important to say, that you have to use PowerShell 7. Seems to be that you need to have an Azure Active Directory P2 License to gather all the Logs. This generates the follinwing Output Now you can create the Reports with these Files Complete-AADAssessmentReports -Path C:\AzureADAssessment\AzureADAssessmentData-icewolfch.onmicrosoft.com.aad -OutputDirectory C:\AzureADAssessment\icewolfch\Report PowerBI Reports Let's open up AzureADAssessement.pbit You have to fis some Settings to use the Report Now the PowerBI...

posted @ Saturday, September 3, 2022 9:55 AM | Filed Under [ Security Azure ]

New Microsoft Authenticator settings in AzureAD

Hi All, I've seen some Posts about the new Microsoft Authenticator settings in AzureAD. Here is how you get there. Go to the Azure Active Directory Portal https://aad.portal.azure.com and select "Security" On the Security Page open "Authentication methods" On Authentication methods select "Microsoft Authenticator" On Microsoft Authenticator Settings select "Configure" Here you can change some settings that are already available quite for a while, but now you have a GUI to it. How to use number matching in multifactor authentication (MFA) notifications (Preview) - Authentication Methods Policy https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match How to use additional context in Microsoft Authenticator notifications (Preview) - Authentication methods policy https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-additional-context These Settings can be found in the Graph API https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator Regards Andres...

posted @ Saturday, September 3, 2022 9:32 AM | Filed Under [ Security Azure ]

VMware Tools update 12.1.0 to fix CVE-2022-31676

Hi All, VMware has released a Security Advisory to address the CVE-2022-31676. You need to upgrade to VMware Tools 12.1.0 to fix the Issue. https://www.vmware.com/security/advisories/VMSA-2022-0024.html VMware Tools 12.1.0 Download https://customerconnect.vmware.com/downloads/details?downloadGroup=VMTOOLS1210&productId=1259&rPId=92824 After you have downloaded the ZIP file mount the vmwaretools.iso and run the Setup64.exe (or setup.exe on x86 Processors) On my Server i had to restart and relaunch the Setup Looks good after the Reboot and again launched setup64.exe Let's check in VCSA Regards Andres Bohren

posted @ Wednesday, August 24, 2022 3:35 PM | Filed Under [ Security Virtualisation ]

Exchange Server Support for Windows Extended Protection

Hi All, With the August 2022 Updates for ExchangeServer 2013/2016/2019 there is a new Feature called Windows Server Extended Protection. This will help against authentication relay or "man in the middle" (MitM) attacks. Exchange Server Support for Windows Extended Protection https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/ does not work with hybrid servers using Modern Hybrid configuration SSL Offloading scenarios are not supported Automated Archiving with Archive Policy is not suported TLS configuration must be consistent across all Exchange servers Access to Public Folders on Exchange 2013 not supported The newest...

posted @ Thursday, August 11, 2022 6:15 AM | Filed Under [ Security Exchange ]

Safe Links Block list have been moved to Tenant Allow Block List (TABL)

Hi All, The M365 Defender for Office Safe Links Block list have been moved to Tenant Allow Block List (TABL) If you click on "Global Settings" https://security.microsoft.com/safelinksv2 you can see that the Block List have been Migrated Let's check the Tenant Allow/Block List https://security.microsoft.com/tenantAllowBlockList You can view the TenantAllowBlockList Items with the following Exchange command Get-TenantAllowBlockListItems https://docs.microsoft.com/en-us/powershell/module/exchange/get-tenantallowblocklistitems?view=exchange-ps Get-TenantAllowBlockListItems -ListType URL Get-TenantAllowBlockListItems -ListType URL | where {$_.Notes -match "Migrated"} I came across the "Other Features". Here is the List of features that will be migrated from Microsoft from the Classic Exchange Admin Center to the new Exchange Admin Center or a diffrent Location. Now you know what features will show up in the...

posted @ Friday, July 8, 2022 11:33 AM | Filed Under [ Security Exchange ]

