Tracking Microsoft Secure Score changes

Microsoft Secure Score is a useful feature in the Defender portal, but I missed the alerting option.

No Comments
by on May 6, 2024  •  Permalink
Posted in GraphAPI, PowerShell
Posted by Daniel Kovacs on May 6, 2024

https://f12.hu/2024/05/06/tracking-microsoft-secure-score-changes/

Reporting on Entra Application Proxy published applications – Graph PowerShell

I thought it will be a quick Google search to find a PowerShell script that will give a report on applications published via Entra application proxy, but I found only scripts (link1, link2, link3) using the AzureAD PowerShell module – so I decided to write a new version using Graph PowerShell. The script: Some story […]

by on April 4, 2024  •  Permalink
Posted in AzureAD, PowerShell
Posted by Daniel Kovacs on April 4, 2024

https://f12.hu/2024/04/04/reporting-on-entra-application-proxy-published-applications-graph-powershell/

Playing with Microsoft Passport Key Storage Provider – protect user VPN certificates with Windows Hello for Business?

I’m really into this Windows Hello for Business topic… Recently, I was going through the “RDP with WHfB” guide from MS Learn (link) which gave me an idea: can this method be used to protect user VPN certificates? The short answer is: yes, but no 🙂 TL;DR– Depending on your current infrastructure, several options are […]

No Comments
by on February 17, 2024  •  Permalink
Posted in AzureAD, Conditional Access, Windows Hello for Business
Posted by Daniel Kovacs on February 17, 2024

https://f12.hu/2024/02/17/playing-with-microsoft-passport-key-storage-provider-protect-user-vpn-certificates-with-windows-hello-for-business/

Convenience PIN policy enables Windows Hello for Business enrollment in Windows Security

Windows Hello and Hello for Business are usually mutually exclusive, but the Windows Security application is not aware of this when ‘Turn on convenience PIN sign-in’ is configured.

by on January 19, 2024  •  Permalink
Posted in AzureAD, GPO, Windows Hello for Business
Posted by Daniel Kovacs on January 19, 2024

https://f12.hu/2024/01/19/convenience-pin-policy-enables-windows-hello-for-business-enrollment-in-windows-security/

Hunting for report-only (Microsoft-managed) Conditional Access impacts

Evaluating report-only Conditional Access impact is very straightforward when Entra ID logs are streamed to Log Analytics. Those who can’t have this feature enabled can still use the AADSignInEvents beta table in Defender to find some extra insights.

by on January 17, 2024  •  Permalink
Posted in AzureAD, Conditional Access, KQL
Tagged , , , ,
Posted by Daniel Kovacs on January 17, 2024

https://f12.hu/2024/01/17/hunting-for-report-only-microsoft-managed-conditional-access-impacts/

Entra Workload Identities – Trusted Certificate Authorities (public preview)

In the November 2023 – What’s New in Microsoft Entra Identity & Security w/ Microsoft Security CxE identity episode, a public preview feature of Entra Workload ID premium license was presented (link) which was actually announced on November 9th (link). I really love the idea of restricting application key credentials to a predefined list of […]

by on December 11, 2023  •  Permalink
Posted in Entra Workload Identities, GraphAPI, PowerShell
Tagged ,
Posted by Daniel Kovacs on December 11, 2023

https://f12.hu/2023/12/11/entra-workload-identities-trusted-certificate-authorities-public-preview/

Entra Workload Identites passwordLifetime policy vs. Entra ID Application Proxy – Application operation failed

Back in the days, I wrote about the Entra Workload Identities Premium licence and it’s very appealing capabilities (link). One of my favorites was the defaultAppManagementPolicy which can (also) restrict the lifetime of (new) password credentials created for an application. Well, it looks like I was too restrictive which led to the error message in […]

by on November 12, 2023  •  Permalink
Posted in AzureAD, Entra Workload Identities
Posted by Daniel Kovacs on November 12, 2023

https://f12.hu/2023/11/12/entra-workload-identites-passwordlifetime-policy-vs-entra-id-application-proxy-application-operation-failed/

Windows Web sign-in – my notes

I spent ‘some’ time exploring this web sign-in thing and thought to share the results of my research. History Web sign-in is available since Windows 10 1809 (link) as a private preview feature and it was restricted to TAP (temporary access pass) There was a time when Web sign-in was not limited to TAP, so […]

No Comments
by on October 31, 2023  •  Permalink
Posted in AzureAD, PowerShell
Posted by Daniel Kovacs on October 31, 2023

https://f12.hu/2023/10/31/windows-web-sign-in-my-notes/

Query Windows Hello for Business registrations and usage

So recently I was planning on requiring authentication stenghts in a Conditional Access policy – more precisely requiring Windows Hello for Business – when I realized that I’m not 100% sure that every user will meet this requirement. I wanted to make sure everybody has WHfB enrollment and that it is actively in use – […]

No Comments
by on October 15, 2023  •  Permalink
Posted in AzureAD, GraphAPI, PowerShell, Windows Hello for Business
Posted by Daniel Kovacs on October 15, 2023

https://f12.hu/2023/10/15/query-windows-hello-for-business-registrations-and-usage/

Conditional Access Gap Analyzer – without Log Analytics Integration

Recently, John Savill* uploaded a video on this very cool feature and I thought to give it a try when I realized I have no Log Analytics integration enabled, so no Workbooks for me 🙁[*big fan of John’s videos, pure gold] This is not fair to those who only use Microsoft 365 products or who […]

No Comments
by on September 3, 2023  •  Permalink
Posted in AzureAD, Conditional Access, KQL
Posted by Daniel Kovacs on September 3, 2023

https://f12.hu/2023/09/03/conditional-access-gap-analyzer-without-log-analytics-integration/

« Older Posts
Newer Posts »