Celebrate Diwali with Heavy Discount Offer IP4 Networkers

Curso Microsoft Intune en Madrid, Barcelona y Online

Formación MS Intune para consultores técnicos y profesionales de empresa que deseen aprender a administrar dispositivos móviles (MDM) en su organización. Curso Intune ofrecido en modalidad presencial In Company u online en Madrid, Barcelona, Valencia, Alicante, Málaga, Sevilla y Bilbao, bajo demanda para empresas.

Aprende todas las novedades en torno a MS Intune y prepárate para tu certificación.

¿Qué es Microsoft Intune?

Microsoft 365 Intune es un servicio basado en la nube especializado en la administración de dispositivos móviles (MDM) y aplicaciones móviles (MAM). Esta solución tecnológica de Microsoft nos permite controlar cómo se usan los dispositivos dentro de una organización o empresa, como los teléfonos móviles, los ordenadores portátiles o las tablets, además de establecer directivas específicas para controlar las aplicaciones de Office 365. De esta forma, podemos evitar que se envíen mensajes de correo electrónico a personas ajenas a la organización, así como ayudar a que los datos empresariales permanezcan protegidos incluso en los dispositivos y aplicaciones personales de los trabajadores.

Maintain the productivity of administrators and corporate users across all their devices, activate automated deployments to all Intune-managed devices with just a few clicks, and streamline remote administration and device management when support situations arise Microsoft Intune partner Key All features are there.

Entdecke Windows 365 Frontline

Entdecken Sie Windows 365 Frontline, die innovative Lösung von Microsoft, die speziell für Schicht- und Teilzeitkräfte entwickelt wurde. Erfahren Sie, wie Cloud-PCs die Arbeitswelt revolutionieren und flexible, sichere und effiziente Arbeitsmöglichkeiten.

Wie Microsoft die Bedürfnisse von Schicht- und Teilzeitkräften mit einer innovativen Lösung adressiert Hallo liebe Leserinnen und Leser! 👋 Habt ihr schon von der neuesten Innovation aus dem Hause Microsoft gehört? Es handelt sich um Windows 365 Frontline, eine bahnbrechende Lösung, die speziell auf die Bedürfnisse von Schicht- und Teilzeitkräften zugeschnitten ist.  In unserer zunehmend…

View On WordPress

O365 Security Overview

Office 365 is a popular cloud-based productivity suite that offers many benefits for businesses of all sizes. These Top 5 Security Settings in O365 should help you get started on your path towards a more secure cloud. However, with great power comes great responsibility. As an O365 administrator, you need to ensure that your organization’s data and users are protected from cyber threats and…

View On WordPress

Microsoft Intune

Microsoft Intune is a cloud-based mobile device management service that helps organizations to manage their mobile devices. It is an essential part of Microsoft’s Enterprise Mobility Suite and it has been designed to support the needs of IT professionals. The service is designed to help IT professionals manage their devices and ensure that they are compliant with corporate policies. It also enables them to monitor devices for compliance, enforce security, and deploy apps remotely. Intune also provides a set of cloud-based services for managing the configuration of these devices. These services include device enrollment, app deployment, profile management, conditional access policies and other tasks. With Intune’s cloud-based services it is possible to support multiple operating systems from a single management console.

Project lead lock down Samsung S7 Tablets using Intune Android Policy at Engitix

So part of the Cyber Essentials plus requirements was we had to lock down the scientist tablets from downloading unauthorised Google Play apps. The only apps that were authorised to be on the Samsung S7 tablets were Microsoft Office Suit (Word, Excel, Powerpoint, OneNote, OneDrive, Teams) and also Arduino Science Journal.

To do this I first created an Azure AD Group called ENG_AND_ALLOW

I then created an Android configuration profile I created profile called ENG_ALLOW_APPS. Once this was done I selected the Office 365 Apps and also Arduino Science Journal. Then I created the configuration profile.

Once this was done we decided to try a test tablet and add the test tablet to the ENG_AND_ALLOW group. Once we set this the configuration policy kicked in. We tried to download other Google Play apps but would not allow us. We tried to download only the office apps and Arduino Science Journal which worked fine.

