Global Administrator MFA recovery not possible
Since Microsoft automatically enforced MFA on administrator role in Azure you can end up in the situation where it is no longer possible to recover your tenant. If your only account on that tenant is with Global Administrator role and you accidentally loose your MFA, the only way is to call Microsoft support. Support on the phone is automated where any question regarding Azure is redirected to visit Azure portal. If your only user cannot login then Azure portal is not accessible.Anomalies with Conditional Access Policy "Terms of Use" Failures
Hello Microsoft Community, I'm reaching out with a bit of a puzzle regarding our "Terms of Use" Conditional Access policy, and I'm eager to tap into the collective wisdom here for some insights. In our Entra ID User Sign-In logs, we've identified intermittent "failure" entries associated with the "Terms of Use" Conditional Access policy. Interestingly, even for users who had previously accepted the "Terms of Use". There appears to be no discernible impact, and they continue their tasks without interruption. This observation became apparent during the troubleshooting of unrelated Surface Hub and Edge Sync issues at some client sites. What adds to the complexity of the situation is that for the same users, both before and after these "failure" entries, the Conditional Access policy is marked as "success". Hence, it doesn't seem to be a straightforward case of the policy erroneously detecting non-acceptance of the "Terms of Use". The mystery lies in understanding why these intermittent "failure" entries occur for users who have already accepted the terms, especially when the policy consistently reports "success" for the same users. Furthermore, the Insights for the "Terms of Use" Conditional Access policy show around 1.48k successes and 1.43k failures in the last 90 days, yet there's no discernible impact on user functionality. Observations: "Failure" entries in Sign-In logs don't seem to disrupt users' day-to-day activities. The ratio of successes to failures is balanced, yet users experience no noticeable problems. The issue complicates troubleshooting efforts but doesn't significantly affect the user experience. I'm turning to the community for guidance on interpreting and resolving this discrepancy between "failure" entries in the Conditional Access policy logs and the seemingly unaffected user experience. Any insights into why these failures occur without user impact would be greatly appreciated. For additional context, I've attached screenshots of a user's Sign-In log entry and the insight chart from the Conditional Access policy. Sign-In log of a user (failure): Sign-In log of same user (success): Current Conditional Access insights: Thank you in advance for your time and assistance. I look forward to any guidance or solutions you can provide. Best regards, Leon Tรผpker
Cloud Kerberos - Failed to read secrets from the domain
Hi all, Apologies if this is the wrong place to post this! I am looking at understanding Cloud Kerberos and the uses behind it, primarily for WHfB for now. Following the guide on the Microsoft page, I get an error when running on the DC Passwordless security key sign-in to on-premises resources - Microsoft Entra ID | Microsoft Learn Set-AzureADKerberosServer : Failed to read secrets from the domain DOMAIN.LOCAL. The lab environment has 2 DCs at different sites but replicate between each other without issue. The process creates an entry in AD but when I run the command below (GA details is an address, just changed for the forum post) Get-AzureADKerberosServer -Domain $domain -UserPrincipalName "GA details" -DomainCredential $domainCred I get the output below... Id : 16451 UserAccount : CN=krbtgt_AzureAD,CN=Users,DC=DOMAIN,DC=LOCAL ComputerAccount : CN=AzureADKerberos,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL DisplayName : krbtgt_16451 DomainDnsName : DOMAIN.LOCAL KeyVersion : 1598799 KeyUpdatedOn : 27/07/2024 06:41:15 KeyUpdatedFrom : PDC.DOMAIN.LOCAL CloudDisplayName : CloudDomainDnsName : CloudId : CloudKeyVersion : CloudKeyUpdatedOn : CloudTrustDisplay : Can you advise why the secrets aren't being found and the cloud information not populated? This is a lab enviroment so if needed, we can get a bit rough with it. Any help would be welcomed. Kind regards Tom
New Blog | Monitoring traffic flows in Azure Firewall using Virtual Network Flow Logs
By Gustavo Modena Azure Firewall is a managed service designed to protect your Azure Virtual Network resources, providing advanced threat protection and advanced logs and metrics that are essential tools for monitoring and managing your network security. By leveraging both logs and metrics, you can ensure the overall health and efficiency of your firewall, maintain an audit trail of configuration changes, and comply with security and auditing requirements. In this blog post we will show you a different approach to enhance the monitoring experience of Azure Firewall by using Virtual Network Flow Logs and Traffic Analytics. This combination provides a comprehensive view of traffic flows within your network, offering deeper insights for analysis and investigation, helping to identify traffic deviation that may indicate a security issue and identify applications that are consuming Azure Firewall the most. What are Virtual Network Flow Logs and Traffic Analytics? Both Virtual Network Flow logs and Traffic Analytics are features of Azure Network Watcher that collects information about network traffic and enriches raw flow logs to provide insights into network traffic patterns, including source and destination IP addresses ports protocols and the volume of traffic. To learn more about both features, check out the product documentation. Read the full post here: Monitoring traffic flows in Azure Firewall using Virtual Network Flow Logs