Defender for Office365 Changes in Anti-Malware Notifications

Hi All, There has been a change in the Defender for Office 365 Anti-Malware Policy notifications. Summary: internal and external Notifications are gone and Action is changed only to "Quarantine" or "Reject" (with NDR). Not much to see on the M365 Roadmap But there are more Details in the M365 Admin Portal in Message Center In the M365 Defender Portal you can review the Settings https://security.microsoft.com/antimalwarev2 Internal- and ExternalSendernotifcations are gone. Only two Settings are available Microsoft Defender for Office 365: Anti-malware policy notifications https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=In%20development%2CRolling%20out&searchterms=93212 The Parameters "Action", "EnableInternalSenderNotifications", "EnableExternalSenderNotifications" are gone. Notifications can only be sent to the Admin if you want. The Parameter "Action" has been replaced with "FileTypeAction"...

posted @ Saturday, July 2, 2022 10:49 AM | Filed Under [ Security Exchange ]

Analyze Azure Active Directory Sign-in Location

Hi All, Azure Active Directory Sign-in Logs is really helpful, when analyzing Sign-in Problems. But it also can be very helpful, when analyzing the overall Sign-ins or looking out for strange behavior. One of the Tips would be th Filter for Location and use the CountryCode and Status of Sucess I have set up Azure Active Directory Diagnostics to save the Sign-In Logs to a LogAnalytics Workspace. Here you can Query the Logs with KQL. Let's search for Logins that come from Outside Switzerland. SigninLogs | where TimeGenerated > ago(30d) | where LocationDetails.countryOrRegion <> "CH" //| where Status.errorCode <> "0" //Not Sucessful Logins | project UserPrincipalName, Status.errorCode, Status.failureReason,AppDisplayName, ResourceDisplayName, LocationDetails.countryOrRegion It's...

posted @ Thursday, May 26, 2022 8:12 AM | Filed Under [ Security Azure ]

Windows Hello for Business - Couldn't turn on the Camera

Hi All, I've been using Windows Hello for Busindess with Face recocnition since a long time on my Surface Laptop 3. This week it stopped working suddently with the Message "Couldn't turn on the Camera". Even the Driver and Firmware Update did not help. The Camera App is working just fine. Also in Teams the Camera works fine. In the End i remved the two Cameras in the Device Manager (devmgmt.msc) and searched for new Hardware. The Camera where added back again and Windows Hello for Business Face recocnition did work again. Regards Andres Bohren

posted @ Tuesday, March 29, 2022 9:20 PM | Filed Under [ Security Windows ]

Protect your Azure SQL Database with Firewall Rules

Hi All, In this Blog Article, i want to talk about how to protect your Azure SQL Databases with Firewall Rules at Server or Database level. Azure SQL Database and Azure Synapse IP firewall rules https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure The Server Level you can find on your Server Object You can also find this when query the master Database --Database: master SELECT * FROM sys.firewall_rules At the Database level use this sp_set_firewall_rule (Azure SQL Database) https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-firewall-rule-azure-sql-database?view=azuresqldb-current --Database: db_home_icewolf Select * FROM sys.database_firewall_rules To allow Azure Services add the following -- Enable Azure connections.   EXECUTE sp_set_database_firewall_rule N'Allow Azure', '0.0.0.0', '0.0.0.0'; to add a custom IP or IP Range use these -- Create database-level firewall setting for only IP 0.0.0.4   EXECUTE...

posted @ Saturday, March 19, 2022 9:45 AM | Filed Under [ Security SQL Azure ]

Microsoft Defender for Endpoint

Hi All, In mid January Microsoft Announced, that the Microsoft Defender for Endpoint Plan 1 will be now Included in M365 E3/A3 Licenses. Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-plan-1-now-included-in-m365-e3/ba-p/3060639 My Account has a M365 E3 License and i can see "Microsoft Defender for Endpoint Plan 1" has been assigned. Overview of Microsoft Defender for Endpoint Plan 1 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide I went for the Documentation and Set it up in Micrsosoft Endpoint Manager. Set up and configure Microsoft Defender for Endpoint Plan 1 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide I was not sure if i had to choose the Group with the User or the Group with the Computer....

posted @ Saturday, February 5, 2022 9:25 PM | Filed Under [ Security Windows Microsoft365 ]

Full Security Archive

Powered by:
Powered By Subtext Powered By ASP.NET