We targeted 5 tablets a day and if there was an issue we could remove the tablet from the ENG_AND_ALLOW group which removed the policy.

Learn about Microsoft Security Copilot

Microsoft Security Copilot (Security Copilot) is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, while remaining compliant to responsible AI principles. Introducing Microsoft Security Copilot: Learn how the Microsoft Security Copilot works. Learn how Security Copilot combines an…

View On WordPress

Simplifying Your IT Infrastructure with Microsoft Intune : Our Expertise at Your Service!

Microsoft Intune provides a solution to these critical challenges. The cloud-based management solution is designed to help businesses manage their IT infrastructure remotely.Learn to set up, manage, and monitor your IT infrastructure using Intune. Get started with top-notch Intune consulting.

https://blog.trndigital.com/simplifying-your-it-infrastructure-with-microsoft-intune-our-expertise-at-your-service

Application in Intune (for windows)?

How to add application in Intune? In this tutorial we want to learn how we can add Application in Intune (for windows)? To add an app in Microsoft Intune, you can follow these general steps: Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com) using your administrator account. Navigate to “Apps” from the left-hand menu. Click on “Add” to start the process of…

View On WordPress

Microsoft Says 8.5 Million Windows Devices Impacted by CrowdStrike Incident, Publishes Recovery Tool

Source: https://www.securityweek.com/microsoft-says-8-5-million-windows-devices-impacted-by-crowdstrike-incident-publishes-recovery-tool/

More info: https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959

Microsoft Enterprise Partner

Do you want to grow your company to the next level? Our Microsoft Enterprise Partner program is the only place to look.We can provide you premium products and services to optimize your business operations because we are a certified Microsoft Enterprise Partner. We offer a wide range of services, including enterprise software and cloud solutions, and we have the know-how and resources to guarantee that your company is in capable hands. Join forces with a reputable Microsoft Enterprise Partner right now to take your company to new heights.

Entra ID Lateral Movement And Expanding Permission Usage

Abusing Intimate Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments: (In)tune to Takeovers

Recently, a client received assistance from the Mandiant Red Team in visualizing the potential consequences of an advanced threat actor breach. In order to compromise the tenant’s installed Entra ID service principals, Mandiant migrated laterally from the customer’s on-premises environment to their Microsoft Entra ID tenant during the evaluation.

Using a popular security architecture that involves Intune-managed Privileged Access Workstations (PAWs), we will discuss in this blog post a new method by which adversaries can move laterally and elevate privileges within Microsoft Entra ID by abusing Intune permissions (DeviceManagementConfiguration.ReadWrite.All) granted to Entra ID service principals. We also offer suggestions and corrective actions to stop and identify this kind of attack.

A pretext

The client had a well-developed security architecture that adhered to the Enterprise Access model suggested by Microsoft, which included:

An Active Directory-based on-premises setting that adheres to the Tiered Model.

A Microsoft Entra Connect Sync-synchronized Entra ID environment that synchronizes on-premises identities and groups with Entra ID. PAWs, which were completely cloud-native and controlled by Intune Mobile Device Management (MDM), were used to administrate this environment. They were not connected to the on-premises Active Directory system. To access these systems, IT managers used a specific, cloud-native (non-synced) administrative account. These cloud-native administrative accounts were the only ones allocated Entra ID roles (Global Administrator, Privileged Role Administrator, etc.).

A robust security barrier was created by separating administrative accounts, devices, and privileges between the Entra ID environment and the on-premises environment:

Because Entra ID privileged roles are associated with unique, cloud-native identities, a compromise of the on-premises Active Directory cannot be utilized to compromise the Entra ID environment. This is an excellent practice for Microsoft.

An “air gap” between the administration planes of the two environments is successfully created by using distinct physical workstations for administrative access to cloud and on-premises resources. Attackers find it very challenging to get through air gaps.

