0

Microsoft Defender for Office 365 Blog Compiled links

Microsoft Defender for Office 365 Blog Compiled links

Below are a series of links to the main Microsoft Defender for Office 365 blog.  Shortcuts added here as this is one of my shared bookmarks.

Note that some links have KQL queries and IOCs related to that specific attack.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

12-July-2022

 

 

Evolved phishing: Device registration trick adds to phis

Read the rest “Microsoft Defender for Office 365 Blog Compiled links”
0

Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange

Teams IP Addresses Connecting to Exchange On-Premises

Planning to deploy Office 365 and integrate with your on-premises Exchange infrastructure?  Great!  While running the Exchange Hybrid Configuration Wizard (HCW) will be one of the highlights it should be a boring and uneventful portion of the project.  That will be true if all of the required planning, remediation and preparation was done.  If not you’ll be finding out about those issues pretty so… Read the rest “Microsoft Teams Source IP Address Used Connecting to On-Premises Exchange”

0

Review Azure AD Connect Synchronisation Scope

Review Azure AD Connect Synchronisation Scope

As part of your regular security and operations review, it is important to check and verify the configuration of Azure AD Connect.  Ensuring the OS and Azure AD Connect are up to date is one aspect.  In this post we want to look at the scope of objects which connect is synchronising.  This is valuable for a few reasons. For example:

  • Many folks have installed Azure AD Connect did configured any filt
Read the rest “Review Azure AD Connect Synchronisation Scope”
10

Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys

The error message "Sorry, that didn’t work. Please go back to office.com and try again” is probably one of the most vague that I've seen.  It's up there with "please contact your administrator", which is fine unless you are the administrator...

The below is a repro of a case where all users were unable to sign into Office 365.  They would receive the aforementioned "Sorry, that didn't work" message… Read the rest “Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys”

0

Does Manually Running Azure AD Connect Change Schedule?

Despite the current versions of Azure AD Connect running the main synchronisation task every 30 minutes, there are still times when we want to force the task.  As a result of this, a question was floated if that changed the existing schedule.  If the next scheduled instance is in 10 minutes, and we run a manual task right now does that mean that another task will execute in 10 minutes?

TL;DR

In shor… Read the rest “Does Manually Running Azure AD Connect Change Schedule?”

9

AD FS Web Application Proxy Re-Establish Proxy Trust

WAP Re-Establish Trust

In the Tailspintoys environment the AD FS Proxy was offline for month.  It was unable to contact the AD FS server on the internal network, and this allowed the short lived authentication certificate to expire.  At this point the AD FS Proxy was "dead to me" as far as the AD FS server was concerned.  The internal AD FS server was OK, the issue was just with the proxy.

Bummer....

How do we fix this?  … Read the rest “AD FS Web Application Proxy Re-Establish Proxy Trust”

0

New And Advanced Azure AD Connect Topics

Azure AD Connect Password Hash Sync

There have been some recent feature additions to Azure AD Connect.  If we look at the Azure AD Connection Version History  after a brief hiatus, there are newer versions as of March 2021.  At the time of witing, the latest version is 1.6.4.0 and was released on the 31st May 2021.

There are multiple new features and changes in this build.

  • Updated ADSyncTools PowerShell module
  • Defaults to V2 synchronisati
Read the rest “New And Advanced Azure AD Connect Topics”
0

Exchange Online App-Only Authentication Error AADSTS70011 Invalid Scope

As more people are starting to use the Exchange Online V2 module (yay!), there are some new and different issues appearing.

In this case, the command to connect to the tenant was failing when App-Only authentication was used.  A certificate was installed onto the machine where PowerShell was running.

The command used is shown followed by a glorious error.

 

Exchange Online App-Only Authentication Error AADSTS70011 Invalid Scope

Error Acquiring Token:
System.Exception:… Read the rest “Exchange Online App-Only Authentication Error AADSTS70011 Invalid Scope”

7

TenantOrganizationConfig Required When Preparing Active Directory

When running /PrepareSchema in an Exchange organisation with an existing Exchange Hybrid deployment you may run into an error which states:

"A hybrid deployment with Office 365 has been detected. Please ensure that you are running setup with the /TenantOrganizationConfig switch"

This is shown below:

Error - A hybrid deployment with Office 365 has been detected. Please ensure that you are running setup with the /TenantOrganizationConfig switch

A similar issue will occur if you specify only /PrepareAD

Same Issue - Error - A hybrid deployment with Office 365 has been detected. Please ensure that you are running setup with the /TenantOrganizationConfig switch

Note that the /TenantOrganizationConfig switc… Read the rest “TenantOrganizationConfig Required When Preparing Active Directory”

3

Unable To Install PowerShell Modules – Unable To Download From URI Error

When you try to install a PowerShell module or connect to the PowerShell Repository you may get the below error messages:

WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.

PowerShell Error - Unable to download from URI

For make most glorious benefit engine of search:

PackageManagement\Install-PackagRead the rest “Unable To Install PowerShell Modules – Unable To Download From URI Error”