If you were (or are) a CISO, what are your 5 non-negotiables? For me:
1. If it's vulnerable, it's being patched
2. Connecting to a VPN? You are coming from a device I trust.
3. MFA everywhere.
4. Any security tools are fully deployed and actively monitored
5. I get all the logs
MS Cloud MFA/2FA bypasses:
AiTM
Illicet Consent
PRT theft
Browser Cookies Theft
PRT/Cookie Proxy
Device Code
Conditional Access Gaps
Which ones did I miss?
Microsoft just released their updated Microsoft Cybersecurity Reference Architectures (MCRA). A slide deck full of high-level guidance on securing one's organisation. Very handy for orgs starting out or already on the way.
https://t.co/XaxoxTDZoH
MFA fatigue is real. Check this thread....
Most folks think Azure MFA is easy. They just flip the switch. But there are so many settings out there that can impact user experiences.
Here are some quick tips that might ease the pain a bit:
1. Do not user per-user MFA. Go with Conditional Access
2. Only configure sign-in frequency for persona's that need it, not for all users.
3. Make use of WhfB, or FIDO2 if possible. It will take care of the MFA claim in PRT. No prompts for your users.
4. Use the Authenticator App instead of SMS. It's way more user-friendly
5. Less risk and/or managed device eq longer session. More risk and/or unmanaged device eq shorter session.
There are two options to enforce compliant devices via #AzureAD Conditional Access:
A) Grant Require compliant device
vs
B) Block with device exclusion rule "(device.deviceOwnership -eq "Company" -and device.isCompliant -eq True)"
What do you use and why?
The second best thing about going Passwordless is the improved security. The best thing is the great end to end user experience:
https://t.co/83oa6qXTQ5
New chapter of #AzureAD Attack & Defense ☁️🔐 playbook has been published by @samilamppu and me: „Abuse of #AzureADConnect Sync Service Account for suspicious activities“.
#MicrosoftSentinel detections and mitigations for #HybridIdentity are also included.
https://t.co/Jvl9iNIMcO