Shakedown Social

gyptazyProxmox in Enterprises: I'm often asked, 'Can we use our Active Directory, LDAP, or OIDC with Proxmox?' Yes, you can!Let's have quick dive into installing and configuring Authentik and configure Proxmox VE to use OIDC as an additional authentication realm.<a href="https://mastodon.gyptazy.com/tags/Proxmox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Proxmox</a> <a href="https://mastodon.gyptazy.com/tags/ProxmoxVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ProxmoxVE</a> <a href="https://mastodon.gyptazy.com/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://mastodon.gyptazy.com/tags/Authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentik</a> <a href="https://mastodon.gyptazy.com/tags/OpenID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenID</a> <a href="https://mastodon.gyptazy.com/tags/OpenIDConnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenIDConnect</a> <a href="https://mastodon.gyptazy.com/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OIDC</a> <a href="https://mastodon.gyptazy.com/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> <a href="https://mastodon.gyptazy.com/tags/enterprise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#enterprise</a> <a href="https://mastodon.gyptazy.com/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homelab</a><a href="https://gyptazy.com/proxmox-authentik-oidc-install-configure-and-connect-authentik-to-proxmox-ve/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gyptazy.com/proxmox-authentik-oidc-install-configure-and-connect-authentik-to-proxmox-ve/</a>

Brian Clarktl;dr: Block logins from Tor Exit Nodes using Conditional Access One thing we (as a community) lost when we started using IdP’s like <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> was the ability to easily block networks and IP addresses from accessing your login pages. The work-around with Entra is to create Conditional Access Network Locations along with a policy to block successful logins from those IPs and networks. One “Network Location” you should create and block is the list of Tor Network Exit nodes. This will prevent a threat actor who has stolen credentials from logging in from the anonymized Tor network. <a href="https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips</a><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Lukas Beran𝗛𝗼𝘄 𝘁𝗼 𝗿𝗲𝗾𝘂𝗶𝗿𝗲 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝘁 𝗱𝗲𝘃𝗶𝗰𝗲 𝗳𝗼𝗿 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗮𝗰𝗰𝗲𝘀𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗻𝘁𝗿𝗮 𝗜𝗗Requiring a managed device to access Microsoft 365 services (or generally any apps/services integrated with Microsoft Entra ID) is a very effective method of phishing protection.This is because in such a case it is not enough for a threat actor to obtain, for example, login credentials through phishing. It is not even enough to somehow obtain or bypass MFA. In such a case, the threat actor would also have to have a managed device from the organization’s tenant. Which should be unrealistic to obtain.Thus, requiring access from a managed device is a very effective and powerful method of protecting corporate identity. And yet it shouldn’t be too complicated to deploy, since corporate devices should be managed anyway.📺 Watch my YouTube video on how to require compliant devices via conditional access policies in Microsoft Entra ID 👇 👇 <a href="https://youtu.be/mH-8x29xdW0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/mH-8x29xdW0</a><a href="https://infosec.exchange/tags/cswrld" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cswrld</a> <a href="https://infosec.exchange/tags/videotutorial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#videotutorial</a> <a href="https://infosec.exchange/tags/entraid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraid</a> <a href="https://infosec.exchange/tags/devicecompliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#devicecompliance</a> <a href="https://infosec.exchange/tags/applications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#applications</a>

Kal Feherjust spent the day diving into MS Entra & graph service principle formats for applications. I may never recover. hidden tags govern if apps are displayed in ur admin portal. create a SP in the portal those tags are applied transparently. via cli they are not. u have no way of observing this bc reasons.meta data for svc principals is not visible at all in the portalnaturally you have 2 separate CLI tools to juggle to identify this.<a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a>

Merill Fernando :verified: :donor:Have you checked out this week's Entra newsletter?Get the latest at <a href="https://entra.news" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://entra.news</a><a href="https://infosec.exchange/tags/entraid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraid</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iam</a>

heise SecurityDas heise security Webinar: Gefährliche Voreinstellungen der Microsoft-CloudDiese gefährlichen Defaults in Microsofts Entra ID sollte jeder Admin kennen, verstehen und vielleicht dann auch ändern. Das kompakte Webinar hilft dabei.<a href="https://www.heise.de/news/Das-heise-security-Webinar-Gefaehrliche-Voreinstellungen-der-Microsoft-Cloud-10362152.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/Das-heise-security-Webinar-Gefaehrliche-Voreinstellungen-der-Microsoft-Cloud-10362152.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</a><a href="https://social.heise.de/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://social.heise.de/tags/MicrosoftTeams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MicrosoftTeams</a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Pyrzout :vm:Microsoft Entra ID Lockouts After MACE App Flags Legit Users – Source:hackread.com <a href="https://ciso2ciso.com/microsoft-entra-id-lockouts-after-mace-app-flags-legit-users-sourcehackread-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/microsoft-entra-id-lockouts-after-mace-app-flags-legit-users-sourcehackread-com/</a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1CyberSecurityNewsPost</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hackread</a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.skynetcloud.site/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> <a href="https://social.skynetcloud.site/tags/MACE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MACE</a>

