Azure Active Directory Identity Protection - QRadar Integration
Hi all We would like to integrate our Azure Active Directory Identity Protection system with QRadar on Cloud, in order to forward alerts directly to the SIEM dashboard. In the discussion opened in 2020, they say that we can do that with Graph API: https://www.ibm.com/docs/en/qradar-on-cloud?topic=options-microsoft-graph-security-api-protocol-configuration Is that possible even at the current versions of both AADI and QRadar?Apply Sensitivity Labels using Graph APIs
While using Beta Graph API for Sensitivity Label - (https://graph.microsoft.com/beta/drives/myDriveID/items/myItemID/microsoft.graph.assignSensitivityLabel), I get the below error. I am using Delegated App Permission. { "error": { "code": "notSupported", "message": "AssignSensitivityLabel API is not yet available", "innerError": { "date": "2022-09-29T16:30:30", "request-id": "edd756cc-12f2-4781-ba07-004d601f42a0", "client-request-id": "edd756cc-12f2-4781-ba07-004d601f42a0" } https://graph.microsoft.com/beta/drives/DriveID/items/ItemID/microsoft.graph.extractSensitivityLabel - This works very well using the same token and other permission levels. Please help. VasilMichevEnable Password Expiration - Update-MgUser -PasswordPolicies None does not work
Hello, good morning everyone! I hope all is well with everyone. Well, I need to activate the option to force passwords to expire every period. I used the Admin Center for this. However, I noticed that the accounts always remain this way UserPrincipalName // PasswordNeverExpires email address removed for privacy reasons // False I get the impression that the accounts will not expire the passwords as I wish. I use the command Update-MgUser –UserId <account id> -PasswordPolicies None but absolutely nothing happens. I really need to activate this. Is there an internal case that I can resolve or that requires intervention from MS Support?
Multi-tenant SaaS application integration with tenants in microsoftonline.com and microsoftonline.de
Hello forums! Looking for some help/advice for the following situation: I have an existing web app that we will be adding Azure AD sign in for. The application is multi-tenanted and users currently sign on using our username and password system. The tenants we have may be using an Azure global account or an Azure Germany account. Since Microsoft Azure services for Azure AD are not dependent on a specific region I didn't think this would be an issue (see security + identity section https://azure.microsoft.com/en-us/regions/services/). To begin with I have been looking over the documentation and following the Azure samples for multi-tenanted web apps https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect. The sample app is the base of my initial trial to see how all of this works and how it can then be put into our own system. So, my sample Azure app is registered on the global version of Azure. The sign up process is successful for a test tenant on the global site. The problem comes from the Germany test tenant. When the app directs the user to the Germany login endpoint they are prompted for consent as expected. The application sitting in the global Azure is then also copied into the Germany tenant's Enterprise Application area (you can see it click on it to see the information and publisher - which actually says "Foreign Cloud Applications"). So that seems to have worked out ok also. But, the original Azure sample makes use of the Graphs API to retrieve the tenant ID for onboarding. Because this has a different endpoint in Azure Germany and Azure Global I assume it uses region specific feature. Attempts to use AcquireTokenByAuthorizationCode as the sample does give the following error: AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided. The code from the sample app: // ---If the response is indeed from a request we generated // ------get a token for the Graph, that will provide us with information abut the caller ClientCredential credential = new ClientCredential( context.IdaClientID, context.Password ); AuthenticationContext authContext = new AuthenticationContext( context.IdaAzureActiveDirectoryInstance ); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri( Request.Url.GetLeftPart( UriPartial.Path ) ), credential ); In the mean time I have been getting around this by replacing that part of the sample with an authentication challenge request on the owin context. HttpContext.GetOwinContext( ).Authentication.Challenge( new AuthenticationProperties { RedirectUri = "/OnBoarding/Step2?state=" + myTenant.IssValue }, "AzureAD" ); This passes and gives me access to a ClaimsPrinciple from which the tenant ID can be found and link the Azure tenant to the local DB tenant. But since all the samples I have seen get the token for the Graph API I wasn't entirely sure that the work around was ok... If the application has no intention of using the Graph API does it matter? Or does the whole situation really require an app registration in the Global site for tenants residing on global and one in the Germany site for those tenants?
Programatically retrieve Secure Score Activities
Hi there, I am wondering if it is possible to retrieve a list of activities taken to increase/decrease a tenant's Secure Score. I can see that it is possible to export to CSV from the frontend, but we are looking to do this programatically. Is there a way to export these events to another Azure service, or retrieve them from the Graph API/another service?Secure Score via Graph API
Hi I'm seeing odd behaviour, or I'm just not understanding something, If I look in the secure score dashboard (https://security.microsoft.com/) my identity score is 29.91, but if i call the graph api (https://graph.microsoft.com/v1.0/security/secureScores?$top=200) , the latest score is 33.4. I have done some searching and see people mention this a few years ago but not to much recently, MS suggested i look at the "https://management.azure.com/" api but i cant see to get much from that api for secure scores. Has anyone see this before or have any pointers? Thanks
New Blog Post | Microsoft Quarterly Cyber Signals Report: Issue 5, State of Play
At Microsoft, we believe that security is a team sport and by sharing what we’re learning, we can all make the world a safer place. Cyber Signals aggregates insights we see from our research and security teams on the frontlines, leveraging trillions of daily signals to provide guidance and security insights into the threat landscape. Opportunistic threat actors exploit target-rich environments This edition of Cyber Signals explores how threat actors exploit high-profile events, particularly in connected environments, introducing cyber risk for organizers, facilities, and attendees. The National Cyber Security Centre (NCSC) found that sports organizations are increasingly targeted, with 70% of those experiencing at least one attack per year, higher than the United Kingdom’s business average. Read the full blog here: Microsoft Quarterly Cyber Signals Report: Issue 5, State of Play - Microsoft Community Hub
New Blog Post | Group-IB Threat Intelligence and Attribution Connector - Azure Sentinel
Group-IB Threat Intelligence and Attribution Connector - Azure Sentinel - Microsoft Tech Community Group-IB Threat Intelligence & Attribution (TI&A) is a system for analyzing and attributing cyberattacks, threat hunting, and protecting network infrastructure based on data relating to adversary tactics, tools and activity. TI&A combines unique data sources and experience in investigating high-tech crimes and responding to complex multi-stage attacks worldwide. The system stores data on threat actors, domains, IPs, and infrastructures collected over the last 15 years, including those that criminals attempted to wipe out. The functionality of the system helps customize it to the threat landscape not only relevant to a particular industry, but also to a specific company in a certain country.
