Doug Bienstock
@doughsec
IR Leader @Mandiant. Hacking things and responding to things being hacked. Opinions my own
ID:966781971425910784
22-02-2018 21:09:18
488 Tweets
2,5K Followers
115 Following
'Microsoft Signed my Malware'
Doug Bienstock (Jared Wilson), Mandiant
Jared Wilson (@doughsec) , Mandiant
Barry Vengerik (@BarryV), Mandiant 14/15
ππ
learn.microsoft.com/en-us/azure/azβ¦
Yuge deal for investigators and defenders!
#DFIR #Microsoft365 #cloudsecurity
Testing out Microsoft Entra ID (Azure AD) Authentication Strength Conditional Access.. what am I doing wrong here? All conditions satisfied but policy result fails, love it
#Microsoft365
Dr. Nestori Syynimaa β Rev - Infra & Supply Chain Technician βπ¦π οΈ The 'bypassMFA' param sets a federated token claim saying MFA already happened.
ICYDK, there's a setting to ensure that AAD MFA is always performed & rejects MFA if performed by identity provider
federatedIdpMfaBehavior -> rejectMfaByFederatedIdp
docs: docs.microsoft.com/en-us/windows-β¦