Evaluating report-only Conditional Access impact is very straightforward when Entra ID logs are streamed to Log Analytics. Those who can’t have this feature enabled can still use the AADSignInEvents beta table in Defender to find some extra insights.
https://f12.hu/2024/01/17/hunting-for-report-only-microsoft-managed-conditional-access-impacts/
Disclaimer: the following configurations require Microsoft Entra Workload Identities Premium licence (link) Note: This post is not strictly related to fighting client secret usage for apps. However, it may provide a basis for considering the purchase of Microsoft Entra Workload Identities Premium licence for at least those apps that use client secret. In my previous […]
https://f12.hu/2023/08/12/fighting-azuread-app-registration-client-secrets-step3-using-conditional-access-for-workload-identities-custom-security-attributes/
When talking about Azure AD security, we tend to put less focus on service principals/app registrations*. But when we take into consideration that these principals can have assigned API permissions and “static” credentials (certificate or password) and that these credentials in the wrong hands can cause serious damage, we may change our attitude.* While “App […]
https://f12.hu/2023/05/06/azuread-app-registrations-the-application-permission-credentials-combination-security-nightmare/
This will be a short post about a recent finding: AzureAD Conditional Access policies created from template may miss from your backups if not using Graph API beta endpoint. TL;DR– When you create a Conditional Access policy using the “New policy from template (Preview)” button, the policy will not show when querying policies using the […]
https://f12.hu/2023/02/28/conditional-access-policies-do-you-backup-them-all/
When there are multiple administrators in an AzureAD tenant, it is inevitable that one may change settings in Conditional Access policies – without notifying everyone involved. To keep track of changes you could regualarly check the AzureAD audit logs, or have an automation for it. I may be a bit old-fashioned, but I prefer to […]
https://f12.hu/2022/05/31/monitor-azuread-conditional-access-policy-changes-with-powershell-scheduled-script/
Update: as the AzureAD PowerShell is being deprecated, I made an updated version which can be found here Backing up AAD Conditional Access policies is relatively straightforward with Get-AzureADMSConditionalAccessPolicy cmdlet (don’t forget to update your AzureAD module if the cmdlet is not recognized). In this post, I want to share my own backup “solution” which […]
https://f12.hu/2021/01/27/backup-azuread-conditional-access-policies-a-different-approach/
Recently, I found an excellent blogpost on how to back up AzureAD Conditional Access policies (link) using the new AzureAD PowerShell module and decided to create my own when I encountered a little bug… TL;DRInstead of using ToJson() method use ConvertTo-Json cmdlet on the objects returned by Get-AzureMSConditionalAccessPolicy. ExplainedI was trying to create my own […]
https://f12.hu/2020/11/23/bug-in-get-azuremsconditionalaccesspolicy-cmdlet/