User Profile
gd-29
Brass Contributor
Joined Jun 06, 2019
User Widgets
Recent Discussions
Seamless SSO - IE - Enhanced Protected mode
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso trying to keep IE locked down but still allow seamless sso for my on-premise users. There are a few different GPOs for Enhanced Protection. What is not compatible. I'm currently testing if enhanced protection is disabled on the intranet zone only. but enabled in advanced settings and internet zone.2.2KViews0likes3CommentsRe: Is it possible to update SAML token signing certificate via PowerShell in Azure AD?
any new traction here? updating via powershell would be great. i'm actually more interested in reporting on the signing certificate and expiration dates so we can plan rotation with our 3 party vendors. also to audit and make sure the notification address is our distro group.6.7KViews2likes1CommentRe: MCAS with Outlook Web App Add-Ins
Boris_Kacevich no not in the MCAS apps. passing outlook on the web through MCAS - broke the ability to schedule zoom or webex meetings via the addins. i opened a ticket but it went to the product team to fix (should be fixed now). we removed MCAS from the flow because we were in the middle of an exchange migration and users were affected by the issue.2.7KViews0likes0CommentsRe: Conditional Access Reporting
JordyBlommaert thanks! this is a huge improvement. whats interesting is the querys from azure audit logs are way easier to see who made a change to the policy, but doesn't show what the change was (even though there is a new and old value field, its not accurate). the data we collect in splunk shows the policy as its changed (not the old values), but doesn't seem to have the account that changed it, it shows some random API accounts. i'm assuming these are log entries from a backend process that we are capturing once you make the change in the website. i'll post back if i get this in a better place.10KViews0likes0CommentsRe: Conditional Access Reporting
VasilMichev i set it that to 30 days and tried reviewing logs with and without the filter for service=conditional access with no results. we send our logs to splunk, and i do see some data but it looks like it comes from o365 management logs. but that also only fetches at some frequency, i'd prefer to alert from azure so its more realtime.10KViews0likes0CommentsRe: Valid Client Certificate Setup
thats a great find. and a cert location we rarely use. i need to re-test now. my second pain point with conditional access was getting it to work with native apps on mobile/IOS. you seemed to be at the mercy of the app developer to support certificates.1.9KViews0likes1CommentNo Admin Access for Office 365 Exchange Online via Cloud App Security
No Admin Access for Office 365 Exchange Online via Cloud App Security we are experiencing a bug in the conditional access setup for Office 365 Exchange Online App being 'monitor only' by Cloud App Security. it won't allow you to log in and hit the /ecp (admin) site. it always takes you to /owa (admin mailbox). this was working for months, has started to fail recently. if i remove the app from the conditional access policy it works fine. ticket # 18027527Re: Azure ATP Sensor tries to connect to public IPs
Gerson Levitz support provided this doc: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-nnr-policy but i still think this is a noisy behavior. Is it possible that the public DNS server is communicating to the domain controller for some reason? -- the public DNS server is replying for the forwarded public DNS lookup. being that the agent is sized based on packets/sec, i would assume any noisy traffic wouldn't help.8.8KViews0likes0Comments
Recent Blog Articles
No content to show