Lightnews — Scholar-powered news

Nathan McNulty @nathanmcnulty.com · 22h

a cartoon drawing of a cat sitting next to a tv and a box that says #parno on it

ALT: a cartoon drawing of a cat sitting next to a tv and a box that says #parno on it

media.tenor.com

1

Nathan McNulty @nathanmcnulty.com · 22h

Sign-in frequency of every time? 🙃 😂

1

Nathan McNulty @nathanmcnulty.com · 22h

🤣

I was updating internal documentation for our auditors and was like, "crap, I missed this update last year, better correct it" and then the auditors said the item didn't exist.

Sure enough, the rename never hit this wonderfully buried page in Entra, lol

The docs are good though :)

1 1

Nathan McNulty @nathanmcnulty.com · 22h

I demand to speak to a manager! :P

2 3

Nathan McNulty @nathanmcnulty.com · 5d

Ahh yes, Blizzard Antivirus, my favorite of all the Antivirus products 🤣

1 10

Nathan McNulty @nathanmcnulty.com · 5d

Thanks Simon! Really appreciate having some pictures too :)

1

Reposted by Nathan McNulty

Simon Skotheimsvik | MVP @skotheimsvik.no · 5d

Brilliant Conditional Access masterclass at #MMSMusicCity by @nathanmcnulty.com and @conditionalaccess.uk
Your policy is as strong as its poorest exclusion
#MMSMOA

1 1 5

Nathan McNulty @nathanmcnulty.com · 5d

I can't stop laughing 😂

7

Reposted by Nathan McNulty

Merill Fernando 💚 @merill.net · 9d

👋 Check out this new Microsoft Entra blog post 👇

Your shortcut to Microsoft Entra deployment success

techcommunity.microsoft.com/t5/microsoft...

Your shortcut to Microsoft Entra deployment success

FastTrack has developed created 20+ short, scenario-based videos that guide you step-by-step through Microsoft Entra deployments.

techcommunity.microsoft.com

2 5

Nathan McNulty @nathanmcnulty.com · 9d

Intune now has dedicated security recommendations docs just like Entra 🔥

The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance

Thanks to my collegaue (Josh Gatewood) for pointing this out!

learn.microsoft.com/en-us/intune...

9 27

Nathan McNulty @nathanmcnulty.com · 11d

Require auth strength works too! And even with low, we can do cool things like only prompt for auth strength on low risk when outside countries we operate in and stuff like that :)

1 1

Nathan McNulty @nathanmcnulty.com · 12d

It's a fairly common mistake I see to use non-remedial grant controls in risk based policies...

For example, user risk of medium = Require MFA with Sign-in Frequency of Every time or X hours

This doesn't clear the risk, it will never be cleared, omg, that poor user 😭

4

Nathan McNulty @nathanmcnulty.com · 12d

Did you know Entra ID Protection never automatically clears Medium or High risk?

We either need to use Risk Based Conditional Access policies to remediate or an admin needs to manually remediate

User risk = password reset
Sign-in risk = require MFA

learn.microsoft.com/...

2 1 16

Nathan McNulty @nathanmcnulty.com · 12d

A quick glance through these docs, and like many existing migration tools - there's a lot of gotchas to be aware of. Overall, this is going to significantly improve migration and become easier over time.

Very excited to see these new capabilities :)

learn.microsoft.com/...

1 4

Nathan McNulty @nathanmcnulty.com · 12d

It's happening! Converting AD resources to Entra resources is here, and even more docs just arrived 🥳

Delivered with the User SoA docs is something even bigger - architectural guidance for shifting from AD to Entra using Source of Authority conversion🔥

learn.microsoft.com/...

1 4 20

Nathan McNulty @nathanmcnulty.com · 15d

They have increased the quality requirements of biometrics over the years, not an issue to the best of my knowledge. We can also raise the bar with ESS.

I think for most orgs that's going to be fine, but I understand why some disallow Biometrics (plus users don't understand and worry about it).

1

Nathan McNulty @nathanmcnulty.com · 16d

🤣

That tagline gets more hilarious every time I read it 🙃

1 2

Nathan McNulty @nathanmcnulty.com · 16d

cyber awareness month is off to a great start...

2 1 11

Nathan McNulty @nathanmcnulty.com · 17d

Hahaha, wow... 😮

If you leave App passwords enabled and enforce MFA through per-user MFA, the MFA enrollment wizard actually makes the user to create an app password 🤯

3

Nathan McNulty @nathanmcnulty.com · 18d

If you've been evaluating the new(ish) Defender for Identity sensor (v3.0) that's in preview, there's a new config to support advanced identity detections :)

Just add the tag "Unified Sensor RPC Audit" to the DC's (docs recommend asset rule management)

learn.microsoft.com/...

4

Nathan McNulty @nathanmcnulty.com · 18d

:(

Nathan McNulty @nathanmcnulty.com · 18d

I just love how predictable cloud is - you can migrate or we'll migrate it for you, but either way, you're moving to the new service that will probably cost you more

2 5

Nathan McNulty @nathanmcnulty.com · 19d

This was postponed, so there's still time... tomorrow is the last day before mandatory MFA for Azure CLI/PowerShell and anything else hitting Azure Resource Manager REST API

1 9

Nathan McNulty @nathanmcnulty.com · 21d

Correct, that's what I meant by "at least user browser profiles" :)

Reposted by Nathan McNulty

Lukas Beran @lukasberan.com · 21d

That's a common and huge security risk that most admins do not know about. I wrote a blog post about it. www.cswrld.com/2024/11/how-...

How to disable Self-Service Password Reset for administrators

Self-service password reset can be a useful feature that allows users to access their account in case they forget their password. On the other hand, it is potentially risky, as...

www.cswrld.com

1 5