If you’ve deployed multifactor authentication (MFA) at an enterprise scale, you’ll know it can be fraught with challenges. You may need to deploy to individual departments, or perhaps take a phased approach and deploy in traches. However you end up deciding to do your MFA rollout, you will likely need to specify a target group,…
Category: Azure
Posts pertaining to Microsoft Azure
IAM – PowerShell – Manual Entra Connect Sync via Script
Recently, the need for others to be able to force a manual sync from on-prem Active Directory (AD) to Entra became apparent. I knew this could be done with PowerShell, so I got to work writing a script. Users that may run this script will need to be in the local ‘ADSyncOperators’ group on your…
Cloud- Synchronize Profile Photos Between Federated Domains (Google, Azure)
Synchronization of profile photos between Google’s G Suite and Azure is not supported by the built-in Azure Provisioning engine. This must be accomplished by some other means. In my case, of course, I look to employ PowerShell for such automation tasks. As a prerequisite, you should have already followed PSGSuite’s intial setup procedure documented on…
Cloud – Synchronizing Disablements Between Federated Domains (Azure, Google)
When configuring provisioning between Azure and Google federated domains, you will likely reference Microsoft’s documentation on configuring their canned provisioning Enterprise Application at https://learn.microsoft.com/en-us/entra/identity/saas-apps/g-suite-provisioning-tutorial. There is more information here as well: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/configure-automatic-user-provisioning-portal. The procedure outlined here will get you started- however, you will quickly realize that disablements are not synchronizing between the two platforms. I…
Azure – Fixing AAD Connect Sync Not Starting Post-Reboot
Some months ago, a problem was noticed with one of our servers that hosts the Azure AD Connect Sync service. After a reboot, the service did not automatically start back up as expected; and, upon further inspection, the synchronization from Azure > on-prem domain was not functional. In troubleshooting this issue, I took to the…
Azure – Malicious Authentication Emulation and Mitigation
The attack surface of a cloud tenant should get a lot of consideration. It is important to understand that some legacy protocols, like SMTP, are not capable of accommodating multifactor authentication; and, although they are largely being deprecated, we may still see them in use. Attackers are particularly fond of these legacy protocols, as they…
Scripted Restart of Service – Azure Update Management
If you are using Update Management to handle patching of Windows VMs in Azure, you are bound to see devices display in the “Not Assessed” compliance state from time to time. To remedy this, one can restart the service “Microsoft Monitoring Agent (HealthService).” This service has a corresponding process as well, and I check the…