Security
Patches, Updates, Applications, Windows, Virus, Trojans
Hi All,
Recently i came across an interessting Project. Now i had some Time to check it out.
Microsoft Azure AD Assessment
https://github.com/AzureAD/AzureADAssessment
## Install Module
Install-Module AzureADAssessment
## Authenticate using a Global Admin or Global Reader account.
Connect-AADAssessment
## Export data to "C:\AzureADAssessment" into a single output package.
Invoke-AADAssessmentDataCollection
It's important to say, that you have to use PowerShell 7.
Seems to be that you need to have an Azure Active Directory P2 License to gather all the Logs.
This generates the follinwing Output
Now you can create the Reports with these Files
Complete-AADAssessmentReports -Path C:\AzureADAssessment\AzureADAssessmentData-icewolfch.onmicrosoft.com.aad -OutputDirectory C:\AzureADAssessment\icewolfch\Report
PowerBI Reports
Let's open up AzureADAssessement.pbit
You have to fis some Settings to use the Report
Now the PowerBI...
Hi All,
I've seen some Posts about the new Microsoft Authenticator settings in AzureAD.
Here is how you get there.
Go to the Azure Active Directory Portal https://aad.portal.azure.com and select "Security"
On the Security Page open "Authentication methods"
On Authentication methods select "Microsoft Authenticator"
On Microsoft Authenticator Settings select "Configure"
Here you can change some settings that are already available quite for a while, but now you have a GUI to it.
How to use number matching in multifactor authentication (MFA) notifications (Preview) - Authentication Methods Policy
https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match
How to use additional context in Microsoft Authenticator notifications (Preview) - Authentication methods policy
https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-additional-context
These Settings can be found in the Graph API
https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
Regards
Andres...
Hi All,
VMware has released a Security Advisory to address the CVE-2022-31676. You need to upgrade to VMware Tools 12.1.0 to fix the Issue.
https://www.vmware.com/security/advisories/VMSA-2022-0024.html
VMware Tools 12.1.0 Download
https://customerconnect.vmware.com/downloads/details?downloadGroup=VMTOOLS1210&productId=1259&rPId=92824
After you have downloaded the ZIP file mount the vmwaretools.iso and run the Setup64.exe (or setup.exe on x86 Processors)
On my Server i had to restart and relaunch the Setup
Looks good after the Reboot and again launched setup64.exe
Let's check in VCSA
Regards
Andres Bohren
Hi All,
With the August 2022 Updates for ExchangeServer 2013/2016/2019 there is a new Feature called Windows Server Extended Protection. This will help against authentication relay or "man in the middle" (MitM) attacks.
Exchange Server Support for Windows Extended Protection
https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/
does not work with hybrid servers using Modern Hybrid configuration
SSL Offloading scenarios are not supported
Automated Archiving with Archive Policy is not suported
TLS configuration must be consistent across all Exchange servers
Access to Public Folders on Exchange 2013 not supported
The newest...
Hi All,
The M365 Defender for Office Safe Links Block list have been moved to Tenant Allow Block List (TABL)
If you click on "Global Settings"
https://security.microsoft.com/safelinksv2
you can see that the Block List have been Migrated
Let's check the Tenant Allow/Block List
https://security.microsoft.com/tenantAllowBlockList
You can view the TenantAllowBlockList Items with the following Exchange command
Get-TenantAllowBlockListItems
https://docs.microsoft.com/en-us/powershell/module/exchange/get-tenantallowblocklistitems?view=exchange-ps
Get-TenantAllowBlockListItems -ListType URL
Get-TenantAllowBlockListItems -ListType URL | where {$_.Notes -match "Migrated"}
I came across the "Other Features".
Here is the List of features that will be migrated from Microsoft from the Classic Exchange Admin Center to the new Exchange Admin Center or a diffrent Location. Now you know what features will show up in the...
Hi All,
There has been a change in the Defender for Office 365 Anti-Malware Policy notifications.
Summary: internal and external Notifications are gone and Action is changed only to "Quarantine" or "Reject" (with NDR).
Not much to see on the M365 Roadmap
But there are more Details in the M365 Admin Portal in Message Center
In the M365 Defender Portal you can review the Settings
https://security.microsoft.com/antimalwarev2
Internal- and ExternalSendernotifcations are gone. Only two Settings are available
Microsoft Defender for Office 365: Anti-malware policy notifications
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=In%20development%2CRolling%20out&searchterms=93212
The Parameters "Action", "EnableInternalSenderNotifications", "EnableExternalSenderNotifications" are gone.
Notifications can only be sent to the Admin if you want.
The Parameter "Action" has been replaced with "FileTypeAction"...
Hi All,
Azure Active Directory Sign-in Logs is really helpful, when analyzing Sign-in Problems.
But it also can be very helpful, when analyzing the overall Sign-ins or looking out for strange behavior.
One of the Tips would be th Filter for Location and use the CountryCode and Status of Sucess
I have set up Azure Active Directory Diagnostics to save the Sign-In Logs to a LogAnalytics Workspace.
Here you can Query the Logs with KQL. Let's search for Logins that come from Outside Switzerland.
SigninLogs
| where TimeGenerated > ago(30d)
| where LocationDetails.countryOrRegion <> "CH"
//| where Status.errorCode <> "0" //Not Sucessful Logins
| project UserPrincipalName, Status.errorCode, Status.failureReason,AppDisplayName, ResourceDisplayName, LocationDetails.countryOrRegion
It's...
Hi All,
I've been using Windows Hello for Busindess with Face recocnition since a long time on my Surface Laptop 3. This week it stopped working suddently with the Message "Couldn't turn on the Camera".
Even the Driver and Firmware Update did not help.
The Camera App is working just fine. Also in Teams the Camera works fine.
In the End i remved the two Cameras in the Device Manager (devmgmt.msc) and searched for new Hardware. The Camera where added back again and Windows Hello for Business Face recocnition did work again.
Regards
Andres Bohren
Hi All,
In this Blog Article, i want to talk about how to protect your Azure SQL Databases with Firewall Rules at Server or Database level.
Azure SQL Database and Azure Synapse IP firewall rules
https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure
The Server Level you can find on your Server Object
You can also find this when query the master Database
--Database: master
SELECT * FROM sys.firewall_rules
At the Database level use this
sp_set_firewall_rule (Azure SQL Database)
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-firewall-rule-azure-sql-database?view=azuresqldb-current
--Database: db_home_icewolf
Select * FROM sys.database_firewall_rules
To allow Azure Services add the following
-- Enable Azure connections.
EXECUTE sp_set_database_firewall_rule N'Allow Azure', '0.0.0.0', '0.0.0.0';
to add a custom IP or IP Range use these
-- Create database-level firewall setting for only IP 0.0.0.4
EXECUTE...
Hi All,
In mid January Microsoft Announced, that the Microsoft Defender for Endpoint Plan 1 will be now Included in M365 E3/A3 Licenses.
Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-plan-1-now-included-in-m365-e3/ba-p/3060639
My Account has a M365 E3 License and i can see "Microsoft Defender for Endpoint Plan 1" has been assigned.
Overview of Microsoft Defender for Endpoint Plan 1
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide
I went for the Documentation and Set it up in Micrsosoft Endpoint Manager.
Set up and configure Microsoft Defender for Endpoint Plan 1
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide
I was not sure if i had to choose the Group with the User or the Group with the Computer....
Full Security Archive