Jesus follower, family man, security solutions architect, love to learn and teach | Board
@OpsecEdu | @TribeOfHackers
#InfoSec
#MicrosoftDefender
#ActiveDirectory
#AzureAD
#Intune
#Azure
#NathansBlog
| Blog | https://blog.nathanmcnulty.com |
| GitHub | https://github.com/nathanmcnulty |
| https://twitter.com/nathanmcnulty | |
| Twittodon | https://twittodon.com/share.php?t=nathanmcnulty&[email protected] |
The one about Token Binding
https://textslashplain.com/2023/10/23/protecting-auth-tokens/
@crh @merill @paulsanders @JefTek I think you'll have to read that out of Sign-in logs for failures in that case
I know we can trigger this from Azure Monitor or use a Logic App, but it feels like there should be a way to do an event subscription for a more performant experience for the end user. I just can't find it now :(
@merill @paulsanders @crh @JefTek It looks like they are doing MDM enrollment, and if that's an option, we can use device enrollment restrictions with an access package
https://blog.nathanmcnulty.com/intune-using-access-packages-to-enable-user-device-enrollment/
There's no built in feature, but the user enrollment would fail, and then we could automate a process of email/Teams message them to request access on myaccess.microsoft.com which could have an approval workflow and allow them access
Many organizations use device compliance with Conditional Access to provide protection against MFA capable phishing attacks such as Modlishka, evilginx2, or @mrd0x's browser in the browser attack. This protection works well because Conditional Access uses certificate based authentication with the device and pulls compliance data from Intune, and the attacker
Sorry I missed this.. Been dealing with a sick baby :(
I've been spread across too many things lately without enough time to be in MDE. I don't think I saw this in my environments, but seems like they resolved it?
As promised, here is my deep dive into the Microsoft Enterprise Single Sign On (SSO) plug-in for Apple devices
This works on all Apple devices including iOS, iPadOS & macOS!
Windows users have long enjoyed SSO, now you can bring that experience to your Apple users 😍
Read on ⬇️
Pretty excited to share a new post on a lesser known Intune feature! :)
Microsoft Tunnel can do full device or per-app tunneling on iOS and Android, providing access to on-prem resources, restricted cloud resources, or ensuring access to SaaS apps come from a known, trusted set of IPs 🔥
https://blog.nathanmcnulty.com/intune-microsoft-tunnel-vpn-gateway/
A really neat but lesser known feature of Intune is Microsoft's Tunnel VPN solution which can do full device or per-app VPN tunneling on iOS and Android. This allows us to provide access to on-prem resources, restricted cloud resources, or ensure access to SaaS apps are coming from a known,
@interpipes That's pretty cool! I thought about using Smallstep for my example.
We didn't have an HSM, so we did OpenSSL on an encrypted removable drive (a couple actually, one offsite backup and one on-site in a fire safe).
The hope is you only have to use it once or twice during your lifetime, lol
@fabian_bader @GraemeB I don't :(
I wonder if @olafhartong might know off the top of his head
EricLaw
Merill Fernando 
