CIAOPS Need to Know Microsoft 365 Webinar – October

laptop-eyes-technology-computer

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at a securing Microsoft 365 in light of recent breaches.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

October Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2210)

The details are:

CIAOPS Need to Know Webinar – October 2022
Friday 28nd of October 2022
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Need to Know podcast–Episode 287

More updates from the Microsoft Cloud prior to Ignite in 2 weeks. Lost around security and the new Windows 11 22H2 update that is rolling out.

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-287-updates/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2022.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

YouTube version of podcast

Microsoft Ignite

Forensic artifacts in Office 365 and where to find them

Defend your users from MFA fatigue attacks

Tamper protection will be turned on for all enterprise customers

Malicious OAuth applications used to compromise email servers and spread spam

What’s new in Microsoft Endpoint Manager – 2209 (September) edition

Work safer and smarter with the Windows 11 2022 Update

New Windows 11 security features are designed for hybrid work

Available today: The Windows 11 2022 Update

Phishing Protection in Microsoft Defender SmartScreen

What is smart app control?

Why am I blocked?

Adoption score

Avoid MFA fatigue attacks in Microsoft 365

A MFA fatigue attack is where an attacker will constantly attempt to login as the user causing an MFA request to appear on the users device. If this request is simply to deny or approve, and with enough requests, the user eventually approves to make theses requests go away. Such an attack recently provided very successful at Uber. You can read more about that incident here:

https://www.uber.com/newsroom/security-update

With MFA in Microsoft 365 and the Microsoft Authenticator app you can avoid this by enabling number matching for push notifications. Here’s how to do it:

image

Navigate to the Azure portal as an administrator and then to Azure Active Directory. Here, select Security from the menu on the left as shown above.

image

Here, select Authentication methods as shown above on the left.

image

Now select Microsoft Authenticator on the right.

image

Select Configure at the top of the page and ensure all the options listed are Enabled for all users. You may want to exclude any break-glass accounts though.

image

Back on the Basic tab, as shown above, ensure you have Enable set to Yes and you target all the desired users with Passwordless.

IMG_1151

Now, when users are prompted for MFA they will see the above on their devices and need to type the number that is on the screen into their device to approve the login. They will also see the geographic location the request came from and application requesting as shown above.

If you want to check yoru environment for MFA fatigue attacks you can use this KQL query in Sentinel:

https://github.com/reprise99/Sentinel-Queries/blob/main/Azure%20Active%20Directory/Identity-PotentialMFASpam.kql

Online security is something that requires constant adjustment as the bad actors adapt to the protection methods put in place. Number matching in Microsoft 365 is quick and easy to set up using the Microsoft Authenticator and the recommended approach you should take to avoid MFA fatigue attacks.

Microsoft Defender Threat Intelligence portal

image

Microsoft has a new security portal at:

https://ti.defender.microsoft.com

which comes from their recent RiskIQ acquisition. In essence it is a place that you can search for security intelligence and information around all sorts of indicators.

image

If I for example search for an IP address that showed up in my Microsoft Sentinel as a known bad IP I see the above results.

image
If you look closely, you’ll see the ‘good’ stuff requires a subscription. How much is a subscription I hear you ask? Well, make sure you are sitting down before you proceed because it is:

image

Yup, that is US$4,1667.70 per month! Wow!

image

That said, the free or ‘community’ version does provide a lot of valuable information and I would recommend that you add the site to your list of tools when threat hunting. Personally, I would have liked to have seen a pay as you go (PAYG) option provisioned out of Azure like things such as Sentinel is. Hopefully, the price will come down or at least there may eventually be a tier that smaller business can live with. But for now, have a look and use the features provided for free as there are many. You can learn more from the documentation here:

What is Microsoft Defender Threat Intelligence (Defender TI)?

Need to Know podcast–Episode 286

Another round of updates from the Microsoft Cloud. Also trying a video version of the podcast on YouTube (link below). Also trying an ‘editorial’ section which this month is on Secure Score. Let me know what you think.

Take a listen and let us know what you think – director@ciaops.com

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-286-updates/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2022.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

YouTube version on podcast

Join my shared channel

CIAOPS Monthly webinar

Microsoft Ignite

iOS Lockdown mode

Visual Studio Code on the web

Gone phishing tournament

Storyline is in public preview

Microsoft SMB study

Techwerks 17

bw-car-vehicle

I am happy to announce that Techwerks 17 will be held in Melbourne CBD on Thursday September 29th 2022

The course is limited to 20 people and you can sign up and reserve your place now! You reserve a place by completing this form:

http://bit.ly/ciaopsroi

or by sending me an email (director@ciaops.com) expressing your interest.

The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into the Microsoft Cloud including Microsoft 365, Azure, Intune, Defender for Endpoint, security such as Azure Sentinel and PowerShell configuration and scripts, with a focus on enabling the technology in SMB businesses.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend in Melbourne is:

Gold Enterprise Patron = Free

Gold Patron = $33 inc GST

Silver Patron = $99 inc GST

Bronze Patron = $176 inc GST

Non Patron = $399 inc GST

I hope to see you there.