Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V


Azure AD Premium

Protect and Encrypt SPSS files with Azure Information Protection

Download the Azure Information Protection Client (Rights Management Service) client here: You can also get a distribution package in *.msi format.
Note that there is a separate viewer file which you can use in order to open protected files on a mac, pc or mobile phone.

  1. Install it (you will get a UAC promt).
  2. Find the SPSS file
  3. Right Click it and select “Classify and Protect”
  4. Login with your Azure AD account
  5. Select your label (you may add specific people and and expiration date)
  6. Click “Use”
  7. Now it is protected by your user personally and you may track the document.

To remove the protection, simply double click it and it will run and check your credentials. If approved SPSS will run 🙂

So, I enabled Self Service Password reset. Who signed up?

If you have enabled Self Service Password reset, all users should be prompted to enroll on login. You could also proactively redirect users to or

Look at this blogpost for that user experience: Self Service Password Reset User Registration (Same as for MFA registration).

Here is how you get the report for users who signed up for Self Service Password Reset


Azure AD Report Catalog

Activity Logs in Azure AD

Latest activity for SSPR

Download reports in CSV

The Report in CSV opened in Excel




Azure MFA enrollment experience

If you want to enroll for Azure MFA the users need to go through these steps. When you enforce or enable MFA the user will be prompted for MFA enrollment. This is best done in a browser.

First the user need to access any of our endpoint e.g.

Office 365 custom logo login


mfa prompt
Office 365 MFA enabled


input mfa method
Office 365 MFA input phone number


contact options
Office 365 mfa methods



You will get a text message with a code to enter


code on phone


Office 365 app password during enrollment
Use this app-password on your native iOS or Android device or old Outlook 2010 instead of your normal password.



Additional Office 365 MFA options
Press cancel if you feel done. or just navigate to the indended site. e.g.


Extended Office 365 MFA options
all your MFA options


Azure AD access panel for MFA
The user access panel

Here are all of the pictures in a Sway:

Did I travel, Azure Identity Protection say so

Got a medium warning in Azure IDP, it says my account have been out traveling.

Did I moved fast between two geographical location?


specificsrisk eventsuser

What can I do now?

  1. Just reset password (solve)
  2. Prompt for MFA regardless (mitigate)

tools to remidiate

This is how Azure figured it out: keeps a track on logins for each user. London is not Oslo…


Help, Azure AD says my credentials Leaked!

So, waking up to leaked credentials can be frustrating. Probably since you do not know how exactly they got leaked. Fortunatly Azure AD have some sugestions on what to do.

Read more about leaked credentials here:

This is what it looks like in Azure Identity Protection and how you mitigate the impact:

control panel
A very high risk, click the risk to see what it is.


what happened
Here you see what it was all about, click on the event to se which user


who had it leaked
here you see the user. click on the user to get actions on what to do


what to do.
Here is what yo can do


Here is what I did to mitigate the event.


I simply requested the user for a password change. Keep in mind that the malware that did this might have stolen all other passwords as well. It might also be active on the target device, så MFA might be something you should consider.

Also have the user change passwords on all other services he uses!

And, have him wipe his device!

Blog at

Up ↑

%d bloggers like this: