Category Enterprise Security

How to Enable “Security Defaults” in Azure and Office 365

By inActive Directory, Azure AD, Azure Security, Cloud & Datacenter Management, Conditional Access, Enterprise Security, Microsoft Azure, Office 365, Office Apps & Services, Office365, Security & Compliance, Security & Compliance Tag , , , , , , , , , , , , , , , ,

Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS

What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to perform multi-factor authentication.
  • Blocking legacy authentication protocols.
  • Requiring users to perform multi-factor authentication when necessary.
  • Protecting privileged activities like access to the Azure portal.

Azure Active Directory security defaults | Microsoft Docs

How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save

Useful links:

Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine

Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)

Microsoft Azure Security – Study Notes

By inAdvisor, Alerts, Alerts, App Service, Azure AD, Azure Container Registry, Azure Monitor, Azure Security, Blueprint, Cloud & Datacenter Management, Cloud Security, Conditional Access, Content Trust, Cyber Security, Enterprise Security, Enterprise Security, Externsions, Hot Wired IT Solutions, IAM, Identity Protection, Key Vault, Kubernetes, Logs, Management Locks, Microsoft, Microsoft Azure, Networks, Powershell, Roles, Users and Groups, Security & Compliance, Security Center, Storage Tag , , , , , , , ,

A collection of all my study notes and lab work while working towards passing the badge Microsoft Certified Security Engineer Associate by passing the AZ-500 exam

These notes are in no order and are not focused towards any exam content other than sharing my experience of configuring and automating security within Azure in the run up to the final exam.

  1. Azure – Setup Azure Blueprints
  2. Azure – Advisor
  3. Azure – AD Identity Protection
  4. Azure – Install and Configure Antimalware On A Virtual Machine
  5. Creating Security Baselines In Microsoft Azure
  6. Azure – Log Analytics Workspace and AzureVirtual Machine Agent Install
  7. Azure – Access Control and Role Assignment
  8. Azure – Configure Management Locks – Prevent Accidental Deletion Of Core Resources
  9. AZURE – Control Storage Access by Networks
  10. Azure – Update Management
  11. Azure – Monitoring Alert On Virtual Machine CPU Usage
  12. Azure – Register An Application in AD and Generate App Password
  13. Azure – Activity Log
  14. Azure – Route Tables – How To Force Traffic Down A Specific Route
  15. Azure – Content Trust in ACR and Roles
  16. Azure – Creating Key Vaults
  17. Azure – Create Kubernetes Cluster with ACR Integration
  18. Azure – Monitor / Alerts – Create Action Group to Notify Admin/User by SMS & Email
  19. Azure – Security Center and Pricing
  20. Azure Conditional Access Policies – Greyed Out
  21. Azure – Configure Web App Custom Domain and TLS
  22. Azure – Configure Web App and Licenses
  23. AZ-500: Microsoft Azure Security Technologies – EXAM PASSED!!!

MS365 – Azure AD – Dynamic Groups and Expiration Settings

By inActive Directory, Azure AD, Azure Security, Cloud & Datacenter Management, Enterprise Security, Microsoft, Microsoft Azure, Office 365, Office Apps & Services, Roles, Users and Groups, Security & Compliance Tag , , , , , , , , , , , , , , , ,

Maintain groups in Azure AD with dynamic groups and set expiration settings.

Example scenario : Controlling remote access to sub contractors working on a short term project. The project owner should remove all access for sub contractors after the project completes

How to guide :

If we combine Dynamic Groups and Expiration settings, we can automatically populate groups and then invoke regular check to maintain groups are still required. Group owners will be reminded regularly to verify groups are required. Owners will have a better understanding of who has access and this help assist with your security policies.

Dynamic Group Example

Steps: Azure Active Directory > New Group > Type : Office 365 > Name, Description, Dynamic User > Owner > Dynamic user Members

Group Name : Sub Contractors    – Set the value for department equals “Sub Contractor”

Dynamic User Members    – Add Experssion

(user.department -eq “Sub Contractor”)

Configure Group lifetime / Expiration Settings

Steps: Azure Active Directory > Groups > Expiration > Days > No Owner email > Selected > Group > Save

“Renewal notifications are emailed to group owners 30 days, 15 days, and one day prior to group expiration. Group owners must have Exchange licenses to receive notification emails. If a group is not renewed, it is deleted along with its associated content from sources such as Outlook, SharePoint, Teams, and PowerBI.” Info from the portal Expiration settings.

Office 365 Security and Compliance – Alert When A Specific File Is Accessed

By inAlerts, Alerts, Azure Security, Cloud & Datacenter Management, Enterprise Security, Logs, Microsoft, Microsoft Azure, Office 365, Office Apps & Services, OneDrive, Security & Compliance, Security & Compliance, Security Center Tag , , , , , , , , , , , , , , , , , , ,

When a very important file stored in OneDrive needs to be monitored. This is how to create an alert on file activity. We specifically want to monitor and alert on any activity done to the specific file by any user.

This example file is called HR.doc and is stored in OneDrive.

This is how we created an alert policy for file activity of the file “HR.doc”.

Open Office 365 Security & Compliance

https://protection.office.com/alertpolicies

Alerts > Alert Policies > New Policy

Options selected

  • Status – Enabled
  • Severity – Medium
  • Category – Information Governance
  • Conditions – Activity is File Activity and File name is HR.doc
  • Scope – All Users
  • Email Recipients – email address
  • Limit the number of notifications – optional. 5 in this example

Test the alert by trying to modify or access the file.

