blog.icewolf.ch

Let's talk about IT!
posts - 2198, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Tuesday, November 15, 2022

Microsoft Azure Active Directory MFA Number matching comes in 2023

Hi All,

Basic Authentication has been mostly disabled. And Attackers now search for new ways to compromise M365 Accounts.
If you use Microsoft Authenticator Push Notifications - good for you. There is a thing called "MFA Fatique" that Attackers use to gain access. They send so many Push Requests until a user is annoyed and clicks on "Approve".

As anounced in the Article below, the MFA Number Matching will be enabled for all M365 Tenants starting end of February 2023. This will prevent these Attacks as the User needs to know the Number from the Request to Approve the MFA Signin.

Defend your users from MFA fatigue attacks

How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy

Go to Authentication Methods in your Azure Active Directory Tenant



I have enabled Number Matching for a Group in my Tenant


That is the Request after login in to https://office.com


And this is the Screen on the Microsoft Authenticator on the Smartphone.
Please note that i have also enabled the following Settings:
  • Show Application Name in push and passwordless notifications
  • Show geographic location in push and passwordless notifications



Regards
Andres Bohren


posted @ Wednesday, November 16, 2022 9:54 PM | Filed Under [ Azure ]

How IAM Systems can use Exchange RecipientManagement PSSnapin

Hi All,

I have already blogged about the Exchange 2019 Recipient Managemen PowerShell that can Manage Echange Objects without an Exchange Server running.

Install and use Exchange 2019 CU12 Recipient Management PowerShell

For Identity and Access Management Systems (IAM) provisioning, management and deprovisioning based in the past on crating a Remote PowerShell to Exchange Server. How do you Address this with the new Recipient Management?

In Fact there are two Solutions:
  • You install the Recipient Management PSSnapIn on the IAM Server (Management Tools)
  • You create a Remote PowerShell to a Server that has the Recipient Management PSSnapin installed
Let's have a look into the second Option.

$Cred = Get-Credential lab\administrator


New-PSSession

#Create PSSession
$PSSession= New-PSSession LAB03 -credential $cred

#Define String for Argumentlist
$Name = "Demo96"

#Invoke Remote Command
Invoke-Command -Argumentlist $Name -Session $PSSession -ScriptBlock {
    param($SamAccountName)
    
    Write-Host "Loading PSSnapin Microsoft.Exchange.Management.PowerShell.RecipientManagement" -ForegroundColor Green
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.RecipientManagement
    Get-PSSnapin

    Write-Host "SamAccountName: $SamAccountName"

    Write-Host "Enable-RemoteMailbox"   
    Enable-RemoteMailbox -Identity "$SamAccountName" -Alias "$SamAccountName" -RemoteRoutingAddress "$SamAccountName@serveralivech.mail.onmicrosoft.com" -Shared

    Write-Host "Get-RemoteMailbox"
    Get-RemoteMailbox -Identity $SamAccountName

    Write-Host "Remove-PSSnapIn"
    Remove-PSSnapin Microsoft.Exchange.Management.PowerShell.RecipientManagement
    Get-PSSnapin
}

#Remove PSSession
Get-PSSession | Remove-PSSession


As you can see i get an Authentication Error


The Solution comes here

Enable-WSManCredSSP -Role Server -Force
Enable-WSManCredSSP -Role "Client" -DelegateComputer LAB03



Let's check the Settings with the following Command

winrm get winrm/config/client


Let's try it again

#Create PSSession
$PSSession= New-PSSession LAB03 -authentication credssp -credential $cred

#Define String for Argumentlist
$Name = "Demo96"

#Invoke Remote Command
Invoke-Command -Argumentlist $Name -Session $PSSession -ScriptBlock {
    param($SamAccountName)
    
    Write-Host "Loading PSSnapin Microsoft.Exchange.Management.PowerShell.RecipientManagement" -ForegroundColor Green
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.RecipientManagement
    Get-PSSnapin

    Write-Host "SamAccountName: $SamAccountName"