Strong Conditional Access regulations imposed by Privileged Identity Management assigned roles to the administrative accounts in Entra ID, necessitating multi-factor authentication and a managed, compliant device. Additionally, Microsoft recommends these best practices.

Attack Path

One of the objectives of the evaluation was to assign the Mandiant Red Team the task of obtaining Global Administrator access to the Entra ID tenant. Mandiant was able to add credentials to Entra ID service principals (microsoft.directory/servicePrincipals/credentials/update) by using a variety of methods that are outside the purview of this blog post. This gave the Red Team the ability to compromise any preloaded service principal.

There are a number well-known methods for abusing service principal rights to get higher permissions, most notably through the usage of RoleManagement.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All rights for Microsoft Graph.

However, the Mandiant Red Team had to reconsider their approach because none of these rights were being used in the customer’s environment.

Mandiant found a service principle that was given the DeviceManagementConfiguration after using the superb ROADTools framework to learn more about the customer’s Entra ID system.Go ahead and write.Permission is granted.Image credit to Google Cloud

The service principal is able to “read and write Microsoft Intune device configuration and policies” with this authorization.

Clients running Windows 10 and later can execute the unique PowerShell scripts used by Intune for device management. Administrators have an alternative to configuring devices with settings not accessible through the configuration policies or the apps section of Intune by using the ability to run scripts on local devices. When the device boots up, management scripts with administrator rights (NT AUTHORITY\SYSTEM) are run.

The configuration of Device Management.Go ahead and write.To list, read, create, and update management scripts via the Microsoft Graph API, all permissions are required.

The Microsoft Graph API makes it simple to write or edit the management script. An example HTTP request to alter an existing script is displayed in the accompanying figure.PATCH https://graph.microsoft.com/beta/deviceManagement/ deviceManagementScripts/<script id> { "@odata.type": "#microsoft.graph.deviceManagementScript", "displayName": "<display name>", "description": "<description>", "scriptContent": "<PowerShell script in base64 encoding>", "runAsAccount": "system", "enforceSignatureCheck": false, "fileName": "<filename>", "roleScopeTagIds": [ "<existing role scope tags>" ], "runAs32Bit": false }

The caller can provide a display name, file name, and description in addition to the Base64-encoded value of the PowerShell script content using the Graph API. Depending on which principle the script should be run as, the runAsAccount parameter can be set to either user or system. RoleScopeTagIds references Intune’s Scope Tags, which associate people and devices. The DeviceManagementConfiguration can likewise be used to construct and manage them.Go ahead and write. Permission is granted.

The configuration of Device Management.Go ahead and write.By changing an existing device management script to run a PowerShell script under Mandiant’s control, Mandiant was able to go laterally to the PAWs used for Entra ID administration with full authorization. The malicious script is run by the Intune management script when the device reboots as part of the user’s regular workday.

By implanting a command-and-control device, Mandiant could give the PAWs any instructions. The Red Team obtained privileged access to Entra ID by waiting for the victim to activate their privileged role through Azure Privileged Identity Management and then impersonating the privileged account (for example, by stealing cookies or tokens). By taking these actions, Mandiant was able to fulfill the assessment’s goal and gain Global Administrator rights in Entra ID.

Remediation and Recommendations

To avoid the attack scenario, Mandiant suggests the following hardening measures:

Review your organization’s security principals for the DeviceManagementConfiguration.ReadWrite.All permission:  DeviceManagementConfiguration should be handled by organizations that use Microsoft Intune for device management.Go ahead and write.Since it grants the trustee authority over the Intune-managed devices and, consequently, any identities connected to the devices, all permissions are considered sensitive.

Mandiant advises businesses to routinely check the authorizations given to Azure service principals, with a focus on the DeviceManagementConfiguration.Along with other sensitive permissions (like RoleManagement), there is the ReadWrite.All permission.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All.

Businesses that manage PAWs with Intune should exercise extra caution when assigning Intune privileges (either via DeviceManagementConfiguration).Use Entra roles like Intune Role Administrator or ReadWrite.All.

