Mks IT ramblings: October 2023

Monday, October 30, 2023

Saturday, October 28, 2023

Microsoft Certified Identity and Access Administrator Associate ...RENEWAL SC-300

I should consult ChatGPT for answers

Friday, October 27, 2023

Wednesday, October 25, 2023

Protect apps with Microsoft Defender for Cloud Apps Conditional Access App Control

Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies. Access and session policies are used within the Defender for Cloud Apps portal to further refine filters and set actions to be taken on a user.

人为财死鸟为食亡

Monday, October 23, 2023

What is Azure Continuous Access evaluation ?

Continuous access evaluation for Microsoft 365 and Azure Active Directory (Azure AD) proactively terminates active user sessions and enforces tenant policy changes in near real time instead of relying on access token expiration

CAE only has insight into IP-based named locations. CAE doesn't have insight into other location conditions like MFA trusted IPs or country/region-based locations. When a user comes from an MFA trusted IP, trusted location that includes MFA Trusted IPs, or country/region location, CAE won't be enforced after that user moves to a different location.

Saturday, October 21, 2023

What administrators will receive users at risk detection alerts from Azure AD identity protection?

Configure users at risk detected alerts

The recipients of this email - Users in the Global Administrator, Security Administrator, or Security Reader roles are automatically added to this list

Thursday, October 19, 2023

The Microsoft Entra Connect Health agent is installed on each targeted server.

Health agents must be installed and configured on targeted servers so that they can receive data and provide monitoring and analytics capabilities.

For example, to get data from your Active Directory Federation Services (AD FS) infrastructure, you must install the agent on the AD FS server and on the Web Application Proxy server. Similarly, to get data from your on-premises AD Domain Services infrastructure, you must install the agent on the domain controllers.

Wednesday, October 18, 2023

How Microsoft 365 Backup & Archive are available ?

Monday, October 16, 2023

Azure VM stop , deallocate tasks stopped working ~~~ delete / re-create those tasks at a later rescheduled time worked

reason unknown, but I solved the problem

Thursday, October 12, 2023

jackfruit ~~~ 菠萝蜜

If Samsung Gallery upload to OneDrive isn’t working ... what a day ... does not work with MS 365 work Onedrive

https://support.microsoft.com/en-gb/office/samsung-gallery-and-onedrive-99c4e77b-8e63-4ddc-aede-19f81acee1a3

Your Samsung Gallery can only be connected to OneDrive personal accounts (i.e. not OneDrive for work or school users).

Wednesday, October 11, 2023

Azure AD Application Proxy supports remote workers by publishing on-premises applications that will be accessed over the internet. These applications can be published through the Azure portal to provide secure remote access from outside your network.

Azure AD Application Proxy supports remote workers by publishing on-premises applications that will be accessed over the internet. These applications can be published through the Azure portal to provide secure remote access from outside your network.

AZURE: Configure Conditional Access App Control for Slack

Like Facebook Workplace, you start by adding the Slack app to Azure Active Directory, and then configure the required SSO settings before you're able to create a Conditional Access policy, and finally the required Conditional Access App Control policies.

Monday, October 9, 2023

defender for cloud apps portal url

https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/defender/portals.md

Security operators and admins can go to the following portals to manage security-specific settings, investigate possible threat activities, respond to active threats, and collaborate with IT admins to remediate issues.

Portal name Description Link

Microsoft 365 Defender portal Monitor and respond to threat activity and strengthen security posture across your identities, email, data, endpoints, and apps with Microsoft 365 Defender security.microsoft.com

Microsoft Defender Security Center Monitor and respond to threat activity on your endpoints using capabilities provided with Microsoft Defender for Endpoint. NOTE: Most tenants should now be redirected to the Microsoft 365 Defender portal at security.microsoft.com. securitycenter.windows.com

Office 365 Security & Compliance Center Manage Exchange Online Protection and Microsoft Defender for Office 365 to protect your email and collaboration services, and ensure compliance to various data-handling regulations. NOTE: Most tenants using the security sections of the Office 365 Security & Compliance Center should now be redirected to the Microsoft 365 Defender portal at security.microsoft.com. protection.office.com

