Microsoft released a new Microsoft Defender for Identity (MDI) sensor type for Active Directory Certificate Services (ADCS). This article demonstrates the steps to deploy the sensor on your ADCS Servers.
The Microsoft Defender for Identity (MDI) sensor can be downloaded from the Microsoft 365 Defender portal. The MDI sensor installation package is the same for Domain Controllers, ADFS and ADCS. If you have previously downloaded the package, you can use this for the installation, although I would recommend downloading the latest version for any new deployments.
Adding user risk to your STAT playbook Now that you’ve got your first playbook set up, let’s talk about what each module does. We’re going to start with the Azure AD Risks module. This module retrieves several pieces of information to help enrich your incident. The risk level for the users in the incident as … Continue reading Automate your SOC – Oh, that user again?
Overview: You might have heard about AzureAD PowerShell module deprecation. So, in this article we will summarize the migration between Azure AD PowerShell to Microsoft Graph PowerShell and will provide you with all the relevant info and links in one place, to get you up and running with the new MS Graph Module. The best … Continue reading Azure AD PowerShell to Microsoft Graph PowerShell
You can use the Microsoft Authenticator application to complete MFA (Multi-Factor Authentication) sign-in when your mobile device has no connectivity. The Authenticator application functions as the primary and backup sign-in method.
Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. Microsoft will remove the admin controls and enforce the number match experience tenant-wide for all users starting May 8, 2023.
If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven't gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.
I recently deployed a new Active Directory Forest in my lab on Windows Server 2022. I wanted to configure the Microsoft On Demand Assessments for Active Directory and also needed to deploy Microsoft Defender for Identity (MDI). I wanted to use a Group Managed Service account to run these instead of a normal service account. … Continue reading Field Notes: Service running with gMSA account not starting
With the Active Directory Recycle Bin enabled, deleted Active Directory objects can be easily recovered. The deleted items can be recovered for as long as the Active Directory tombstone lifetime. Based on default configuration this should be 180 days. I recently received a request from a customer to know how they can permanently delete user … Continue reading Permanently delete objects from the Active Directory Recycle Bin
The intention of this write-up is that you are modifying MIM Portal to switch email notifications to use the Application Context Authentication method as opposed to an SMTP relay or other method that uses a log on name and password. Basic Authentication will be deprecated somewhere around October 2022. A Modern Authentication needs to be … Continue reading MIM Portal & Application Context Authentication