User Profile
Chandrasekhar_Arya
Iron Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Re: Can we adjust security baseline in Automanage from Azure VM?
you cannot modify or remove policies that are applied as auto manage but you can create a custom policy to override them as an example if you are windows computer, you can use group policies to override the setting or you can build a custom policy to create an exemption like an example "audit account lockout polices Create an exemption or custom policy to override or find the built-in policy "Audit Windows VMs that do not meet password and account lockout requirements" Modify the definition to exclude your VM. Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.50Views0likes0CommentsRe: CA policy for corporate devices
I guess the issue here is that when accessing Office 365 via a browser, the Conditional Access (CA) policy might not always detect the device’s ownership and trust type reliably, especially for session-based authentication. If your goal is to allow browser access for corporate devices while blocking personal ones, use Session Controls: Sign-in frequency: Set a persistent browser session for managed devices. Use Conditional Access App Control (MCAS): This helps distinguish corporate vs. personal browser sessions. If browser-based Office 365 access is still blocked, consider excluding certain apps (like Exchange Online or SharePoint) from the strict device policy.43Views0likes0CommentsSync OpenLDAP users to Entra ID
My On prem is using RHEL based LDAP solution which acts as IdP now I am moving my on Prem to Entra ID which means I need to sync my users from On prem to Entra ID . This can be easily achieved if your on prem solution is using Active directory but for Open LDAP Microsoft article Generic LDAP Connector | Microsoft Learn is reference I followed all the steps but still not able to get the clear picture as nothing happens after I execute the steps successfully . I installed MIM sync service then I configured LDAP connector but still not sure how to sync Linux users as I am migrating to Azure it is expected that during the migration phase Application A and B are on On prem while application C and D are moved to azure. if I have a user John who has access to all the 4 application 2 still in onpprem and two in Azure how will i ensure that he has the same identity. I am not able to draw the high-level steps that are needed if it would have be Microsoft AD then Entra connect will help but not sure about open LDAP326Views0likes1CommentRe: Lighthouse - viewing CA configuration at-a-glance
Azure lighhouse doesnt support custom roles The best way to check Conditional Access (CA) policy status across multiple tenants in Microsoft Lighthouse is by using Azure Lighthouse with Microsoft Graph API or Azure PowerShell. Since you don’t have Security Admin roles on your personal accounts, your options may be somewhat limited you can try this command GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies or "powershell command Get-AzConditionalAccessPolicy "96Views1like1CommentRe: What is your SOP for old risky users?
This is a great process, but I am not sure how you are looking for old risky signing are you saving them in some storage? I guess Microsoft keep them for 90 days . I would suggest using access reviews and perform quarterly assessment which show access user activates if he has logged into the system or not if the user is a privilege user you can directly send email if they still need it or else remove the privilege access. Most importantly if you find user who is high privileged and not logged for more than 60-90 days better remove his privileges and make him a normal user and then force him to reset the password, if still doesn't do then better disable it105Views1like1CommentRe: Auth failures MFA
it seems although the overall authentication process was marked as successful, there might have been some irregularity or unexpected event that occurred during the process. The reason is classified as "Other" because it doesn't fit into any predefined categories.518Views0likes0CommentsRe: Migrate on-prem AD to azure AD having ADDS
securityxpert1122 My suggestion is not to use Microsoft managed AD DS rather build AD DS using traditional way in Azure which means build a Windows VM and install AD DS. Post that configures that as read-only and sync all users. then transfer the FSMO roles and demote/decomm the on-prem-AD. It is more of legacy way of migrating Domain controllers. Just FYI Azure AD cannot replace the On-prem AD as an example GPO are not supported by Azure AD or Microsoft Managed AD DS13KViews0likes0CommentsRe: ASR Policies in Not Applicable Status when using MS Defender Security Settings Management
If test servers show as "Not Applicable," it means that the security controls enforced by those policies are not relevant or do not apply to the specific configurations or workloads running on those servers.694Views0likes0CommentsRe: AAD DS creation
Binod123 Which subscription should I create AAD DS on ? Same as AAD or different? Prefer to create a Dedicated subscription for Identity and host all your AD DS Can we use the existing domain? Yes, that is better so that you don't create a domain sprawl create a read-only AD DS in the dedicated identity subscription. Can we expand AAD DS on multiple subscription and virtual networks? Yes you can but don't scale in Mutiple subscriptions keep them in one single subscription and create resource groups per region this will ensure that all the IAM users provided access on Identity subscription. Will the new AAD DS cater only for the subscription and vnet we specify ? Maybe not can u elabroate it555Views0likes0CommentsRe: how to implement screen recording function in AVD
Unfortunately there's no built-in feature of Azure Virtual Desktop that provides session recording. You will need to investigate and test third-party solutions for this. I do not have any that I recommend at this time so I suggest you search and evaluate to see if one meets your needs. Refer the below URL https://superuser.com/questions/77648/how-do-you-do-a-screen-capture-of-the-active-window-inside-a-virtual-pc2.3KViews0likes0CommentsRe: Concerns using Microsoft MFA
Slee6004 yes that's correct. As an example if you have to login to azure portal you can't control via your corporate VPN as it's a public URL and can be accessed anywhere in the world that's has internet.what is in your control is to define a CA and block once the user enters his username1.4KViews0likes2Comments
Recent Blog Articles
No content to show