fbpx

What Azure AD authentication feature helps you reduce password spray and phishing attacks?

What report should you consult for compromised accounts?

Respond to Abel:

  • What Azure AD authentication feature helps you reduce password spray and phishing attacks?
    Azure AD Password Protection allows you to eliminate easily guessed passwords and customize lockout settings for your environment. This capability includes a globally banned password list that Microsoft maintains and updates. You can also block a custom list of passwords that are relevant to your region or company. Once enabled, users won’t be able to choose a password on either of these lists, making it significantly less likely that an adversary can guess a user’s password. You can also use this feature to define how many sign-in attempts will trigger a lockout and how long the lockout will last.
    Microsoft Cloud App Security (MCAS) monitors user sessions for third-party cloud apps, including G-Suite, AWS, and Salesforce. The MCAS detection engine looks for anomalous user activity for indicators of compromise. One indicator, “multiple failed login attempts,” can be used to create a dynamic baseline per user, across the tenant, and alert on anomalous login behavior that may represent an active brute force or password spray attack.
  • What can you configure to reduce the password reset tickets?
    As the Microsoft 365 admin, you can let people use the self-service password reset tool so you don’t have to reset passwords for them. Less work for you!
  • What report should you consult for compromised accounts?
  • Unified Audit Logs in the Security & Compliance Center: Review all the activities for the suspected account by filtering the results for the date range spanning from immediately before the suspicious activity occurred to the current date. Do not filter on the activities during the search.
  • Admin Audit logs in the EAC: In Exchange Online, you can use the Exchange admin center (EAC) to search for and view entries in the administrator audit log. The administrator audit log records specific actions, based on Exchange Online PowerShell cmdlets, performed by administrators and users who have been assigned administrative privileges. Entries in the administrator audit log provide you with information about what cmdlet was run, which parameters were used, who ran the cmdlet, and what objects were affected.
  • Azure AD Sign-in logs and other risk reports in the Azure AD portal: Examine the values in these columns:
  • What do you need to configure for the accounting application?
    You can provide single sign-on (SSO) to on-premises applications that are secured with SAML authentication and provide remote access to these applications through Application Proxy. With SAML single sign-on, Azure Active Directory (Azure AD) authenticates to the application by using the user’s Azure AD account. Azure AD communicates the sign-on information to the application through a connection protocol. You can also map users to specific application roles based on rules you define in your SAML claims. By enabling Application Proxy in addition to SAML SSO, your users will have external access to the application and a seamless SSO experience.The applications must be able to consume SAML tokens issued by Azure Active Directory. This configuration doesn’t apply to applications using an on-premises identity provider. For these scenarios, we recommend reviewing Resources for migrating applications to Azure AD.SAML SSO with Application Proxy also works with the SAML token encryption feature. For more info, see Configure Azure AD SAML token encryption.

Protecting your organization against password spray attacks – Microsoft Security
Let users reset their own passwords – Microsoft 365 admin | Microsoft Docs
Responding to a Compromised Email Account – Office 365 | Microsoft Docs
SAML single sign-on for on-premises apps with Azure AD App Proxy | Microsoft Docs

Respond to Austin:

  • What Azure AD authentication feature helps you reduce password spray and phishing attacks?

The easiest way to stop password spraying is to configure azure AD password protection. Password spraying is when an attacker searches a large number of commonly used passwords against a list of usernames for the company. Azure AD protection helps defend against this by setting complexity requirements and lockout amounts for an account that has multiple password attempts. Azure AD will also allow administrators to ban specific passwords that are commonly on the spray list. A great way to stop phishing is to have multifactor authentication. This is commonly referred to something you have, know or are. such as a pin and a token or biometrics and a login.

  • What can you configure to reduce the password reset tickets?

To help reduce password reset tickets you can set up a self service password reset. Once this is configured a user will be able to reset the password themselves and be instructed on what the password must contain and the minimums of what is needed.

What report should you consult for compromised accounts?

I would use the user sign-in report to view a compromised account. This will be especially helpful if your company only access materials from one location. This is because this report will tell what the IP address is and where the user logged into the system from. The security report would also be a great resource as it can flag accounts that have had risky behavior.

  • What do you need to configure for the accounting application?

Log on to your AD Connect sync server and open Azure AD Connect. Click Change User Sign-in, then click Next. Continue clicking Next until you reach the “Enable single sign-on” page. From there, you’ll need to provide domain admin credentials for your local AD domain in order to enable SSO (don’t worry — the credentials aren’t stored, they’re only used for the setup process).

After you’ve done that, go ahead and log in to the Azure AD Administrative Center. Select Azure Active Directory, then Azure AD Connect. Under “User sign-on”, you should see “Seamless single sign-on” listed as Enabled.”(Encomputers, 2021)

Encomputers. (2021, January 20). How to enable single sign-on for office 365. EN Computers. https://www.encomputers.com/2018/10/enable-single-sign-on-office-365

Kelley, D. (2020, April 23). Shibboleth authentication request. Shibboleth Authentication Request. https://www-sciencedirect-com.ezproxy.umgc.edu/science/article/pii/S0167404814001692?via%3Dihub

KwekuA. (2021). Let users reset their own passwords. Developer tools, technical documentation and coding examples | Microsoft Docs. https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/let-users-reset-passwords?view=o365-worldwide

Requirements: 250 words or more each response, APA, 1 reference min each

 

Subject: Computer Systems

 

Answer preview”What Azure AD authentication feature helps you reduce password spray and phishing attacks?”essay…………………………

apa 547 words

Click the Purchase button now to download full answer for the“What Azure AD authentication feature helps you reduce password spray and phishing attacks?”paper

Share this paper