Blogs by Ashwin

  To read part 1, please click  here To read part 2, please click  here Windows Hello for Business In Windows 10, this technique can replace passwords with strong two-factor authentication on PCs and mobile devices allowing users authenticate to an AD or Azure AD account. It can easily address following problems with passwords: Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. Server breaches can expose symmetric network credentials (passwords). Passwords are subject to replay attacks. Users can inadvertently expose their passwords due to phishing attacks.   Windows Hello can be considered as the most personal way for your users to sign-in to their Windows 10 devices with just a look or a touch i.e. users can easily acquire enterprise-grade security without any necessity of typing a password.  Using Windows Hello If you want to use Windows Hello, you have to login with the help of an already setup PIN and afte...

  To read part 1, please click  here To read part 3, please click  here Self-service Password Reset As the name suggests, Self-service Password Reset (SSPR) helps users to reset their own password without any intervention from an administrator and the Microsoft 365 Enterprise Administrator have to enable it for all users or for a specific group. The following verification methods are available to reset a password: Send email to an alternate email address Call office phone Call mobile phone Text mobile phone Answer security question SSPR is only available for Microsoft 365 users having cloud identities where a password is not linked to the on-premises AD DS as a password from Microsoft 365 can't be synchronized back to an on-premises AD DS without additional services. Password Alternatives What's passwordless authentication? Passwordless authentication methods remove vulnerable passwords from the equation entirely so that the users can be authenticated by combining somethi...

  To read part 2, please click  here To read part 3, please click  here Password Policies & Authentication However, Microsoft 365 provides secure access by asking users to sign in with a password, you have to perform various tasks to manage them for your organization's users which may include changing passwords, setting password expiration, resetting passwords, etc. Setting Password Expiration This policy can be changed with the help of following steps: Select the Security & Privacy tab on the Settings menu in the Microsoft 365 admin center. Now select the Password Expiration Policy in the tab. Select "Set user passwords to expire after a number of days" and specify the number of days between 14 and 730 for password expiration. The number of days should be between 1 and 30 for the notification warning of password expiration. Finally, save your settings. If a user is not able change his or her password before the expiration time has elapsed, they can either change ...

  To read part 1, please click  here To read part 2, please click  here Administrator Roles An administrator's main role is to assign specific administrative functions to users and provide permissions to the people in your organization to perform specific tasks in the Microsoft 365 admin center. Roles like Compliance Administrator and Company Administrator can be managed with the help of either Office 365 Security & Compliance admin center or Windows PowerShell.  Although all the admin roles aren't mutually exclusive, but they can be combined by assigning one or more admin role to a user like the Exchange admin, SharePoint admin, and User Management administrator roles. Assign Admin Roles within Microsoft 365 To achieve this task, you have to login with the help of a Global admin account and perform following steps: Select Users and then Active Users in the Admin center. Now choose the user whose role you want to change on the Active users page after which the pr...

  To read part 1, please click  here To read part 3, please click  here Manage User Accounts & Licenses It means managing several account settings like assigning administrator roles, setting uses' sign-in status, specifying user location settings, and assigning licenses with the help of whatever method you use to provision user accounts. You have to perform following steps to edit a user account: Click Users and then Active Users on the Microsoft 365 admin center Home page. Select the user account you want to edit to open the User properties page. Now you can modify the user name and add or modify the email addresses in the User name/Email Aliases section. You can also modify the assigned license while setting up the user location as it is required by the Microsoft so that it can offer only permitted services to that user. You can modify group membership for the user in the Group membership section.  After specifying the sign-in status of the particular users in ...

  To read part 2, please click  here To read part 3, please click  here User Identities Microsoft 365 is widely known for using cloud-based user identity and authentication service Azure Active Directory (Azure AD) to manage users, allowing you to select from any two of its main authentication models in Microsoft 365 (cloud authentication and federation authentication) to set up as well as manage user accounts. The various categories of authentication in Microsoft 365 are: Cloud-only- As the name suggests, here, the user identity exists in the cloud only due to which all the password management and policy control have to be through done through Azure AD. Directory Synchronization with Pass-through Authentication (PTA)- This one offers a simple password validation for Azure AD authentication services. PTA generally uses a software agent running on one or more on-premises servers to validate the users directly with your on-premises AD while also enabling users to sign in to...

  To read part 1, please click  here To read part 2, please click  here Azure AD Connect The Azure Active Directory Connect or Azure AD Connect tool, which was once known as Windows Azure Active Directory Synchronization or DirSync, is an officially recommended directory synchronization tool for Microsoft 365. It is built up of three parts viz. the synchronization services, the optional Active Directory Federation Services piece, and the monitoring piece done with the help of Azure AD Connect health. It can easily operate as a software-based tool that after configuring once can run automatically in the background without any user interaction.  Using Azure AD Connect for Directory Synchronization If you are using Azure AD Connect for Directory Synchronization: Although new user group, and contact devices in an on-premises Active Directory are added to Microsoft 365, but the licenses are not assigned to these objects automatically. The modified on-premises AD attribute...

