Housekeeping with Defender for Identity – finding unassinged AD subnets using the IdentityLogonEvents table
All posts in category PowerShell
Find clients authenticating from unassigned AD subnets – using Defeder for Identity
Posted by Daniel Kovacs on October 25, 2024
https://f12.hu/2024/10/25/find-clients-authenticating-from-unassigned-ad-subnets-using-defeder-for-identity/
Tracking Microsoft Secure Score changes
Microsoft Secure Score is a useful feature in the Defender portal, but I missed the alerting option.
Posted by Daniel Kovacs on May 6, 2024
https://f12.hu/2024/05/06/tracking-microsoft-secure-score-changes/
Reporting on Entra Application Proxy published applications – Graph PowerShell
I thought it will be a quick Google search to find a PowerShell script that will give a report on applications published via Entra application proxy, but I found only scripts (link1, link2, link3) using the AzureAD PowerShell module – so I decided to write a new version using Graph PowerShell. The script: Some story […]
Posted by Daniel Kovacs on April 4, 2024
https://f12.hu/2024/04/04/reporting-on-entra-application-proxy-published-applications-graph-powershell/
Entra Workload Identities – Trusted Certificate Authorities (public preview)
In the November 2023 – What’s New in Microsoft Entra Identity & Security w/ Microsoft Security CxE identity episode, a public preview feature of Entra Workload ID premium license was presented (link) which was actually announced on November 9th (link). I really love the idea of restricting application key credentials to a predefined list of […]
Posted by Daniel Kovacs on December 11, 2023
https://f12.hu/2023/12/11/entra-workload-identities-trusted-certificate-authorities-public-preview/
Windows Web sign-in – my notes
I spent ‘some’ time exploring this web sign-in thing and thought to share the results of my research. History Web sign-in is available since Windows 10 1809 (link) as a private preview feature and it was restricted to TAP (temporary access pass) There was a time when Web sign-in was not limited to TAP, so […]
Posted by Daniel Kovacs on October 31, 2023
https://f12.hu/2023/10/31/windows-web-sign-in-my-notes/
Query Windows Hello for Business registrations and usage
So recently I was planning on requiring authentication stenghts in a Conditional Access policy – more precisely requiring Windows Hello for Business – when I realized that I’m not 100% sure that every user will meet this requirement. I wanted to make sure everybody has WHfB enrollment and that it is actively in use – […]
Posted by Daniel Kovacs on October 15, 2023
https://f12.hu/2023/10/15/query-windows-hello-for-business-registrations-and-usage/
Fighting AzureAD App registration client secrets – step1: reviewing client secret usage
Workload identity (including service principals) security keeps bugging me, especially the password credentials (aka client secret). I’m sure there are scenarios where this is the only option, but I see environments where these are used just because it is easier to implement. And one day I woke up and realized how dangerous it can be […]
Posted by Daniel Kovacs on June 12, 2023
https://f12.hu/2023/06/12/fighting-azuread-app-registration-client-secrets-step1-reviewing-client-secret-usage/
AzureAD App registrations – the “application” permission + credentials combination security nightmare
When talking about Azure AD security, we tend to put less focus on service principals/app registrations*. But when we take into consideration that these principals can have assigned API permissions and “static” credentials (certificate or password) and that these credentials in the wrong hands can cause serious damage, we may change our attitude.* While “App […]
Posted by Daniel Kovacs on May 6, 2023
https://f12.hu/2023/05/06/azuread-app-registrations-the-application-permission-credentials-combination-security-nightmare/
“Don’t do that” series – migrate personal user profile to (Azure)AD user profile with Win32_UserProfile.ChangeOwner method
Scenario: the business is now convinced that computers should be managed centrally (either with Active Directory or Azure Active Directory) instead of having WORKGROUP computers.Problem: after joining to (Azure)AD, users will have a new profile created. Gone are their settings, wallpaper, pinned icons, etc. You need to note these settings, copy the files to the […]
Posted by Daniel Kovacs on March 30, 2023
https://f12.hu/2023/03/30/dont-do-that-series-migrate-personal-user-profile-to-azuread-user-profile-with-win32_userprofile-changeowner-method/
SharePoint Online external file sharing report using Graph API and PowerShell
The story in short: one of my customers asked me if it is possible to generate a report on all content in Office365 shared externally. Doing some searches I found the following solutions:– Run the sharing reports on each site and each OneDrive (link, link)– Run reports based on audit logs (link) While these reports […]
Posted by Daniel Kovacs on March 13, 2023
https://f12.hu/2023/03/13/sharepoint-online-file-sharing-report-using-graph-api-and-powershell/