Posts Tagged ‘conditional access’

When they initially onboarded, there was no filtering or security in any form:

Running a simple audit against Azure AD>Sign-ins showed the extent, even more when you export a CSV.

2000+ failed attempts within 24 hours:

Step 1) Sort or filter the CSV to find common trends (specific user account/IP/Country:

In this case, the client doesn’t have staff in China, nor should anyone be accessing from there

Step 2) Create a Blacklist – AzureAD>Conditional Access.

  • Create a Named location – in this case I named it ‘Blacklist’

 

 

  • Add any IPs to the blacklist

 

  • Create a policy – Name accordingly

 

  • Filter by a test account if appropriate, same for specific apps (don’t filter all apps if the admin account is included!! This can lock you out of the portal if you make a mistake!)

  • Set the blacklist location

  • Block the blacklist (or if you’re creating a whitelist, just allow instead of reject)

  • Enable the policy, then click the ‘What If’ button and test

 

 

Make sure it works as intended!

 

 

End result:

GD Star Rating
loading...
GD Star Rating
loading...