Showing posts with label MFA. Show all posts
Showing posts with label MFA. Show all posts

Tuesday, 19 November 2024

Playwright Series - Post 4 - 6 Min walkthru of Playwright testing with Azure Monitor

Overview: Install VS Code and Playwright Extensions, create tests, set MFA for Canvas Apps/Power Apps, loop through Power App applications and check the home page is loading, write logs to Azure App Insights and show via the Azure Dashboard.


6 min - annotated Playwright setup and use video


========================

Playwright Series

Posted by Paul Beck at 22:06 0 comments
Labels: , , , , ,

Friday, 8 November 2024

Playwright series - Post 2 - Refactored TS code for Consciously verify Apps in Production

Overview: Create a function with Playwright tests that loops through all my production apps, logs in, and validates the Page title load on each app's home page.

Steps:

1. Create the spec.ts code that reads app.json to loop thru and validate sites

2. Record and Store the session state for all future test runs (Used for MFA in the tests runs)

3. Create an apps.json file containing URLs to open and validate


4. After running the test, you'll see that the 3 tests were completed successfully. In my case, there were 2 Power Apps with MFA enabled and an anonymous public website that had been checked.

Optional
Create short cuts to run your tests using PowerShell
PS C:\repos\PW> npx playwright test -g "Prod-CanvasApps" --project=chromium --headed

Next Steps:

Run continuously using the Azure Playwright Service.

=========================

Playwright Series

Playwright Post 1 - Overview of E2E testing using Playwright

Playwright Post 2 - Continuously Test/Monitor Canvas apps and website with MFA enabled (this post)

Playwright Post 3 - Add App Insights logging inside your Playwright tests 

Playwright Post 4 - 6 Min walkthru of Playwright testing with Azure Monitor


Posted by Paul Beck at 12:34 0 comments
Labels: , , , , ,

Thursday, 27 July 2023

Use Postman to get your MFA Bearer token

Short recording to show how to get my Bearer token using my Microsoft AAP account.

Get MFA bearer token using postman

I used this post to help me: Authorizing requests overview | Postman Learning Center

Posted by Paul Beck at 20:59 0 comments
Labels: , , ,

Thursday, 9 January 2020

Microsoft Azure MFA Notes (Az-300)

Study Notes on Multi Factor Authentication:
  • AAD MFA: for 2nd factor done via Text, MS Authenticator, Phone Call 
  • Azure MFA Server - For AD on-prem. MFA.  Most advanced set op options for integrating on-prem. infrastructure with MFA cloud service.  Download and install on a Windows server.  Don't need to AD Connect sync accounts to Azure AD (AAD).


  • Azure MFA Server needs to use the Azure MFA Service to send SMS and Text authentication and MS Authenticator.
  • The Azure MFA Server downloan includes a GDPR.exe utility for generation GDPR reports for a user.
  • MFA billing is per User and is included in AD premium licences
  • Conditional Access - so don't need for every user but when advanced roles can enforce MFA
  • Azure SDK is only a Web Service since 2018
  • ADFS has 2 MFA approaches/options: Azure MFA Server - no need to replicate users to AAD or ADFS 3 (Win 2016) upwards can use cloud based (no Azure MFA Server required).
  • Password Stuffing - Hacker uses compromised password on different sites as people tend to reuse.
  • Know e.g. password, or something you have e.g. RSA token, something you are e.g. fingerprint.  MFA must use 2 or more of these types.  Out-of-band device e.g. you phone using MS Authenticator.
  • As a general rule with the 2nd factor Auth on Azure, if you want to add a pin to the auth, you can't use the cloud service but need to be using Azure MFA Server.
  • OATH tokens for RSA or other outside token MFA (also for offline on phone via MSAuthenticator) but it requires Azure MFA Server to implement.  Azure portal also has basic OATH integration for 3rd party vendors.
Posted by Paul Beck at 07:19 0 comments
Labels: ,

Wednesday, 27 February 2019

MCAS overview MSIgnite London

Work in progress from MSIgniteTour London
Microsoft Cloud app security brokers (CASB) helps manage Shadow IT, detect high-risk OAuth apps, and control high-risk user sessions in real-time for your Office 365 environment.

Covers:
  1. Azure AD (AAD)
  2. Threat protection
  3. Information protection 
  4. SaaS e.g. box, SPO, ODfB
Shadow IT discovery:
Log collector uses proxy or proxy logs.  Find apps people are using.  
Can write back to block app usage at the proxy.  See people using dodgy saas apps. Supports script generation for most devices.

OAuth e.g. G-suite, attackers faking to get access to user info.  MCAS has risk score for apps used. Show all usage, correct users access.

O365 apps:
Check all apps against score:

MCAS protects for:
  • Malicious employees
  • Malware & ransomware
  • Rogue applications
  • Compromised accounts


Investigate:
Helps investigate abnormal behaviour.  Alert and highlight concerns.  Gain insight into user activity.
Can take action such as lock account, or req re-login.

File security:
Prevent sensitive info in the cloud, uses MIP Framework that uses AIP. Show public internet available info, only show SaaS services business control.  Can also force governance on 3rd party SaaS such as box

Block download of data:
Conditional access, so user using an unmanaged device, route user thru MCAS.  Can calc risk and decide on how they access e.g., an unmanaged device could for MFA.  Lots of controls, boilerplate web access, block, MFA, ...
Posted by Paul Beck at 14:17 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)