User Profile
Nick_A
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Microsoft Changed the Way the Search-UnifiedAuditLog Cmdlet Works Without Telling Anyone
Whats insane to me is when I had to track down who was creating accounts and users in our tenant. The UnifiedAuditLogs still can't provide any detail on who created accounts when its being done by "Microsoft Substrate System". Worse I have not found any audit program/system that can pull these specific logs out. You actually have to go in AzureAD, find that app, and check the app's audit logs to figure out the culprit. Just another entry in my list of massive security failures with O365. It turned out in our case, the problem was with MS new "Bookings" feature, where by default it lets literally any user create an account in your tenant with any name they can think of.2.3KViews0likes1CommentRe: Issue opening GPO after LAPS update april 11. Issue password writeback azureAD
I just went through something similar trying to find these policy files. Go to one of your domain controllers and search for LAPS.ADM* under C:\Windows. It should find about 4 of these files, 2 of them being LAPS.admx and another 2 for LAPS.ADML. Copy only the LATEST version of each file: LAPS.admx -> \\domaincontroller\sysvol\domain\Policies\PolicyDefinitions LAPS.adml -> \\domaincontroller\sysvol\domain\Policies\PolicyDefinitions\EN-US That should solve the missing policies in the group policy editor until MS releases updated GP policy bundles.1.8KViews3likes3CommentsRe: Windows 11 clients cannot authenticate to NPS server using computer authentication
For our environment it was due to credential guard. This will break anything using PEAP w/MS-CHAPv2, including machine authentication. It's also extremely tricky to debug because this requires Windows Enterprise version and since we are using E3 licenses (included in there is the OS Enterprise license) this problem only surfaces eventually when the OS is upgraded to enterprise in the background (enabled by default with Enterprise, does not get enabled with only Pro). Fix: Group Policy->Administrative Templates->System->Device Guard->Turn On Virtualization Based Security (set to DISABLED).118KViews7likes6CommentsRe: Benefits to Azure AD registration for Windows 10 clients O365 sign-in - Would you recommend it?
Richard TinkerWay late response, but no, I would highly highly recommend staying away from Azure AD registration as much as possible. It's basically opening up an enormous security hole and its offensive that this cannot be disabled when you use MDM with Office365. Even worse they offer no way to clean up stale devices that have been registered except through obscure powershell backend commands. Here's my issue with this "feature": 1. It lets any unmanaged computer that registered in Azure AD unregulated access to Office365 for up to 90 days without requiring any form of authentication. All they need is a working user account. 2. Because you are registering with a company user account, the login to that unmanaged computer bypasses any password policies your AD domain might have. What we experienced is that Azure AD registered devices can fully access all our Office365 resources, even if the account they are using has an expired password due to the 90 day free-for-all access. To make matters worse, you are leaving the control up to the user -- admins cannot disable this ridiculous feature if they are using any form of Office365 MDM (Intune or the standard one). I even opened a support ticket to disable this garbage but got nowhere after being ping-ponged between the Azure and Intune team. So I would block registration if you have that option still available to you. Whoever thought this was a good idea should be required to sit through a weeks worth of security best practices. Even if a device is registered in Azure AD, we still have no control over it. Admins can disable or delete the device, but all this does is require them to reregister and they are good to go again.2.6KViews0likes0Comments
Recent Blog Articles
No content to show