Defender for Cloud portal Use Microsoft Defender for Cloud to strengthen the security posture of your data centers and your hybrid workloads in the cloud portal.azure.com/#blade/Microsoft_Azure_Security

Microsoft Defender for Identity portal Identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions using Active Directory signals with Microsoft Defender for Identity portal.atp.azure.com

Defender for Cloud Apps portal Use Microsoft Defender for Cloud Apps to get rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats on cloud services portal.cloudappsecurity.com

Microsoft Security Intelligence portal Get security intelligence updates for Microsoft Defender for Endpoint, submit samples, and explore the threat encyclopedia microsoft.com/wdsi

Portals for other workloads

While these portals are not specifically for managing security, they support various workloads and tasks that can impact your security. Visit these portals to manage identities, permissions, device settings, and data handling policies.

Portal name Description Link

Entra portal Access and administer the Microsoft Entra family to protect your business with decentralized identity, identity protection, governance, and more, in a multi-cloud environment entra.microsoft.com

Azure portal View and manage all your Azure resources portal.azure.com

Azure Active Directory portal View and manage Azure Active Directory aad.portal.azure.com

Microsoft Purview compliance portal Manage data handling policies and ensure compliance with regulations compliance.microsoft.com

Microsoft 365 admin center Configure Microsoft 365 services; manage roles, licenses, and track updates to your Microsoft 365 services admin.microsoft.com

Microsoft Intune admin center Use Microsoft Intune to manage and secure devices. Can also combine Intune and Configuration Manager capabilities. endpoint.microsoft.com

Microsoft Intune portal Use Microsoft Intune to deploy device policies and monitor devices for compliance endpoint.microsoft.com

Shadow IT is the term used to describe the deployment and use of apps by other departments in an organization other than IT.

Sunday, October 8, 2023

azure: That's great! You must first disable security defaults before enabling a Conditional Access policy.

How do I disable security defaults before enabling a Conditional Access policy?

Disabling security defaults

Browse to Identity > Overview > Properties. Select Manage security defaults.

Set Security defaults to Disabled (not recommended).

Select Save.

Microsoft Entra admin center URL : https://entra.microsoft.com/#home

AZURE Conditional access comes with six conditions: user/group, cloud application, device state, location (IP range), client application, and sign-in risk

Conditional access comes with six conditions: user/group, cloud application, device state, location (IP range), client application, and sign-in risk. You can use combinations of these conditions to get the exact conditional access policy you need.

Administrators are faced with two primary goals: Empower users to be productive wherever and whenever Protect the organization's assets

Administrators are faced with two primary goals:

Empower users to be productive wherever and whenever

Protect the organization's assets

Saturday, October 7, 2023

Teamviewer vs Microsoft quick assist .... Teamviewer is much better , that's why its not free

Microsoft quick assist is slow ... but free

one client PC is behind a Asus wifi extender , it does not even connect... showing connecting ... forever

in this case Teamviewer is slow too, but somehow still show the remote screen

Azure Active Directory Premium P1 vs. P2:

https://petri.com/azure-active-directory-premium-p1-vs-p2/#:~:text=A%20standalone%20Azure%20Premium%20P1,Azure%20Active%20Directory%20Premium%20P1.

A standalone Azure Premium P1 license costs $6 per user / per month, whereas Azure Premium P2 license cost $9 per user / per month. All member user accounts in the Azure AD tenant must be licensed. If your organization licenses Microsoft 365, then Microsoft 365 E3 licenses include Azure Active Directory Premium P1

A Active Directory Identity Protection

Azure Active Directory Identity Protection can analyze a user’s sign-in request against risk factors such as known leaked credentials, atypical travel, malware-linked IP addresses, and unfamiliar sign-in properties. This additional intelligence is useful for organizations looking to automate responses to suspected compromised user accounts without relying on users reporting odd behavior or administrators reviewing logs after the fact.

Access reviews

Access reviews allow better management of group memberships and access to enterprise applications by delegating regular access reviews to specific reviewers to confirm whether the provided access is still required. This is particularly useful for high-privilege security groups or applications that process sensitive data. It is often a regulatory and/or audit requirement to demonstrate effective access management processes.

Privileged Identity Management