$30 off During Our Annual Pro Sale. View details »

AzureBootcamp2022: I've been pwned but I don't care by Michael Rüefli

AzureBootcamp2022: I've been pwned but I don't care by Michael Rüefli

This session is one of the sessions of Azure Bootcamp Switzerland 2022.

Everyone talks about safeguarding identities in the cloud. But what does that actually mean? Are you confused about terms like MFA,ATP,CASB,PIM,Tokens? The session will be practical and demo heavy, showing value and usage scenarios every Azure AD admin would want to know about!
🙂 MICHAEL RÜEFLI ⚡️ Managing Partner and Solutions Architect @ scopewyse

Check out Michael at: https://www.linkedin.com/in/drmiru/

Azure Zurich User Group

May 10, 2022

More Decks by Azure Zurich User Group

Other Decks in Technology


  1. I’ve been pwned …and I don’t care that much… Michael

    Rüefli scopewyse GmbH
  2. Michael Rüefli Partner | Solutions Architect scopewyse GmbH michael.rueefli@scopewyse.com www.miru.ch

    @drmiru drmiru About me | Tech Azure Cloud Platform & Security Security in focus, MCT (Microsoft Certified Trainer) Community worker About me | Private Father, Husband, Skydiver, Skier
  3. ▪ Identity, the new perimeter ▪ Attack scenarios ▪ Why

    we are still using passwords ▪ Alternatives to passwords ▪ Countermeasures / protection use cases (demo) Agenda
  4. In a world… modern hybrid MOBILE work from anywhere THE

  5. None
  6. Common attack scenarios Weak or stolen Passwords of breaches leverage

    either stolen and/or weak passwords Social Attacks of attacks that resulted in a data breach Credential-Stealing SW Of data breaches involved some form of credential stealing malware 81% 43% 51% Source: okta
  7. Fun fact.. or maybe not even funny.. 1. 2. 3.

    4. 5. 6. 7. 8. 9. Rank Password Most common used passwords in 2021 1234567890 12345678 1q2w3e qwerty123 12345 password qwerty 123456789 123456
  8. Fun fact.. or maybe not even funny.. 1. 2. 3.

    4. 5. 6. 7. 8. 9. Rank Password Most common used passwords in 2022 SERIOUSLY ? 111111 12345678 1q2w3e qwerty123 12345 password qwerty 123456789 123456
  9. Why PIN/Biometrics are the better choice PIN/Bio/FIDO2 Password TPM

  10. Why do we still need passwords in 2022?

  11. ▪ Legacy authentication protocols in apps ▪ Lack of support

    in IDPs ▪ Rolling out WHFB -> spoiler! Why passwords are still around
  12. ▪ PIN ▪ BIOMETRICS ▪ FIDO2 ▪ AUTHENTICATOR with password

    less config Password alternatives With Azure AD
  13. None
  14. How to get pwned?

  15. This Photo by Unknown Author is licensed under CC BY-SA-NC

  16. None
  17. None
  18. None
  19. Prevention / Countermeasures

  20. None
  21. ▪ Microsoft Identity Protection Landscape Identity Protection Charta DETECT PREVENT

    REMEDIATE INVESTIGATE Azure Multi-Factor • Single-Factor • Untrusted Location • Unmanaged Devices • Multi-Factor • Conditional Access • Step-up authentication • Token Lifetime • Compliant Devices • Sign-In logs Azure AD Identity Protection • Atypical Travel • User Risk Detections • Leaked Credentials • Anonymous IP • Conditional Access • PIM & Tiering Model • Priviledged Access • Risk levels remediation • SSPR • JIT Access • Risk investigation • Risky users • Risky sign-ins Microsoft Defender for Identity • Compromised Creds • Lateral Movement • Domain Dominance • Brute Force Attacks • Password Reset & MFA • High-risk user policies • Admin Tiering Model • Priviledged access • Consult logs • Defender for Cloud Apps integration Azure Sentinel • Built-in detections • Multistage attack detection (Fusion) • Connectors • Analytic rules • Playbooks • Investigation graph • Playbooks • Automation Passwordless / Windows Hello for Business • Single password • Biometrics • PIN Login • FIDO 2
  22. Conditional Access & Identity Protection Corporate Network Geo-location Microsoft Cloud

    App Security MacOS Android iOS Windows Microsoft Defender EP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset ****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 171TB Effective policy

  24. ✓Enforce MFA for admin roles ✓Enforce MFA/SSPR for risky sign-ins

    ✓Disable legacy authentication protocols ✓Enforce security information registration from trusted devices / locations ✓Enforce always-authenticate from untrusted devices ✓Enforce step-up authentication (CAE) Identity Protection to-do-list
  25. Key takeaways

  26. having a good password is still important but don’t rely

    on it
  27. protection should be conditional to avoid verification fatigueness

  28. conditions may change over time so.. always verify

  29. None
  30. www.scopewyse.com ask@scopewyse.com