ADFS – export RP and its claims

If you choose not to use the AD FS Rapid Restore Tool, then at a minimum, you should export the “Microsoft Office 365 Identity Platform” relying party trust and any associated custom claim rules you may have added. You can do this via the following PowerShell example (Get-AdfsRelyingPartyTrust -Name “Microsoft Office 365 Identity Platform”) |Continue reading “ADFS – export RP and its claims”

AADConnect – migrating from ADFS to password hash synchronization

Implement password hash synchronization: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization   Migrating from federated authentication (ADFS) to password hash synchronization: https://github.com/Identity-Deployment-Guides/Identity-Deployment-Guides/blob/master/Authentication/Migrating%20from%20Federated%20Authentication%20to%20Password%20Hash%20Synchronization.docx  

Azure AD connect documenter

AAD Connect configuration documenter is a tool to generate documentation of an Azure AD Connect installation. Currently, the documentation is only limited to the Azure AD Connect sync configuration. The current capabilities of the tool include: Documentation of the complete configuration of Azure AD Connect sync. Documentation of any changes in the configuration of twoContinue reading “Azure AD connect documenter”

Security – PowerShell attack methods

More and more C# usage and tools collection (http://www.harmj0y.net/blog/redteaming/ghostpack/) Some related links : https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb http://www.harmj0y.net/blog/redteaming/ghostpack/ https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike/ https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/ https://zeltser.com/fileless-malware-beyond-buzzword/ https://docs.microsoft.com/en-us/dotnet/api/microsoft.csharp.csharpcodeprovider?view=netframework-4.7.2    

Office 365 – monitoring SPO and Onedrive slowness

Monitoring SPO (and Onedrive!) performance and slowness: https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online https://docs.microsoft.com/en-us/office365/enterprise/diagnosing-performance-issues-with-sharepoint-online?redirectSourcePath=%252fen-us%252farticle%252f3c364f9e-b9f6-4da4-a792-c8e8c8cd2e86 The F12 tool bar network monitor or using third-party tool like fiddler or equivalent SharePoint Online response header metrics (SPRequestDuration and X-SharePointHealthScore)      SharePoint response header information Ensure that you have the F12 tools installed. For more information on downloading and installing these tools, see What’sContinue reading “Office 365 – monitoring SPO and Onedrive slowness”

Office 365 / Azure AD Join, device registration (byod; devices…)

Introduction to device management in Azure Active Directory: https://docs.microsoft.com/fr-fr/azure/active-directory/devices/overview https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#getting-devices-under-the-control-of-azure-ad As a rule of a thumb, you should use: Azure AD registered devices: For personal devices To manually register devices with Azure AD Azure AD joined devices: For devices that are owned by your organization For devices that are not joined to an on-premises ADContinue reading “Office 365 / Azure AD Join, device registration (byod; devices…)”