Blogs by Ashwin

  To read part 2, please click  here To read part 3, please click  here   Plan for RBAC Role Based Access Control (RBAC) manages users access to Azure resources, what they can do with those resources, and what areas they have access to. It is an authorization system built on Azure Resource Manager that offers fine-grained access management of resources in Azure. What can I do with RBAC? The following examples will help you to understand this: Allow one user to manage virtual machines in a subscription and another to manage virtual networks. Allow a DBA group to manage SQL databases in a subscription. Allow a user to manage all the resources in a resource group, like VMs, websites, and subnets. Allow an application to access all resources in a resource group.   How RBAC works? You can easily control access to the resources by creating role assignments using RBAC to enforce permissions. Role assignment contains three elements- security principal, role definit...

  To read part 1, please click  here Create a Conditional Access Policy A conditional policy includes following settings: Assignments Users & groups- It specifies users, groups, and directory roles for which the policy applies, or which are excluded from the policy.  Cloud apps- It specifies the cloud apps for which access is controlled by the conditional access policy. Conditions- They define when the policy will apply including sign-in risks, device platforms, locations, client apps, and device state. Access controls Grant- This control either blocks access or specifies additional requirements which need to be satisfied to allow access including requirements like MFA or compliant device. Session- It can enable limited experiences within a cloud app like app enforced restrictions.    Conditional Access with Intune It generally helps in performing the tasks like allow or block access to Exchange on-premises, control access to the network, or integrate w...

  To read part 2, please click  here Plan for Device Compliance Device Compliance policies can define the rules and settings required to be configured on a device so that it can be considered compliant allowing you to monitor device compliance status as well as individual devices that are configured in an expected way. However, the device must be enrolled to Intune before applying for compliance policy which will help the device to be automatically added to a device group so that its compliance status can be automatically reported to Intune and shown in the portal. Some of the commonly used device compliance settings are: Required password to access devices Local data encryption  Whether the device is jail-broken or rooted Minimum OS version required  Maximum OS version allowed Required the device to be at, or under the Mobile Threat Defense level If you want to implement device compliance policies, you must satisfy the following prerequisites: It must be licensed fo...

  To read part 1, please click  here To read part 2, please click  here To read part 3, please click  here To read part 4, please click  here To read part 5, please click  here Entitlement Management It's an identity governance feature which helps the organizations to manage identity as well as access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration. Why use entitlement management? The common challenges faced by the enterprise organizations while managing employee access to resources are: Users may not know what access they should have, and even if they do, they may have difficulty in locating the right individuals to approve their access. Once users find and receive access to a resource, they may hold on to the access longer than is required for business purposes. The above stated problems are compounded for the users requiring access from another organization like an external user from supply chain or...

  To read part 1, please click  here To read part 2, please click  here To read part 3, please click  here To read part 4, please click  here To read part 6, please click  here Conditional Access Report-only Mode  Although Conditional Access is widely used for security purposes, however, the main challenge is to determine its impact on end users as it is very difficult to anticipate the number and names of the users impacted by common deployment initiatives like blocking legacy authentication, requiring MFA for a population of users, or implementing sign-in risk policies. Report-only mode is a new Conditional Access policy state that helps the administrators to evaluate the impact of Conditional Access policies before enabling them in their environment. If you release report-only mode, then,: Conditional Access policies can be enabled in report-only mode. During sign-in, policies in report-only mode are evaluated but not enforced. Results are logged in...

  To read part 1, please click  here To read part 2, please click  here To read part 3, please click  here To read part 5, please click  here To read part 6, please click  here Azure AD Security Defaults Security defaults present in Azure AD readily provides security for the protection of your organization and as it consists of preconfigured security settings for common attacks, Microsoft is making it available to everyone ensuring a basic level of security enabled for all the organizations at no extra cost. When you turn on security defaults in the Azure portal, the following security configurations will be turned on in your tenant: Unified Multi-Factor Authentication Registration All the users must register for Multi-Factor Authentication (MFA) in the form of the Azure Multi-Factor Authentication service within 14 days with the help of Microsoft Authenticator app. As every user might not have ample time to register for the same, the 14-day period provided...

  To read part 1, please click  here To read part 2, please click  here To read part 4, please click  here To read part 5, please click  here To read part 6, please click  here Azure AD Access Reviews It readily helps the organizations to efficiently manage group memberships, access to enterprise applications as well as privileged role assignments, while also allowing to perform following tasks for Microsoft 365 Security and Compliance admins and User Accounts admins: Guest user access can be evaluated by simply reviewing their access to applications and memberships while the insights provided helps the reviewers to efficiently decide if the guest's access should be continued or not.  Employee access to applications as well as group memberships can be evaluated with access reviews.  Relevant access review controls into programs can be collected to track reviews for compliance or risk-sensitive applications.  The role assignment of administrat...

