Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V [MVP]

Tag

Azure AD Premium

So, I enabled Self Service Password reset. Who signed up?

If you have enabled Self Service Password reset, all users should be prompted to enroll on login. You could also proactively redirect users to https://passwordreset.microsoftonline.com/ or http://aka.ms/ssprsetup

Look at this blogpost for that user experience: Self Service Password Reset User Registration (Same as for MFA registration).

Here is how you get the report for users who signed up for Self Service Password Reset

azure-active-directory-listing-in-azure-management-portal

azure-active-directory-report-catalog-in-azure-management-portal
Azure AD Report Catalog
azure-active-directory-report-catalog-for-activity-logs-on-self-service-password-reset
Activity Logs in Azure AD
report-of-users-registered-in-azure-ad-for-self-service-password-reset
Latest activity for SSPR
download-azure-ad-sspr-reports
Download reports in CSV
excel-self-service-password-reset-activity
The Report in CSV opened in Excel

 

 

 

Azure MFA enrollment experience

If you want to enroll for Azure MFA the users need to go through these steps. When you enforce or enable MFA the user will be prompted for MFA enrollment. This is best done in a browser.

First the user need to access any of our endpoint e.g. http://portal.office.com

creds
Office 365 custom logo login

 

mfa prompt
Office 365 MFA enabled

 

input mfa method
Office 365 MFA input phone number

 

contact options
Office 365 mfa methods

 

 

sms
You will get a text message with a code to enter

 

wp_ss_20160902_0001
code on phone

 

Office 365 app password during enrollment
Use this app-password on your native iOS or Android device or old Outlook 2010 instead of your normal password.

 

 

Additional Office 365 MFA options
Press cancel if you feel done. or just navigate to the indended site. e.g. http://portal.office.com

 

Extended Office 365 MFA options
all your MFA options

 

Azure AD access panel for MFA
The user access panel

Here are all of the pictures in a Sway:
https://sway.com/2fNqmpbe5O17F5Ev

Did I travel, Azure Identity Protection say so

Got a medium warning in Azure IDP, it says my account have been out traveling.

what
Did I moved fast between two geographical location?

 

specificsrisk eventsuser

What can I do now?

  1. Just reset password (solve)
  2. Prompt for MFA regardless (mitigate)

tools to remidiate

This is how Azure figured it out:

http://manage.windowsazure.com keeps a track on logins for each user. London is not Oslo…

location

Help, Azure AD says my credentials Leaked!

So, waking up to leaked credentials can be frustrating. Probably since you do not know how exactly they got leaked. Fortunatly Azure AD have some sugestions on what to do.

Read more about leaked credentials here:

https://blogs.microsoft.com/cybertrust/2015/06/18/the-risk-of-leaked-credentials-and-how-microsofts-cloud-helps-protect-your-organization/

This is what it looks like in Azure Identity Protection and how you mitigate the impact:

control panel
A very high risk, click the risk to see what it is.

 

what happened
Here you see what it was all about, click on the event to se which user

 

who had it leaked
here you see the user. click on the user to get actions on what to do

 

what to do.
Here is what yo can do

 

solutions
Here is what I did to mitigate the event.

 

I simply requested the user for a password change. Keep in mind that the malware that did this might have stolen all other passwords as well. It might also be active on the target device, så MFA might be something you should consider.

Also have the user change passwords on all other services he uses!

And, have him wipe his device!

Blog at WordPress.com.

Up ↑

%d bloggers like this: