Your sign-in was blocked 1 | Cloud Engineer - Everton Collins https://evertoncollins.com Work by Everton Collins Wed, 27 May 2020 18:09:24 +0000 en-US hourly 1 https://evertoncollins.com/wp-content/uploads/2015/06/logo1-150x150.png Your sign-in was blocked 1 | Cloud Engineer - Everton Collins https://evertoncollins.com 32 32 Azure Identity Protection – Enterprise Mobility + Security https://evertoncollins.com/azure-identity-protection-enterprise-mobility-security/ Thu, 14 Dec 2017 01:44:48 +0000 https://www.evertoncollins.com/?p=996 Azure Identity Protection Azure Identity Protection is a feature of Microsoft Enterprise Mobility + Security and is a premium feature in EMS E5.  We conducted a test to see if a user would be blocked while trying to log in from 2 separate locations. We went to https://portal.azure.com/ and logged in with credentials normally from our […]

The post Azure Identity Protection – Enterprise Mobility + Security first appeared on Cloud Engineer - Everton Collins.

]]> Azure Identity Protection

Azure Identity Protection is a feature of Microsoft Enterprise Mobility + Security and is a premium feature in EMS E5.  We conducted a test to see if a user would be blocked while trying to log in from 2 separate locations.

We went to https://portal.azure.com/ and logged in with credentials normally from our home office server.  I then created a 2012 Server virtual machine setting up and configuring Active Directory and azure AD Connect.

Using the Tor browser I went to portal.azure.com to login with the same user a 2nd time.

Our Results

Your sign-in was blocked

We’ve detected something unusual about this sign-in.

For example, you might be signing in from a new location, device, or app.
Before you can continue, we need to verify your identity.  Please contact your admin.
After viewing more details we get a better picture of what scenario is; at this point to see that the user has tried to sign in a second time from an unknown location and has been blocked.
Azure identity Protection
We can see from the message the sign-in was blocked.
Your sign-in was blocked
We’ve detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app.
Before you can continue, we need to verify your identity. Please contact your admin.
 
The following information might be useful to your administrator:
  • App name: Azure Portal
  • App id: c44b4083-3bb0-49c1-b47d-974e53cbdf3c
  • IP address: 62.210.129.246
  • Device identifier: not available
  • Device platform: Windows 7
  • Device state: Unregistered
  • Signed in as rick.admin@nottstruckingltd.onmicrosoft.com
  • Correlation ID: 46d66b10-4f50-4e10-a5fb-15a11f06135a
  • Timestamp: 2017-09-18 20:29:55Z
Sign out and sign in with a different account
We will now create a sign-in risk policy.  Login to portal.azure.com -> Azure AD Identity Protection ->Sign-in risk policy
risky-sign-in-policy

Risky sign-ins

Azure Active Directory detects risk event types in real-time and offline.

Each risk event that has been detected for a sign-in of a user contributes to a logical concept called risky sign-in.

A risky sign-in is an indicator of a sign-in attempt that might not have been performed by the legitimate owner of a user account.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection#what-is-a-user-risk-level

The post Azure Identity Protection – Enterprise Mobility + Security first appeared on Cloud Engineer - Everton Collins.

]]>