Skip to content
Saturday, November 16, 2024
  • Home
  • About Me
  • My Certificates
  • ALL Blogs

Network Pioneers

We Make Technology Accessible

call 00966598605861
Email info@net-pioneers.com
Location: KSA - Riyadh - Exit 8
  • Microsoft 365
    • Microsoft 365 administration
      • Course intro
      • about Microsoft 365
      • Subscriptions Plan
      • Create subscription
      • Admin Center(s)
      • Custom Domain
      • Add Users
      • Add Bulk Users
      • External Users
      • Groups
      • Password Management
      • Update & Release Notes
      • Resources Rooms & Equipments
    • Microsoft 365 Security
      • Course introduction
      • Multi Factor Authentication
        • MFA concepts
        • Google Authenticator App
        • Microsoft Authenticator App
        • Mobile SMS
      • Conditional Access
        • Conditional Access : concepts
        • block access based on country
        • Change Password with Sign-in
        • Require compliant device
        • require join Azure AD
        • require MFA with untrusted IPs
        • what if scenario simulator
      • Cloud App Security
        • CAS Concept
        • CAS Subscription
        • System Settings
        • App Connector
        • Office 365 connector
      • Identity Protection
        • AAD introduction
        • emergency access
        • Identity Protection policies
        • Security Overview
        • Identity Protection Tools
      • Exchange Online Protection
        • EOP Introduction
        • Connection filtering
        • Malware filtering
        • Mail Flow Policy
        • SPAM filter
      • Microsoft Information Protection
        • Communication Compliance
        • Data Loss Prevention
        • Azure Information Protection
        • Office Message Encryption
      • Privileged Identity Management
        • PIM Concepts
        • initial Configuration
        • Just in Time
        • approval workflow
        • Time-bound Access
        • Audit Logs & Alerts
        • Access Review The Concepts
        • Access Review The Practice
  • Microsoft
    • SCCM
      • Features and Functionalities
      • Release History
      • Roles and Hierarchy
      • installation -pre & Post
      • Discovery Methods
      • Boundary
      • Deploy SCCM client
      • Client settings Policy
      • Hardware Inventory
      • Software Inventory
      • Reporting Services
      • remote control
      • Deploy Software Update
      • Operating System Deployment
    • Exchange
      • Introduction
      • Installation
      • Users Mailbox
      • Distribution Groups
      • SSL Certificate
      • Disclaimer
      • Database Storage
      • Database Operations
      • Mail Flow
      • Client Access
      • Address List And Policies
      • Database Availability Group
    • Windows
    • Active Directory
      • Introduction
      • AD Installation
      • Join Domain
      • workIng with Consoles
      • AD Users
      • AD Groups
      • Organizational Units
      • Delegation
      • Forest And Trees
      • Additional DC
      • Demoting DC
      • Certificate Authority ADCS
      • Certificate Authority Template
      • FSMO
    • SCOM
      • introduction
      • installation
      • Managing agent
      • Management Pack
      • Monitoring MS Servers
      • Notification
      • Reporting Services
      • Audit Collection Service
  • VMware
    • Vsphere-ICM
      • ESXI Installation
      • vSphere Post installation
      • access ESXI server
      • vCenter Deployment
      • VM Files Structure
      • vSphere Networking
      • VSS
      • VDS
      • VLAN
      • ESXI storage
      • Local storage
      • ISCSI storage
      • NFS storage
      • vMotion
      • Distributed Resource Scheduler
      • Fault Tolerance
      • High Availability
    • vSphere-O&S
      • Course intro
      • vSphere RBAC
      • vSphere & AD
      • vSphere Security
      • vim-cmd
      • ESXcli
      • ESXtop
      • Resources Pool
      • Content Library
      • vAPP
    • SRM
      • Cleaning up Test Recovery
      • Configure Network Mapping
      • Configure VM Replication
      • Create Recovery Plan
      • Create Resource Mapping
      • Creating Protection Group
      • SRM DR Site
      • Folder Mapping
      • install VR in DR Site
      • install VR in Production Site
      • SRM Introduction
      • Network Components
      • Pairing Sites with SRM and VRA
      • Placeholder Datastores Mapping
      • SRM Production Site
      • Running SRM Test Recovery
      • Storage Policy Mapping
  • Linux
    • Suse
      • Deployment
      • install GNOME
      • FHS
      • Apache
      • NFS
      • SAMBA
      • Software management
      • WordPress
      • Yast
      • Lang & Country Settings
      • Identity
      • Manage Users
      • Remote Administration
      • synchronize NTP
  • PMP
    • PMP introduction
    • Integration Management
    • Scope Management
    • Schedule Management
    • Cost Management
    • Quality Management
    • Resource Management
    • Communications Management
    • Risk Management
    • Procurement Management
    • Stakeholder Management