Result

Alert email notification as shown below.

This logs an alert which then should be reviewed and investigated

Action the Alert

Content Search – Security And Compliance – Search A Mailbox For Specific Content And Then Export Results

By inAlerts, Alerts, Azure Security, Cloud & Datacenter Management, Enterprise Security, Exchange, Logs, Microsoft, Microsoft Azure, Office 365, Office Apps & Services, Security & Compliance, Security & Compliance, Security Center Tag , , , , , , , , , , ,

If you’re doing some compliance investigation work, you may need to search a user’s mailbox for specific words.

This is how To Search Email Content in Office 365 Security & Compliance for a specific user which sent email containing a specific word then export results.

Reference guides – Content search

Microsoft Docs Content Search

Microsoft Docs Export Search

Content Search : How to search a mailbox for specific keywords and export the data

Mircosoft 365 Admin Center -> Compliance Admin Center

Content Search > + New Search

New Search > Keywords “Blog” example > Specific Locations > Modify > Choose Users, Groups or Teams

Enter users name > Select > Choose

Done > Save > Save & Run > Save Search

This search will trigger a default alert email to be sent out

Next step, Export the results

Unable to preview results problem or export?

If you cannot preview, you need to add a role to the user account, eDiscovery Administrator role (Example) or eDiscovery Manager for specific cases / Compliance Admin / Compliance Data Administrator

You must sign out and sign in for the groups to take effect.

Now back to the search

After the you can see the preview, now you can click Export

Click Export > ReportsOnly or Export > Copy to clipboard export key > Download report > Install eDiscovery Export Tool

Export tool installs

Use the Export Key and Set a directory. 

File Downloads

Now you can open the report exported

MS 365 Compliance Admin Portal Error – Status code: 503

By inAzure Security, Business Applications, Cloud & Datacenter Management, Enterprise Security, Microsoft, Office 365, Office Apps & Services, Security & Compliance, Security & Compliance Tag , , , , ,

Issue : Trying to connect to Compliance Admin Portal to Run a content search. Error – Status Code : 503

“The operation could not be completed. Please try again later. If the problem persists, contact Microsoft support.”

https://compliance.microsoft.com/homepage

Error – Status Code : 503

Error


The operation could not be completed. Please try again later. If the problem persists, contact Microsoft support.

Show details


Request: /api/contextinfo/

Status code: 503

Diagnostic information: **{Version:17.00.4803.004,Environment:WEUPROD,DeploymentId:ee****************e9d84,InstanceId:WebRole_IN_3,SID:ea*********81c9,CID:5b8***416}

Time: Tue, 09 Jun 2020 09:47:27 GMT

Trouble loading the page

REFRESH. Tried once. Same. Waited a few mins. Connected

Searches crashing.. Tuesday problems

Request: /api/ComplianceSearch?id=Blog+Mail+Search

Status code: 503

Diagnostic information: **{Version:17.00.4803.004,Environment:WEUPROD,DeploymentId:ee608**********84,InstanceId:WebRole_IN_3,SID:eaf****1c9,CID:433***0}

Time: Tue, 09 Jun 2020 10:28:55 GMT

Finally Ran a Content Search and another page loading error

Content search

Show in navigation

Sorry, we’re having trouble loading the page. Try refreshing the page later. (page: /Ediscovery/ContentSearch/Management)

Refreshed… Paused… Refreshed 5mins later…

Reason : Check Service Health

Service Incident “Users may also encounter similar issues when attempting to access the Security & Compliance Center.”

Solution : Intermittent Refresh Screen / Wait for Microsoft to Resolve Service Issues

AZ-500: Microsoft Azure Security Technologies – EXAM PASSED!!!

By inAzure Security, Cloud & Datacenter Management, Cloud Security, Cyber Security, Enterprise Security, Enterprise Security, Hot Wired IT Solutions, Microsoft, Microsoft Azure, Security & Compliance Tag , , , , , , , , ,

AZ-500: Microsoft Azure Security Technologies

EXAM PASSED!!!

#Azure #Security #AzureSecurity #CertifiedProfessional #CloudSecurity #CloudFamily #CyberSecurity #MicrosoftAzure #MicrosoftCloud #Microsoft #alwaysbelearning #AZ500 #EXAM #PASSED 

Azure – Setup Azure Blueprints

By inAzure Security, Blueprint, Cloud & Datacenter Management, Cloud Security, Cyber Security, Enterprise Security, Enterprise Security, Microsoft, Microsoft Azure, Security & Compliance Tag , , , , , , , , ,

Challenge: Separate subscriptions for multiple disciplines under the same Azure Active Directory Tenancy.

Required : Each subscription to have the same role assignments

Solution : Azure Blueprints to define a repeatable set of Azure resources

How ?

Azure Blueprints provides

  • Role & Policy Assignments
  • ARM templates
  • And Resource Groups

Reference guides

Getting Started Azure Blueprints (PREVIEW)

Creating Blueprint Guide – Focused on Roles

Create a blue print, if your new, start with a sample predefined Blueprint.

For this example I have selected Resource Groups with RBAC (Role-based Access Control)

Create blueprint> Enter Name, Description and Definition Location

Next : Artifacts

Click Save Draft

How to Publish Blueprint

Click Blueprints > Blueprint Definitions > Select the version to publish


Click Publish blueprint.

Enter version and change notes > Click Publish