  To read part 1, please click  here To read part 3, please click  here To read part 4, please click  here To read part 5, please click  here To read part 6, please click  here Conditional Access Explained Nowadays, users can easily access your organization's resources with the help of various devices and apps from anywhere making it insufficient to simply focus on who can access your resource. Hence, Azure AD Conditional Access allows you to master the balance between productivity and productivity as well as the factor how a resource is accessed into an access control decision. It also helps you to implement automated access control decisions for accessing your cloud apps that are based on various conditions. Common Scenarios Conditional access policies allows you to apply right access controls under the required conditions while also providing you with extra security when needed and vice versa. It can easily help you with the following: Sign-in risk- Azur...

  To read part 2, please click  here To read part 3, please click  here To read part 4, please click  here To read part 5, please click  here To read part 6, please click  here Azure AD Identity Governance Organizations can possess the ability to perform following tasks across employees, business partners, and vendors, as well as across services and applications both on-premises and in clouds with the help of Identity Governance: Govern the identity lifecycle Govern access lifecycle Secure privileged access for administration It can also help the organizations to address the following key questions: Which users should have access to which resources? What are those users doing with that access? Are there effective organizational controls for managing access? Can auditors verify that the controls are working? Identity Lifecycle Identity lifecycle management is known as the foundation for Identity Governance and its effective use requires a proper modernizatio...

  To read part 1, please click  here To read part 2, please click  here Azure AD Application Proxy The following diagram shows how Azure AD enables secure remote access to your on-premises applications: Security Benefits The following security benefits are provided by Azure AD application proxy: Authenticated access- If you select Azure AD pre-authentication, then, authenticated connections only can access your network. Conditional access- Apply richer policy controls before connections to your network are established.  Traffic termination- All traffic can be terminated in the cloud. All access is outbound- You are not required to open inbound connections to the corporate network.  Cloud-scale analytics- as well as machine learning- Get cutting-edge security protection. Remote access as a service- You don't have to worry about maintaining and patching on-premises servers. DDOS prevention- Those applications who are published through Application Proxy are protect...

  To read part 1, please click  here To read part 3, please click  here Seamless Single Sign-On (SSO) Azure AD Seamless SSO can automatically sign in the users when they are on their corporate devices connected to your corporate network if enabled i.e. it entirely removes the requirement of typing passwords or even usernames to sign in to Azure AD providing easy access to your cloud-based applications without needing any additional on-premises components. Although seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign in methods but it is not applicable to Active Directory Federation Services (ADFS). Key Features: Sign-in username can be either the on-premises default username (userPrincipalName) or any other attribute configured in Azure AD Connect (Alternate ID) as Seamless SSO uses the securityIdentifier claim in the Kerberos ticket to look for the corresponding user object in Azure AD. Seamless SSO is an opp...

  To read part 2, please click  here To read part 3, please click  here Application Management Explained As we all know, Azure AD must be configured to integrate with an application i.e. it should know that the applications are using it as an identity system, and the process of keeping it aware of all these applications as well as the ways to handle them, is called as application management. The Enterprise applications blade present in the Manage section of the Azure AD portal will help you in application management. What is an Identity & Access Management (IAM) system? An application is a piece of software which requires the identity of the user using the application so that it can determine which functionality should be offered or removed for the user. As one application cannot know anything about the users in the other applications, and it would result in the silo of different usernames as well as logins for every applications if each application kept track of all ...

  To read part 1, please click  here To read part 2, please click  here Plan Your Investigation Azure Identity Protection dashboard provides access to the following: Reports like Users flagged for risk, Risk events, and Vulnerabilities. Settings like the configuration of your Security Policies, Notifications, and Multi-factor Authentication registration. It is the starting point to review the activities, logs, and other relevant information regarding a risk event which helps you to determine if remediation or mitigation steps are necessary and understand how the identity was compromised and used.  Mitigation Sign-in Risk Events Mitigation is termed as an action to restrict the ability of an attacker to exploit a compromised identity or device without restoring the identity or device to a safe state. If you want to mitigate the risky sign-ins automatically, then, you have to configure sign-in risk security policies that will allow to block risky sign ins or perform mu...

  To read part 1, please click  here To read part 3, please click  here Detect Vulnerabilities & Risk Events Vulnerability is defined as a weakness which can be exploited by a threat actor i.e. an attacker to perform unauthorized actions within a computer system. The vulnerabilities reported by the Azure Identity Protection are as follows: Multi-factor Authentication Registration Not Configured- As the name suggests, this vulnerability affects the deployment of Azure Multi-factor Authentication in your organization which can readily provide strong authentication throughout the range of easy verification options like phone call, text message, mobile app notification, verification code, and third-party OATH tokens. It is recommended for user sign-ins and plays a key-role in risk-based conditional access policies available through Azure Identity Protection. Unmanaged Cloud Apps- It allows you to easily identify unmanaged cloud apps in your organization as nowadays IT dep...