Enable Intune’s multiple admin approval: Intune allows you to use Access Policies to demand a second administrator’s approval before applying any changes. By doing this, an attacker would be unable to use a single compromised account to create or alter management scripts.

Think about turning on activity logs for the Microsoft Graph API: Graph API Activity logs, which provide comprehensive details about Graph API HTTP requests made to Microsoft Graph resources, can be enabled to aid in detection and response efforts.

Make use of the features that Workload ID Premium licenses offer: With a Workload-ID Premium license, Mandiant suggests using these features to:

Limit the use of privileged service principals to known, reliable places only. By guaranteeing that only trustworthy places are used, this reduces the possibility of unwanted access and improves security.

Enable risk detections in Microsoft Identity Protection to improve service principal security. When risk factors or questionable activity are found, this can proactively prohibit access.

Keep an eye on service principal sign-ins proactively: Monitoring service principal sign-ins proactively can aid in identifying irregularities and possible dangers. Incorporate this information into security procedures to set off notifications and facilitate quick action in the event of unwanted access attempts.

Mandiant has a thorough grasp of the various ways attackers may compromise their target’s cloud estate with some hostile emulation engagements, Red Team Assessments, and Purple Team Assessments.

Read more on Govindhtech.com

7 月 30 日 10:14 EDT 更新 : Microsoft は、この障害が Microsoft 365 管理センター、Intune、Entra、Power BI、および Power Platform サービスに影響を与えたことを確認しました。 ま��、SharePoint Online、OneDrive for Business、Microsoft Teams、Exchange Onlineは影響を受けないとも付け加えた。 「影響を受ける Microsoft 365 サービスにアクセスできるユーザーは、遅延や機能パフォーマンスの低下が発生する可能性があります」と Microsoft はサービスの正常性ステータスのページで説明しています。 「私たちは調査を支援するために、ネットワーク インフラストラクチャのセクション内のトラフィック パターンを分析しています。さらに、被害を軽減するために潜在的なフェイルオーバーを含む緩和オプションを検討しています。」 更新 7 月 30 日 11:15 EDT : Microsoft は、ネットワーク構成の変更後、サービスの可用性が向上していると述べています。 「ネットワーク構成の変更を実施し、一部の Microsoft 365 サービスは代替ネットワーク パスへのフェールオーバーを実行して、問題を軽減しました」と同社は 述べています 。 「テレメトリーの監視により、サービスの可用性が向上していることが示されており、完全な回復を確実にするために監視を続けています。」 更新 7 月 30 日 14:14 EDT : Microsoft は 、障害は「予期せぬ使用量の急増」によって引き起こされたと発表しており 、「その結果、Azure Front Door (AFD) および Azure Content Delivery Network (CDN) コンポーネントのパフォーマンスが許容可能なしきい値を下回り、断続的なエラーが発生しました」 、タイムアウト、レイテンシーのスパイク。」 「当社はこれらの副作用を最小限に抑えるために軽減策を更新し、安全な導入慣行に従ってこれらを適用しています。アジア太平洋地域から始めて段階的に拡大していきます。」と同社は付け加えた。 更新 7 月 30 日 16:54 EDT : Microsoft は、「大多数の顧客とサービスは完全に軽減されている」と述べ、同社のエンジニアは「復旧を検証する最終段階にある」と述べています。

Microsoft 365 と Azure の停止により複数のサービスが停止

Microsoft Intune

Microsoft Intune is one of the most popular and widely used mobile device management (MDM) and endpoint security solutions. It allows users to manage their devices, apps, and data remotely. Microsoft Intune helps organizations to manage their devices in a secure manner by providing them with the tools for remote access, device management, and encryption. It also allows organizations to securely deploy apps on endpoints with ease. It is a cloud-based MDM solution that helps organizations establish a unified endpoint management platform for their employees’ devices. It provides an easy way for IT professionals to deploy company-owned apps on endpoints with no hassle or difficulty. Microsoft Intune provides remote device management for Windows 10 PCs, Macs, iOS devices and Android tablets. The service also offers remote wipe capabilities for lost or stolen devices.