Whenever login into the office applications different OTP needs to be applied Outlook and teams
When signing into Office applications, a different OTP is required for both Outlook and Teams. To address this issue, there is any resolution this issue supports or a supporting document as proof to confirm that this is a standard procedure.Survey: SIEM & XDR Scenarios We Should Add to Microsoft Applied Skills
Note: This survey is anonymous. Take the survey here: https://forms.office.com/r/zicgJDaAFU About In November 2023, Microsoft launched the Applied Skills program (https://learn.microsoft.com/credentials/support/appliedskills-process-overview), giving users access to virtual Microsoft Azure environments where you can learn from a library of scenarios, and practice through learning exercises. Learning exercises are graded for the purpose of rewarding the user with a credential to show their accomplishment. We in the SIEM & XDR Team at Microsoft, want to create a library of Microsoft Sentinel and Microsoft XDR scenarios. With that, we would like to ensure that we are providing learning content that is best suited for our users. To help us, please complete this survey with what you feel is most valuable for you or your colleagues. We look forward to your input. The Microsoft SIEM & XDR Team Microsoft respects your privacy. Review our online Privacy Statement here: https://privacy.microsoft.com/en-us/privacystatementNew Blog | Trusted Signing is in Public Preview
By Rakia Segev Trusted Signing has launched into Public Preview! The Trusted Signing service (formerly Azure Code Signing) is a Microsoft fully managed end-to-end signing solution for developers. What is the Trusted Signing service? Trusted Signing is a complete code signing service with an intuitive experience for developers and IT professionals, backed by a Microsoft managed certification authority. The service supports both public and private trust signing scenarios and includes a timestamping service. With Trusted Signing, users enjoy a productive, performant, and delightful experience on Windows with modern security protection features enabled such as Smart App Control and SmartScreen. The service offers several key features that make signing easy: We manage the full certificate lifecycle โ generation, renewal, issuance โ and key storage that is FIPS 140-2 Level 3 HSMs. The certificates are short lived certificates, which helps reduce the impact on your customers in abuse or misuse scenarios. We have integrated into popular developer toolsets such as SignTool.exe and GitHub and Visual Studio experiences for CI/CD pipelines enabling signing to easily integrate into application build workflows. For Private Trust, there is also PowerShell cmdlets for IT Pros to sign WDAC policy and future integrations with IT endpoint management solutions. Signing is digest signing, meaning it is fast and confidential โ your files never leave your endpoint. We have support for different certificate profile types including Public Trust, Private Trust, and Test with more coming soon! Trusted Signing enables easy resource management and access control for all signing resources with Azure role-based access control as an Azure native resource. To learn more about the service go to: https://learn.microsoft.com/azure/trusted-signing. Figure 1: Creating a Trusted Signing Account Read the full post here: Trusted Signing is in Public PreviewWhat are some big Microsoft Azure Security issues we should be aware of now?
Securing cloud environments presents unique challenges. As organizations continue embracing Azure, it's critical to be aware of key security pitfalls. Mastering Azure security best practices is essential for protecting your critical assets in the cloud. Getting the basics right is the foundation - avoid common misconfigurations by using tools like Azure Security Center to lock things down. Implementing multi-factor authentication across the board keeps the bad actors out. The shared responsibility model means you own your data security. Encrypt everything and keep OS and agent versions patched. Reduce your attack surface by locking down management ports and scoping permissions tightly using tools like Privileged Identity Management. Segment your network properly with private endpoints, service endpoints and network security groups. This limits lateral movement opportunities. Of course, remaining vigilant is key. Continuously monitor activity logs, perform penetration testing and use Azure Security Center to get recommended improvements. Cloud security is always evolving. Stay ahead of new Azure features and guidance to keep your environment secure. Mastering these tips will help tame the unique security challenges of the cloud.