Phil Gastwirth :imagination:How is everybody monitoring Apps and secrets in Entra ID? 3rd party tool? MS Graph? We use cloud only admin accounts that don't have email so we don't get email alerts for secrets expiring etc. Also, apps that aren't used anymore.<a href="https://worldkey.io/tags/entraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraID</a> <a href="https://worldkey.io/tags/azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#azure</a>

heise SecurityDas heise security Webinar: Gefährliche Voreinstellungen der Microsoft-CloudMicrosoft Entra ID kommt mit gefährlichen Defaults. Wir zeigen, wo man unbedingt nachbessern muss. Und bis Mittwoch gibts das Webinar noch 20 Prozent reduziert.<a href="https://www.heise.de/news/Das-heise-security-Webinar-Gefaehrliche-Voreinstellungen-der-Microsoft-Cloud-10340393.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/Das-heise-security-Webinar-Gefaehrliche-Voreinstellungen-der-Microsoft-Cloud-10340393.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</a><a href="https://social.heise.de/tags/CloudComputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudComputing</a> <a href="https://social.heise.de/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://social.heise.de/tags/MicrosoftTeams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MicrosoftTeams</a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Brian ClarkAnyone know how to find log entries for successful Entra ID Seamless SSO logins? I want to turn off this configuration and need to validate what, if anything, is using this authentication method. Microsoft’s documentation is lacking in this area.<a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a>

Paul Sanders 😎It’s great to see <a href="https://infosec.exchange/@merill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@merill</a> has launched his <a href="https://infosec.exchange/tags/podcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#podcast</a>! It’s been fun listening to!If you work in <a href="https://infosec.exchange/tags/entraid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraid</a> , or just like hearing about <a href="https://infosec.exchange/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iam</a> - give it a listen.<a href="https://podcasts.apple.com/gb/podcast/entra-chat/id1801200012" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://podcasts.apple.com/gb/podcast/entra-chat/id1801200012</a>

Phil Gastwirth :imagination:Just spent like 3 days trying to figure out another Azure Tenants Intune rbac roles not applying... it was caused by the intune license group being nested under another group. Nested groups are a wonderful concept but the amount of times they have been the root of random issues is very high. <a href="https://worldkey.io/tags/azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#azure</a> <a href="https://worldkey.io/tags/intune" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intune</a> <a href="https://worldkey.io/tags/entraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraID</a>

Brian ClarkReally interesting article on this ransomware operators tactics, this part especially so:“Early Warnings Suggest Entra Connect Is Next Target” I think it’s worth your time to harden your Microsoft <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> Connect (formerly Azure AD Sync) configuration as this is not the first article I’ve seen noting attackers targeting your IAM infrastructure. <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> From: <a href="https://swecyb.com/@nopatience" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nopatience</a> <a href="https://swecyb.com/@nopatience/114023912775060407" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://swecyb.com/@nopatience/114023912775060407</a>

Brian ClarkAt this point, most organizations don’t need the old Azure AD Seamless SSO configuration as they use the more modern Entra ID Native or Hybrid join features. AFAIK the Seamless SSO feature was used to support Windows 8 and 2012 systems. If you don’t have any of those, you should be ok to disable this vulnerable feature. Here’s some documentation on how to do so:<a href="https://learn.microsoft.com/en-us/answers/questions/2123590/turning-off-seamless-single-sign-on-azureadssoacc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://learn.microsoft.com/en-us/answers/questions/2123590/turning-off-seamless-single-sign-on-azureadssoacc</a><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> From: <a href="https://infosec.exchange/@r1cksec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@r1cksec</a> <a href="https://infosec.exchange/@r1cksec/114019481650636237" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@r1cksec/114019481650636237</a>

Paul Sanders 😎If you are into <a href="https://infosec.exchange/tags/entraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraID</a> and <a href="https://infosec.exchange/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iam</a> - i highly recommend the <a href="https://entra.news/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://entra.news/</a> <a href="https://infosec.exchange/tags/newsletter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#newsletter</a><a href="https://infosec.exchange/@merill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@merill</a> and Joshua do an amazing job at getting the latest news, tips, podcasts and content together in an easy to read and follow format.

Brian ClarkWas poking around in Microsoft <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> today and looking at the Secure Score for Identity. Good recommendations there—check it out!I also saw a notice on the page to check out the “new Secure Score experience” so I did. It’s terrible. Why does Microsoft insist on downgrading their UI when they “improve” things? The new experience doesn’t allow you add or remove columns in the recommendations. It also doesn’t allow you to sort columns. These features are valuable and were available in the “old” experience. Also, I noticed that the score was different depending on whether I was in the new or old experience — with no explanation for the difference in the Entra portal. <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

kurtsh<a href="https://infosec.exchange/@merill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@merill</a> Thank you for posting this to Mastodon. Appreciate you Merill! <a href="https://mastodon.social/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> <a href="https://mastodon.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mfa</a> <a href="https://mastodon.social/tags/microsoft365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft365</a> <a href="https://mastodon.social/tags/admin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#admin</a> <a href="https://mastodon.social/tags/entraid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraid</a>

Brian ClarkNeat way to prevent logins and any other potential badness from Tor using a Conditional Access Policy and a named location <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> <a href="https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips</a>

Brian ClarkWhen using <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> for your Identity Platform (IdP) you have many options to improve your <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> by using Conditional Access policies. Here’s a good one to prevent logins from the Tor network “Using Conditional Access Policies to Block Tor Exit Nodes in Entra ID”<a href="https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips</a>

Brian ClarkThese are great changes to the Microsoft Entra <a href="https://infosec.exchange/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> registration process. This was the hardest part of the entire MFA process from my point of view. <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> From: <a href="https://infosec.exchange/@merill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@merill</a> <a href="https://infosec.exchange/@merill/113351953701422591" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@merill/113351953701422591</a>

Recent searches

Search options

Administered by:

Server stats:

#entraid