Archive

Posts Tagged ‘B2C’

Azure B2C: Flexibility is the key

November 27, 2018 Leave a comment

I have been working in some challenging’s Identity projects for the past 2 years and I have been amazed by the great flexibility that Azure B2C offers.

This week I am in Prague delivering an Azure Bootcamp for our 
internal Microsoft team and speaking on Identity and Security and Azure B2C is one of the major points of my sessions.

In August this year I’ve completed a project that enabled a major financial institution to offer an secure and easy way for their partners/customers to sign in to access their application.

Azure Active Directory B2C is a reliable, globally-distributed service with an SLA of 99.9%, capable of supporting millions of users and billions of authentications per day, allowing users to sign in with Microsoft Accounts, Azure AD, Facebook, Google+, LinkedIn and many others, or your own Identity provider, 

Customers profiles are protected through various security controls in addition to application or policy-based multi-factor authentication.

You can learn more on how to manage sign-up, sign-in, and customer profiles in your ASP.NET, desktop, or single-page Node.js applications at https://docs.microsoft.com/en-us/azure/active-directory-b2c/#step-by-step-tutorials 

Advertisements
Categories: Cloud, Microsoft Tags: ,

Tips to help you take appropriate action to catch illegal activity

April 26, 2018 1 comment

Below are some tips to help you take appropriate action to catch illegal activity:

Azure AD reporting API

Use the Azure Active Directory Reporting API’s, which provide programmatic access to the data through a set of REST-based APIs and the data of these reports is very useful to your applications, such as SIEM systems, audit, and business intelligence tools.

Azure AD reporting API can be used to extract data from Azure AD and Azure B2C

Note: You can call these APIs from a variety of programming languages and tools.

For more information on how to use and samples see:

Enable Audit Recording for O365

sccauditlogsearch

Source: https://blogs.technet.microsoft.com/office365security/finding-illicit-activity-the-old-fashioned-way/

Even the best automated detection systems will fight to catch all illegal activity and they need your help to detect anomalies.

Some audit logging is automatically enabled for you in Office 365; however, mailbox audit logging is not turned on by default

So, if you are a serious about security, Office 365 offers a wide variety of security related reports and data that you can review to manually find illegal activities:

It only takes a few minutes to configure and it will dramatically improve your security posture: To turn it on, just click Start recording user and admin activity on the Audit log search page in the Security & Compliance Center.

Note: If you don’t see this link, auditing has already been turned on for your organization. You only have to do this once.

After you turn it on, a message is displayed that says the audit log is being prepared and that you can run a search in a couple of hours after the preparation is complete.

For more information, follow the instructions here: https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US.

After you’ve enabled audit logging you can Search the audit log in the Office 365 Security & Compliance Center to find out who has logged into your user mailboxes, sent messages, and other activities performed by the mailbox owner, a delegated user, or an administrator.

You can Download all results as raw data from the Office 365 audit log to a CSV file.

The table below describe the activities that are audited in Office 365. You can search for these events by searching the audit log in the Security & Compliance Center. Click one of the following links to go to a specific table.

File and page activities Folder activities Sharing and access request activities
Synchronization activities Site administration activities Exchange mailbox activities
Sway activities User administration activities Azure AD group administration activities
Application administration activities Role administration activities Directory administration activities
eDiscovery activities Power BI activities Microsoft Teams activities
Yammer activities Exchange admin activities

 

 

 

 

 

Categories: Cloud Tags: , , , , , ,