In my previous post, I discussed using the new Attack Simulator for crafting phishing campaigns against your users. If you haven’t tried it out yet, I’d heartily recommend it. It’s more fun than a barrel of monkeys.
For this post, we’re going to shift into slightly more traditional attack strategies. … [ Continue reading ]
This evening, I found myself needing to configure Skype for Business clients to prompt the user for the audio device when joining. The registry key to control this behavior, AllowOverridingDeviceAtJoinTime, has existed for quite some time:
For Communicator, the setting was located at HKCU:\Software\Microsoft\Communicator. … [ Continue reading ]
Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users. The Attack Simulator has three core components, each of which I’ll cover in a series:
- Spear Phishing (Credential Harvest)
- Brute Force Password (Dictionary Attack)
- Password Spray Attack
For this post, I want to focus on the Spear Phishing campaign.… [ Continue reading ]
Over the last couple of days, I’ve updated a few tools that I have published on the gallery. Here’s the run-down:
AAD Connect Network and Name Resolution Test
I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done. … [ Continue reading ]
A few users reported bugs with logging that I have updated. There was also an unreported bug when searching the XML generated by Get-ADSyncServerConfiguration for the connector’s AD user, which I have also resolved.
You can get the updated tool at https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74.… [ Continue reading ]
Update: We now have some public documentation available for this as well, so be sure to check there, too! https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-plans
Imagine this scenario: You’ve been running Active Directory Federation Services (AD FS) since before it was cool, and you’re tired of maintaining that highly available infrastructure (at least 4 servers) and the whole federation thing and its myriad of quirks and drawbacks and headaches (such as alt-id (which is still supported in Pass-through authentication with some caveats, listed below), claims rules, certificates, and the fun of trying to change UPN suffixes from one federated UPN to another).… [ Continue reading ]
A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.… [ Continue reading ]
So, imagine this:
The security team comes to you and asks you for a report on how people are accessing Exchange Online services–browser, mobile, Outlook client. In the olden days of Exchange on-premises, you could look at the IIS logs to check browser traffic. … [ Continue reading ]
Last year, I had a project that involved migrating a large customer from Office 365 Dedicated to Office 365 GCC (multi-tenant). While Exchange hybrid moves were possible for the mailboxes, we were unable to perform the necessary hybrid migration configuration for Lync to migrate users. … [ Continue reading ]
So, I had an interesting need the other day when creating another script–I wanted to create a collection of object that were of the same type, but had different values for the properties. In this case, the objects happened to be registry keys and values that was going to report on, and (optionally) take a series of actions on. … [ Continue reading ]
Update: I’ve added several additional parts to this tool since it was originally released, including some debug logging, an Azure credential check to ensure that your identity is part of Global Admins, additional cloud endpoint checks, and a more thorough system inventory.… [ Continue reading ]
This week, I had an interesting issue to resolve–one of my customers previously hosting their architecture on-premises was utilizing geo-filtering services provided by their ISP. These geofiltering services were provided at the network layer, so filtered requests never reached the environment.… [ Continue reading ]
Two updates for the tool in a week? Yes! It is so!
At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:
- Allow the underscore (“_”) character to be used in an OU name path
- Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.
… [ Continue reading ]
While updating a script earlier this week, I wanted to spruce up my logging. However, I didn’t have a handy function to incorporate that would allow me to both write to the screen (in various colors for the type of log entry being generated) and to a log file at the same time. … [ Continue reading ]
On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool:
- Better logging of errors. When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may have happened.
… [ Continue reading ]
I have updated the Office 365 Proxy PAC tool to allow selection of the US Department of Defense XML feed for proxy bypass configurations.
You can see previous updates for the tool:
Update to the Office 365 Proxy PAC tool
Updates to Office 365 Proxy PAC Generator
And of course, the updated tool is available on the TechNet Gallery, with a couple of other bugfixes that some people reported (invalid characters/smart quotes appeared in some versions of the file, which have been corrected): https://gallery.technet.microsoft.com/Office-365-Proxy-Pac-60fb28f7 … [ Continue reading ]
Over the past several months, I’ve slowly been adding features to the OneDrive for Business Admin Tool (you can read about the previous updates and features here, here, and here). Earlier this week, one of my peers asked if I knew of an easy way for a customer to search OneDrive for Business sites and delete all files of a certain type (say, video files).… [ Continue reading ]