Discover and read the best of Twitter Threads about #azureAd

Most recents (8)

I'm a huge fan of Azure Automation. If you're an #AzureAD / #M365 Admin and haven't used it before, then this thread is for you

You will need an Azure subscription, but the first 500 minutes/month are free!

Here's an example of how to automate Azure AD device cleanup :)
First, we're going to log into the Azure portal: portal.azure.com

Search for Automation and click on Automation Accounts

Then we'll click Create, pick the sub and resource group (or create one), give it a descriptive name, select a location, and hit Review + Create
If you haven't heard, the MSOnline and AzureAD PowerShell modules are going away at the end of the year

Instead, we are going to use the new Graph SDK PowerShell modules

So let's go under Modules, click Add a Module, browse the gallery, and add Microsoft.Graph.Authentication
Read 13 tweets
Ok, so here's my take and recommendations from Identity Security lens on the #log4j2 vuln impact for #zerotrust and #AzureAD. TLDR: It's time for "EXTREME ZT: LPA ALL THE THINGS!" <thread>
The simple fact is that for whatever reason, we're getting an amazing look at what happens when responsible disclosure doesn't go to plan and the attackers and the defenders get vuln info at the same time. As a defender, you are certainly in a deep assessment/patching phase...
But you have a super complex environment evolved over years. All of your endpoints, all of the apps you depend on, all of your IoT devices, OT devices, etc. are potentially vulnerable and being probed for impact... and even you aren't sure where log4j2 has been used.
Read 24 tweets
1/3 This query lets you get all the guest users in your tenant and their last sign in.

Get-MgUser -All -Filter "userType eq 'Guest'" -Select "mail,userPrincipalName,signInActivity"
#azuread #graphps
@NathanMcNulty @Noelinho
2/3 This includes some formatting

Get-MgUser -All -Filter "userType eq 'Guest'" -Select "mail,userPrincipalName,signInActivity" | Select-Object -Property mail,@{Name = 'LastSignIn'; Expression = {$_.signInActivity.lastSignInDateTime}}
3/3 Here's the Graph version of it so you can see the other attributes. The non-interactive signins are more accurate way to find out recent activity.
Read 4 tweets
⚠️ Attention aux droits accordés aux #CSP (Cloud Service Providers ☁️) en environnement #Microsoft ! Un client vient de s'en rendre compte et l'expérience n'est pas agréable... [Thread 1/5]
1️⃣ Un partenaire #CSP peut faire une demande de droits 🔄 (Global Admin ou Helpdesk Admin... soit tout ou rien)
2️⃣ Les droits peuvent être validés par un Billing Admin, dont ce n'est pas le job 👤. Autrement dit, souvent peu de vérification... [2/5]
3️⃣ Ce n'est pas une blague : les droits n’apparaissent pas dans #AzureAD 🚨 (les auditeurs les moins chevronnés passeront à travers). Pire que ça : le #CSP a la possibilité de se connecter au tenant client sans mesure de sécurité particulière 🔐 [3/5]
Read 5 tweets
THREAD: Yesterday I gave a talk at #ITechDays on #Security approach in a #Cloud with #Azure context.
Here is key points and promised links and references.
DISCLAIMER: I'm MVP and RD but it isn't based on NDA info. My opinions only.
It might be wrong. You are warned.

Pic (cc) visualhunt.com/re7/e60879a6 Image
John Boyd defined #OODA loop. It is not strongest or best equip who survive.
Rate of adaptation to change matters.

How it applies to #security? Image
Read 28 tweets
Have you heard about naked guy at @zoom_us call? You don't want it - just TURN ON the password for meeting.

You are on #MicrosoftTeams? Use #azureAD conditional access and lobby settings.

Avoid naked people! Stay safe! Stay home#

mashable.com/article/videoc…
Read 4 tweets
Lot's of talk on #remote recently. Quick tip - are you using #JIra @Atlassian?
You can quickly let your people work on it from home. No VPN required. On-prem or through the #Azure #AzureAD #cloud (both options available)

Demo and scenario walkthrough - Image
@Atlassian You can also use #SAML with @Atlassian #Jira using #AzureAD or other provider. With #AzureAD application proxy you can publish it without network changes.

Here how it works;
If you have question about this or other scenario, drop it here - there is plenty of scenarios already addressed people don't know about.

IT crowd can help with #remotework (do we need a hashtag for it :))?
Read 3 tweets
I've finished setting up #Microsoft #Teams for one of agencies in major city in Poland. They have to #switch to #remote because of #coronavirus

Not bragging but - as IT crowd we have huge opportunity to help. It took me an hour and it will make their life easier. 1/2
There is urgency and they want to act - sometimes what is needed is a bit of knowledge and will.

Ask your local gov agency/service provider/NGO if they need help with switch to #remote.

It might be one hour for you - it will save them tons of time 2/2
On the sidenote: it is amazing were we landed with pushing compute to commodity. I got it up and running for them in 15 min. #Office365 and #AzureAD #FTW!
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!