One of the first things I did in 2021 was to log into Azure portal and check my Active Directory. You can imagine how much of a shock it would have been to me to see the screenshot below. Apparently I have been a target for a number of attacks from Pakistan, Indonesia and Vietnam. It is not surprising that these kind of attacks happened in fact it’s pretty much run of the mill for any email ID that must have been published on the Internet. These attacks are part of at strategy called brute force attacks. In a brute force attack random passwords are tried against a known user ID or email ID in order to try and get the combination correct. Luckily as you can see from my screenshot this attempt failed primarily because I use a random password of sufficient length. However with modern computing power it is possible for a committed attack to succeed. In this post I show how to secure your Azure AD using just the free stuff.
You will notice that these attacks can originate from anywhere in the world and one of the best ways to prevent access is to enable something called conditional access. However conditional access is a feature that is only available in the premium version of Azure Active Directory. Licensing cost is billed on a per user basis and therefore it is not really practical for me to implement it. In this case I’m going to resolve to use the free features available Azure Active Directory.
STEP 1:- Identify and block unknown devices
Navigate to the Devices link on the left hand side of the Azure Active Directory Menu and click devices as shown below:-
Identify the device you suspect from the list of devices shown on the screen
Click the device and Disable or Delete as needed.
This will make sure that only trusted devices are being used and is also helpful to block devices you think have been compromised or stolen etc.
Step 2 Enabled manage Security defaults
Azure security defaults are a set of basic policies implemented by azure on your behalf. This ensure that your email accounts etc. use updated and secure protocols when connecting to exchange server. I found in my case this was disabled by default and I guess that has to do with the fact that my AD was configured before this feature was introduced. In order to enabled the feature you need to navigate to Properties in the Azure AD settings on the left hand side. As shown below
On the above screen navigate to the bottom of the page to click on Manage Security defaults. This will result in the blade opening on the right hand side of the windows
Simple click Yes and Save at the bottom on the page.
Step 3 Enabled Multi Factor Authentication for all users and have the connect using the Azure Authenticator App.
Multi factor authentication is the method by which the user is authenticated multiple times on different devices in order to access the account. One device will the machine on which they are login in and the other will be via the Microsoft Authenticator App on the mobile. This step requires a phone number against which an SMS code can be sent to verify the device. Its similar to the OTP process your Bank might use except it doesn’t use an OTP each time.
To enabled MFA for all employees simply navigate to the Users link on the left hand side menu of your Azure AD page.
Once you have clicked the above link navigate to the Multifactor Authentication link on the top of the users page.
Select the user you would like to enabled this feature for
Click enable on the screen to the right as shown below
You can reset the user’s access at regular intervals by selecting Enforce and selecting the options under Manage User Settings as shown below:-
Step 4 Change your passwords regularly and use strong Passwords
In addition to probably more important than the above steps is the important point of making it a habit to change your passwords regularly using a nonstandard long phrase if possible. The above should provide you sufficient protection from the causal attacker looking to compromise your accounts. Additional common sense steps include scanning the system regularly for viruses. Never logging in from an unknown device or network, never clicking links in emails or otherwise etc.
As we start 2021 I would like to wish you a very Happy New Year and hope with the above steps you will stay safe from one additional virus as well.