Multi-Factor Authentication (MFA) adds an important layer of security to Azure AD or Microsoft 365 accounts. For many, the Microsoft Authenticator app provides the needed second-factor for MFA. But that depends on a mobile device. In some cases, an employer may want to use an alternative to a cell phone or mobile device for MFA. This video looks at a Yubico Yubikey hardware token as an alternative to the Microsoft Authenticator app on a cell phone for Azure MFA.Continue reading “MFA Without the Authenticator App for Azure AD and Microsoft 365”
In this video, we go over enabling Multi-factor Authentication, or MFA, for Windows Virtual Desktop (WVD) Spring Update, or ARM. We use an Azure AD Conditional Access Policy to enforce MFA on a group of users. We also set an MFA Trusted IP address to exclude a public IP source from the MFA Policy.Continue reading “Enable MFA for WVD ARM”
This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client. A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet. The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.Continue reading “Azure Point-to-Site VPN with Azure AD Authentication and MFA”
This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections. A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet. The video goes on to demonstrate how to create a root certificate and client certificates to use for authentication. After that, configuring the client is demonstrated as well as blocking a client by revoking a certificate.Continue reading “Azure Point-to-Site VPN with Certificate Based Authentication”
Microsoft has a lot of options to view Azure log data in one form or another. There is the Security Center, Azure Sentinel, Log Analytics, and Insights. This is fine for an Azure centric organization, but many organizations already have log collection systems in place such as Splunk, and using multiple logging platforms is not efficient. This article walks through sending Azure AD and Office 365 logs to Splunk.Continue reading “Use Splunk to Collect Logs from Office 365 and Azure AD”
Azure Privileged Identify Management, or PIM, is a Microsoft service that enables management, control and monitoring of privileged access in Azure. In this video, I give you an introduction to Azure PIM. We go over the basics of on boarding a user to PIM, adding a user for active and eligible access, activating an eligible role, requiring an activation approval on a role and creating access reviews.
This video goes over two ways of restricting access to Microsoft Azures PaaS services; Service Endpoints and Private Endpoints. Both are used to restrict access to PaaS serviced, but work differently. The video gives an overview if the differences and then does a walkthrough of deploying Service Endpoints and Private Endpoints using an Azure Storage account as an example.Continue reading “Azure Virtual Networking Service Endpoints and Private Endpoints”