  To read part 1, please click  here   To read part 3, please click  here Directory Synchronization It is known as the synchronization of directory identities or objects (users, groups, contacts, and computers) between two different directories, like your on-premises AD environment and Azure AD which can easily support online services like Microsoft 365. Although in Microsoft 365 directory synchronization is generally used to synchronize in one direction (i.e. from on-premises to Azure AD), but some features in Azure AD Connect permits it to write-back specific objects and attributes to the on-premises directory creating a sort of two-way synchronization.  If you integrate your on-premises directories with Azure AD, it will allow your users to enhance productivity by reducing the amount of time spent in typing passwords for accessing both cloud and on-premises resources. The users and organizations can take following advantages from this integration: Hybrid iden...

  To read part 2, please click  here To read part 3, please click  here Microsoft 365 Identity Models If you want to plan for user account, you have to understand the two identity models through which you can either maintain your organization's identities only in cloud or you can maintain your on-premises Active Director Domain Services (AD DS) identities to use them for authentication whenever a user access Microsoft 365 cloud services. Cloud-only Identity It uses users accounts that exist in Azure AD only and is generally used by small organizations not having an on-premises servers or don't use AD DS to manage local identities. You can easily manage a cloud identity with the help of tools like the Microsoft 365 admin center and Windows PowerShell.  Hybrid Identity It is known for using accounts that originates in an on-premises AD DS and have a copy in the Azure AD tenant of a Microsoft 365 subscription. Azure AD connect offers synchronization to an ongoing accoun...

  Zero Trust Concept As the name suggests zero trust always assumes breach and verifies every request as though it originates from an open network, instead of assuming that everything behind the corporate firewall is completely safe. Zero trust always teaches us to "never trust, always verify". while every access request is fully authenticated, authorized, and encrypted before granting access, the rich intelligence and analytics are used to detect as well as respond to the anomalies on real time. Zero Trust Principles Verify explicitly- You must always authenticate as well as authorize according to the available data points, along with the user identity, location, device health, service or workload, data classification, and anomalies. Use least privileged access- User access must be limited with the help of Just-in-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection to protect both the data as well as productivity. Assume breach- The blast...

  Evolution of Identity Technology Nowadays, mobile devices, cloud computing, Internet of Things (IOT), and identity and access management are capable enough to secure on-premises as well as cloud identities while also managing the access to sensitive information inside and outside the corporate network. Microsoft 365 take comprehensive approach: Azure Active Directory (Azure AD) is used for unified identity management to secure and manage single sign-on at scale. Passwordless authentication like integrated phone authentication (Microsoft Authenticator) and biometrics (Windows Hello) are introduced for user convenience and productivity. Hardware credential isolation like Trusted Platform Module (TPM) and security keys can be done for simple as well as secured authentication on shared devices. Identity Challenges As cyberscurity attacks have become more and more sophisticated, password alone can no longer cope up against unauthorized access. The risks to your data are crystal clear:...

  Dividing SOC Duties There are multiple roles required to built a well-developed SOC in order to divide responsibilities so that everyone can easily focus on their specific tasks. The high level of operation of an SOC needs experts (SOC engineers) having information about installation as well as maintain the technology solutions required to run the SOC, and the other experts (SOC analysts) to use the solutions to hunt for threats while responding to the security incidents (SOC analysts).    SOC Engineers They are the initiator of the Microsoft Sentinel's initial design as well as configuration along with the connection of data sources, configuring any Threat Intelligence (TI) feeds, and securing access to the platform including the data present within them. After making the service functional, SOC engineers have to look after the ongoing improvements, creating analytic rules for threat detection, and fine-tuning to make sure that the service remains operationally cost-ef...

  To read part 1, please click  here Adding Dynamic Content Now, to enter the values into the fields, we will add the dynamic content provided by the previous actions in the first stage. You can use the following table to fill the fields: Field Value Short description           Text: Sentinel Incident #            Dynamic content: Number from the incident            Text: -            Dynamic content: Title from the incident Description Description from the incident Secure notes Entities from the alert After filling those fields, the addition of the dynamic content will be completed. Adding Static Content Now you can fill the drop-down entries in ServiceNow by simply correcting the text to be passed through which always matches a value in the respective dr...

  To read part 2, please click  here Logging in to ServiceNow ServiceNow is a fully customizable ITSM platform, running as a cloud-based Service as a Service (SaaS) platform and containing various modules that helps you to select solutions from first-and third-party solutions to fully expand the capabilities as well as integration across your technology landscape. You can use the ServiceNow portal's menu on the left-hand side of the screen to navigate through the various components where you can easily find the incidents by simply scrolling through the list, or by searching it with the help of the Filter navigator option present at the top of the left-hand side menu. Creating a Playbook to trigger a ticket in ServiceNow We can easily create a ServiceNow Security Incident Response (SIR) incident with the help of a playbook as follows. Cloning an Existing Logic App   You can create a new playbook by cloning the existing one as follows- At the Microsoft Sentinel's playbook o...