Conditional Access : Require Change Password with Sign-in Risk

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
  • November 25, 2020
  • , 9:11 am
  • , Microsoft 365 Security
  • maher islaieh
Table of Contents

introduction

previous article we have seen how to use conditiona laccess policies to enhance security  in organization by force certain action based on specific condition 

 

this article : we will see how to Force to change password with sign-in Risk 

Risk Classfiication

Identity Protection identifies risks in the following classifications:

 

Atypical travel

  • Sign in from an atypical location based on the user’s recent sign-ins.

Anonymous IP address

  • Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs).

Unfamiliar sign-in properties

  • Sign in with properties we’ve not seen recently for the given user.

Malware linked IP address

  • Sign in from a malware linked IP address.

Leaked Credentials

  • Indicates that the user’s valid credentials have been leaked.

Password spray

  • Indicates that multiple usernames are being attacked using common passwords in a unified, brute-force manner.

Azure AD threat intelligence

Microsoft’s internal and external threat intelligence sources have identified a known attack patter

 

Risk levels

Identity Protection categorizes risk into three tiers:

  • low,
  • medium,
  • high.

While Microsoft does not provide specific details about how risk is calculated,  >> we will say that each level brings higher confidence that the user or sign-in is compromised.

For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.

company Requirements

to enhance security : Pioneers101 company need to require change password when sign-in risk 

 

create policy to change password when sign-in risky

to create policy 

open portal azure >> conditional access >> policies 

open conditional access >> create policy
set policy name >> and select ALL users
select ALL apps
select user risk level
select sign in risk level
the action : require change password
exclude global admin >> enable policy >> create
policy created

Risk Report

once risk occurred : azure security will logg that risk 

and could be checked in Azure security reports 

 

open https://portal.azure.com 

check risky users report
check risky sign-in report
check risk-detected report

Conclusion

in conditional access policy there is NOthing to do with Risk user or risk sign-in 

But ,,,,

in coming article with identity protection there is separate article to fully discuss risk users and risk sign-in 

 

please keep tuned

PrevPreviousConditional Access : require Devices to join Azure AD
NextConditional Access : Require device to be compliantNext
Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

  • Active Directory (14)
  • Exchange (18)
  • Microsoft 365 administration (13)
  • Microsoft 365 Security (45)
  • PMP (73)
  • SCCM (29)
  • SCOM (26)
  • SRM (17)
  • Suse (23)
  • Vsphere-ICM (31)
  • vSphere-O&S (26)
  • Win2019 Infra (1)
  • Windows (5)

Recent Articles

  • secure RDS portal with Certificate Authority
  • 13.4 Project Stakeholder Management : Monitor Stakeholder Engagement
  • 13.3 Project Stakeholder Management : Manage Stakeholder Engagement
  • 13.2 Project Stakeholder Management : Plan Stakeholder Engagement
  • 13.1 Project Stakeholder Management :Identify Stakeholders

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us

Copyright 2020 All rights reserved @Net-Pioneers.com
  • Home