Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Open Search
Tag

Azure AD Premium

Protect and Encrypt SPSS files with Azure Information Protection

Download the Azure Information Protection Client (Rights Management Service) client here:
https://www.microsoft.com/en-us/download/details.aspx?id=53018 You can also get a distribution package in *.msi format.
Note that there is a separate viewer file which you can use in order to open protected files on a mac, pc or mobile phone.

  1. Install it (you will get a UAC promt).
  2. Find the SPSS file
  3. Right Click it and select “Classify and Protect”
  4. Login with your Azure AD account
  5. Select your label (you may add specific people and and expiration date)
  6. Click “Use”
  7. Now it is protected by your user personally and you may track the document.

To remove the protection, simply double click it and it will run and check your credentials. If approved SPSS will run 🙂

0

So, I enabled Self Service Password reset. Who signed up?

If you have enabled Self Service Password reset, all users should be prompted to enroll on login. You could also proactively redirect users to https://passwordreset.microsoftonline.com/ or http://aka.ms/ssprsetup

Look at this blogpost for that user experience: Self Service Password Reset User Registration (Same as for MFA registration).

Here is how you get the report for users who signed up for Self Service Password Reset

azure-active-directory-listing-in-azure-management-portal

azure-active-directory-report-catalog-in-azure-management-portal
Azure AD Report Catalog

azure-active-directory-report-catalog-for-activity-logs-on-self-service-password-reset
Activity Logs in Azure AD

report-of-users-registered-in-azure-ad-for-self-service-password-reset
Latest activity for SSPR

download-azure-ad-sspr-reports
Download reports in CSV

excel-self-service-password-reset-activity
The Report in CSV opened in Excel

 

 

 

0

Azure MFA enrollment experience

If you want to enroll for Azure MFA the users need to go through these steps. When you enforce or enable MFA the user will be prompted for MFA enrollment. This is best done in a browser.

First the user need to access any of our endpoint e.g. http://portal.office.com

creds
Office 365 custom logo login

 

mfa prompt
Office 365 MFA enabled

 

input mfa method
Office 365 MFA input phone number

 

contact options
Office 365 mfa methods

 

 

sms
You will get a text message with a code to enter

 

wp_ss_20160902_0001
code on phone

 

Office 365 app password during enrollment
Use this app-password on your native iOS or Android device or old Outlook 2010 instead of your normal password.

 

 

Additional Office 365 MFA options
Press cancel if you feel done. or just navigate to the indended site. e.g. http://portal.office.com

 

Extended Office 365 MFA options
all your MFA options

 

Azure AD access panel for MFA
The user access panel

Here are all of the pictures in a Sway:
https://sway.com/2fNqmpbe5O17F5Ev

0

Did I travel, Azure Identity Protection say so

Got a medium warning in Azure IDP, it says my account have been out traveling.

what
Did I moved fast between two geographical location?

 

specificsrisk eventsuser

What can I do now?

  1. Just reset password (solve)
  2. Prompt for MFA regardless (mitigate)

tools to remidiate

This is how Azure figured it out:

http://manage.windowsazure.com keeps a track on logins for each user. London is not Oslo…

location

0

Help, Azure AD says my credentials Leaked!

So, waking up to leaked credentials can be frustrating. Probably since you do not know how exactly they got leaked. Fortunatly Azure AD have some sugestions on what to do.

Read more about leaked credentials here:

https://blogs.microsoft.com/cybertrust/2015/06/18/the-risk-of-leaked-credentials-and-how-microsofts-cloud-helps-protect-your-organization/

This is what it looks like in Azure Identity Protection and how you mitigate the impact:

control panel
A very high risk, click the risk to see what it is.

 

what happened
Here you see what it was all about, click on the event to se which user

 

who had it leaked
here you see the user. click on the user to get actions on what to do

 

what to do.
Here is what yo can do

 

solutions
Here is what I did to mitigate the event.

 

I simply requested the user for a password change. Keep in mind that the malware that did this might have stolen all other passwords as well. It might also be active on the target device, så MFA might be something you should consider.

Also have the user change passwords on all other services he uses!

And, have him wipe his device!

2

Blog at WordPress.com.

Up ↑

%d bloggers like this: