Entra.News #30: This week in Microsoft Entra
Read about granular cert-based auth config in CA, auditing your tenant for highly privileged apps and more!
👋 Greetings, Merill here with another thrilling edition of the Microsoft Entra newsletter!
You won’t believe the awesome content we have for you this week, covering everything you need to know about Microsoft Entra. 🎉
And that’s not all! I also have a special treat for you 🍦: a new PowerShell cmdlet along with a companion video on YouTube. Trust me, you don’t want to miss this one! (And while you’re there, make sure to hit that subscribe button 😉).
Cheers,
Merill
⚡️ Microsoft
🏆 Generally Available
New Microsoft Entra homepage → entra.microsoft.com
Define Azure custom roles with data actions at Management Group scope
Microsoft Entra ID Protection: Microsoft Defender for Office alerts
Microsoft Entra ID Protection: Real-time threat intelligence
🔥 Public Preview
Introducing More Granular Certificate-Based Authentication Configuration in Conditional Access • Alex Weinert
New Microsoft Entra recommendation to migrate off MFA Server
📖 Read
From the community…
☀️ Learn
📦 Apps
Graph User.ReadBasic.All Application Permission Available • Tony Redmond
🔑 Authentication
Entra ID Multi-Factor Authentication/Conditional Access and External Federation Implementation • Brian Reid
Start migrating MFA and SSPR to the new Authentication Methods policy • Mike van den Brandt
Disable SMS For Entra ID and Microsoft 365 Authentication • NTW
🤖 Automation & DevOps
Report the MFA Status for Entra ID User Accounts • Tony Redmond
How to use Get-MgUser in PowerShell • Ali Tarjan
Automate Entra ID Application Creation and Access Management with Terraform and GitHub Actions • Suryendu Bhattacharyya
Automate Microsoft 365 Settings with Microsoft365DSC • Sudha
🚦 Conditional Access
🔐 Credential Management
Enable FIDO2 Authentication With Entra ID and Microsoft 365 • NTW
Prepare for device-bound passkeys in Microsoft Entra ID (changes to FIDO2 and Windows Hello for Business) • Thibault Chatiron
🖥️ Devices
Windows LAPS and Granting Roles to Administrative Units • Brian Reid
Intune MAM Policies : The Key to Protecting Data on Unmanaged Devices • Tom Machado
Global Reader in Microsoft Entra to Allow Access to Teams Devices • Daniel Bradley
FSLogix on Entra Joined AVD • Niels Kok
💠 External ID
Using Entra External ID (CIAM) with the MSAL samples • Rory Braybrook
Using the quick start in Entra External ID for Customers • Rory Braybrook
⛑️ ID Protection
Use case: Phishing resistant MFA of a privileged role • Jonas Bøgvad
📈 Reporting and Insights
Weird issues with Entra ID Signin Logs • Martin Rothe
Reporting on Entra ID directory role assignments (including PIM) • Vasil Michev
🥷 Security
Why You Should Conduct Regular Entra ID Assessments • Sean McAvinue
(An Attempt at) Detecting Managed Identity Abuse • Ryan Hausknecht
Microsoft Breach — What Happened? What Should Azure Admins Do? • Andy Robbins
Active Authentication Administrators in Azure • rootsecdev
A Thread on Frosty Fiascos: Delving into the Microsoft Midnight Blizzard Hack • Jan Bakker
Pivoting into Google Workspace using an Azure Managed Identity • Narayanan subramanian
New Lessons Learned From Microsoft’s Security Breach • Arvind Suthar
AitM detection with Sentinel via custom CSS • Robbe Van den Daele
Microsoft Entra ID Role vs Azure Role • Debac M.
⚒️ Toolkit
Microsoft Cloud Group Analyzer • Jasper Baes
📺 Watch
Zero Trust and the Secure Future Initiative: 2024 | Unpacking Endpoint Management (58 min) • Windows IT Pro
Handling Apple ID conflicts during Entra and Apple Business Manager Federation (14 min) • Dean Ellerby MVP
What's new in Microsoft Entra ID? January 2024 • RioCloudSync
Microsoft Breach: What Happened? What Should Azure Admins Do? (1 hour) • SpecterOps
Breaking Bitlocker - Bypassing the Windows Disk Encryption (9 min) • stacksmashing
👨🏽💻 Merill’s corner
→ Find out who has OAuth API access to your Microsoft 365 data
This new cmdlet in the MSIdentityTools module exports all the permissions granted to users and applications in your Microsoft Entra tenant.
Watch the video below for a quick overview and how you can run the export on your tenant.
Backstory: This cmdlet is based on this Azure AD PowerShell script by Philippe Signoret which was later updated by Michael Epping to create the Excel export with the pivot tables.
I have now ported this over to Microsoft Graph, added a bunch of enhancements and added it to the MSIdentityTools module.
If you want to learn more about ‘Hiding in the clouds’ watch this session by my colleagues Mark Morowczynski and Michael Epping.
→ Protect your Microsoft 365 Privileged Accounts
❓ Here's a quick quiz for you. Are you doing everything you can to protect your Microsoft 365 Privileged Accounts? Here are the top five that Microsoft recommends. What is your score?
Follow the Protect your Microsoft 365 privileged accounts guide on Microsoft Learn to implement these in your organization.
→ Phishing resistant remote access to servers
Folks, in case you missed it. You can protect remote access to your servers both Linux and Windows with phishing resistant MFA using Microsoft Entra conditional access policies.
The last bit to enable MFA to Windows VMs on AWS, GCP and on-prem is yet to come but it IS COMING!
🪃 Always Was, Always Will Be Aboriginal Land
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.