Enabling a FIDO Security Key (Console)

By Ashwin Venugopal -

 





To Enable a FIDO Security Key for Your Own IAM User (Console)

  • In order to sign-in to your IAM console, you can use your AWS account ID or account alias, your account IAM username, and your password.

  • You can choose your username and then My Security Credentials, in the navigation bar on the upper right.

  • Select Manage MFA Device in the MFA section on the AWS IAM Credentials tab.

  • Choose FIDO Security Key and then Continue in the Manage MFA device wizard,

  • Now insert the FIDO security key into your computer's USB port.

  • Tap the FIDO2 security key, and then choose Close when the setup is complete.

To Enable a FIDO Security Key for Another IAM User (Console)

  • You have to sign-in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  • Choose Users in the navigation pane.

  • Now select the username to enable an MFA, and then the Security Credentials tab.

  • Choose Manage near the Assigned MFA device.

  • After that select the FIDO Security Key, and then Continue in the Manage MFA device wizard.

  • Insert the FIDO security key into your computer's USB port.

  • Lastly, tap the FIDO security key, and then Close when the setup is complete.


To Enable a FIDO Key for Your Root User (Console)

  • You have to sign-in to the IAM console as the account owner via Root user and enter your AWS account email address. Type your password on the next page.

  • Now select your account name and then My Security Credentials on the right side of the navigation bar. Select Continue to Security Credentials if necessary.

  • Expand the MFA section.

  • After that select Manage or Activate MFA, according to your preceding step.

  • Choose FIDO Security Key and then Continue in the wizard.

  • Insert the FIDO security key into your computer's USB port.

  • Lastly, tap the FIDO security key, and then Close when the setup is complete.











































Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more