New blog post: Blocking desktop apps with M365 E5
longbeach.cloud/2023/11/06/blo…
English
Markus Pitkäranta
16 posts
Markus Pitkäranta retweetledi
New chapter of #AzureAD Attack & Defense Playbook: Are you looking for a way to track and verify your identity security posture? @samilamppu, @PitkarantaM and I have worked on a solution which includes also comparison to recommendations and #MITRE mapping.
github.com/Cloud-Architek…
English
Markus Pitkäranta retweetledi
Since a few months, I'm working together with @samilamppu and @PitkarantaM on new content for #AzureAD Attack & Defense playbook 🔐☁️. Integration and visualization of #AzureAD configuration posture 💪 and security settings to #MicrosoftSentinel is our major goal. Stay tuned!
Thomas Naunheim@Thomas_Live
Monitoring of #AzureAD security settings are important and needs to be reviewed regularly. I've started to integrate the identity-related policies to my #AADOps PoC project via #MicrosoftGraph. #MicrosoftSentinel creates work items to track changes outside of regular deployment.
English
@DrAzureAD This is great! Will be very useful when analyzing 3rd party apps.
English
To celebrate my new #AADInternals blog, I also published an online OSINT tool at aadinternals.com/osint
It allows to get tenant information using:
* Tenant ID
* Domain name
* Email/UPN
The domain list includes links to ease the gathering of further information. Enjoy!
English
Markus Pitkäranta retweetledi
Blogged: '#CloudAppSecurity instance transfer to another datacenter'
From the blog, you can expect to find detailed information on how we (kudos to @PitkarantaM) planned the change, reasons, and recommendations from a rare but interesting MCAS case.
samilamppu.com/2021/06/03/mca…
English
Markus Pitkäranta retweetledi
Very often overlooked subject: Dangling redirect_uri's pointing to App Service URL in Azure AD App Registrations. Read the blog to inspect if your Azure AD might be susceptible for redirect_uri takeover? securecloud.blog/2021/05/28/usi…
English
@lampiluoto @samilamppu It’s not related to the use of user accounts. MDE tells MCAS which services (domain names, URLs, ...) are being used on a client, and MCAS reflects that to its catalog of SaaS apps.
English
@samilamppu So.. first you allow using your accounts to random services and then this feature helps you to figure those out? Why to allow it in the first place?
English
Finally it's here - 'Enhanced Shadow IT discovery in #CloudAppDiscovery with Microsoft Defender for Endpoint'.
If you use CloudDiscovery in MCAS this should provide more accurate app discovery details.
See more from 👇
docs.microsoft.com/en-us/cloud-ap…
English
Markus Pitkäranta retweetledi
My friend/colleague @NixuHQ @samilamppu is the go-to-guru for Microsoft Cloud App Security; So it makes sense he shares some of his experiences about integration and features on Microsoft techcommunity blog! techcommunity.microsoft.com/t5/microsoft-s…
English
Markus Pitkäranta retweetledi
Teamed up with @sharegatetools to write about some common oversights in Azure environments, which are often easy to fix: 1. understand how AAD relates to Azure 2. limit attack surface of network exposed services, and 3. use resource-locks when applicable
ShareGate@sharegatetools
As a security consultant and #AzureMVP, @SantasaloJoosua has helped a lot of companies secure their cloud infrastructure. Joosua walks us through a few #AzureSecurity mistakes most companies don’t realize they’re making 🛡️ #AzureTips #CloudSecurity sharegate.com/blog/3-azure-s…
English
@SantasaloJoosua Attack surface reduction in Windows 10 might be able to block that? Haven’t seen it widely in use though (at least not in block mode).
English
Outlook Custom Forms Injection: Late to the game with this one. didn't know there exists method of executing Office VBA code from received email. If you've encountered this, I'd like to know what kind of mitigation options one might have in place?
English
@samilamppu Nice article! Note, that you can also add your custom initiatives to that dashboard (I don’t see that mentioned in the article for whatever reason). So it doesn’t need to based on any of the pre-built policies.
English
If you work with #AzureSecurityCenter and would like to customize a set of standards in regulatory compliance dashboard, check this doc 👇
docs.microsoft.com/en-us/azure/se…
English
Markus Pitkäranta retweetledi
Increasing security of Client Credentials flow in Azure AD securecloud.blog/2020/02/27/sec… @azuread @nodejs
English
Markus Pitkäranta retweetledi
Two new sign-in linked detection types to Identity Protection: Suspicious inbox manipulation rules and Impossible travel. These offline detections are discovered by #CloudAppSecurity and influence the user and sign-in risk in #IdentityProtection
👉 #two-new-identity-protection-detections" target="_blank" rel="nofollow noopener">docs.microsoft.com/en-us/azure/ac…
English
Markus Pitkäranta retweetledi
Blogged: High-level overview of #M365 security monitoring. More technical stuff to follow :)
securecloud.blog/2020/02/25/mic…
#CloudSecurity #CloudMonitoring
Kudos to @santasalojoosua & @PitkarantaM
English
Markus Pitkäranta retweetledi
@HelSecurity Azure AD write-up: Phishing on Steroids with Azure AD Consent Extractor securecloud.blog/2019/12/17/hel…
English
Markus Pitkäranta retweetledi
RT @SantasaloJoosua sharing his experiences - this is worthwhile to read
Joosua Santasalo@SantasaloJoosua
Here is a post I've delayed for few months! Read here about common MFA bypass on WS-trust protocol I've discovered within multiple instances of Azure AD Federation implementations (Conditional Access Highly Recommended!) @azuread @Office365 #MFABypass securecloud.blog/2019/10/08/adv…
English