    Write-Host "Enable-RemoteMailbox"   
    Enable-RemoteMailbox -Identity "$SamAccountName" -Alias "$SamAccountName" -RemoteRoutingAddress "$SamAccountName@serveralivech.mail.onmicrosoft.com" -Shared

    Write-Host "Get-RemoteMailbox"
    Get-RemoteMailbox -Identity $SamAccountName

    Write-Host "Remove-PSSnapIn"
    Remove-PSSnapin Microsoft.Exchange.Management.PowerShell.RecipientManagement
    Get-PSSnapin
}

#Remove PSSession
Get-PSSession | Remove-PSSession



As you can see that worked perfectly


Now you have the Solutions for your IAM System to Provision and Manage Exchange Objects without Exchange Services running. This improves the overall Security Posture as less Services are Exposed to the LAN or even Internet.

Keep in Mind that this Solution only works based on Kerberos - that means both Computers (IAM and Server with Recipient Managent PSSnapin) have to be Members of an Active Directory Domain.

Regards
Andres Bohren


posted @ Wednesday, November 16, 2022 9:25 PM | Filed Under [ Exchange PowerShell ]

MicrosoftTeams PowerShell Module 4.9.1 released as GA

Hi All,

Today Microsoft has released a new Version of the MicrosoftTeams PowerShell Module to the PowerShell Gallery.

MicrosoftTeams 4.9.1



Check installed Module and what's available in the PowerShell Gallery

Get-InstalledModule MicrosoftTeams -AllVersions
Find-Module MicrosoftTeams


Uninstall the old Module and install the newest Module

Uninstall-Module MicrosoftTeams
Uninstall-Module MicrosoftTeams
Install-Module MicrosoftTeams


Testing

Connect-MicrosoftTeams
Get-Team
Get-CsOnlineUser -Identity a.bohren@icewolf.ch | fl *Ent*,*host*,*voice*, *line*



Regards
Andres Bohren


posted @ Tuesday, November 15, 2022 10:46 PM | Filed Under [ PowerShell MicrosoftTeams ]

ExchangeOnlineManagement 3.0.1-Preview1 released

Hi All,

Today Microsoft has released the ExchangeOnlineManagement-Preview1 PowerShell Module.

ExchangeOnlineManagement 3.0.1-Preview1


Whats new in this release:

v3.0.1-Preview1 :
   1. Bug fixes in Connect-ExchangeOnline.
   2. Bug fix in Connect-IPPSSession for connecting to Security and Compliance PowerShell using Certificate Thumbprint.
   3. Mitigation for the known vulnerability in Newtonsoft.Json library. More details here: https://github.com/advisories/GHSA-5crp-9r3c-p9vr


Check what Version is installed and what's available from the PowerShell Gallery

Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement -AllowPrerelease


Uninstall the old Module and install the Preview Module

Uninstall-Module ExchangeOnlineManagement -Force
Install-Module ExchangeOnlineManagement -AllowPrerelease
Get-InstalledModule ExchangeOnlineManagement


Testing

Connect-ExchangeOnline
Get-Mailbox -Identity <Mailbox>


Here is the Code to Connect with a Certificate on the Local Cert Store.
What Permissions are needed can be found in the following Blog Post

Exchange Online PowerShell V2 Authentication with App in AzureAD (Update)

$AppID = "f38d26a7-740e-425f-aef5-2da3f3d595db"
$CertThumbprint = "07EFF3918F47995EB53B91848F69B5C0E78622FD"
$TenantID = "icewolfch.onmicrosoft.com"
Connect-ExchangeOnline -AppId $AppId -CertificateThumbprint $CertThumbprint -Organization $TenantID
Connect-IPPSSession -AppId $AppID -CertificateThumbprint $CertThumbprint -Organization $TenantID




Regards
Andres Bohren


posted @ Tuesday, November 15, 2022 9:51 PM | Filed Under [ Exchange PowerShell ]

Powered by:
Powered By Subtext Powered By ASP.NET