Latest News & Articles
- All
- Azure
- Microsoft 365
- Security
- All
- Azure
- Microsoft 365
- Security
SOAR: Block Log Analytics IP Entities on Azure Frontdoor / WAF #3
How it works Previously, I’ve blogged about two variants that we used at Prof-IT Services to block malicious IP addresses on Azure Frontdoor that were going over a certain threshold. We’ve now created a more simplified version, that only uses a C# function app, managed identity, and log analytics workspace. ...
Read More →
The G-Door: Microsoft 365 & the risk of unmanaged Google Doc accounts
It’s time to secure Google Workspace—even if you’re not using it. Read about our recent discovered vulnerability, called 'G-Door', which allows users to bypass Microsoft 365 conditional access rules.
Read More →
Automating Azure SQL Maintenance with Azure Automation
Keeping Your Azure SQL Databases Healthy: The Power of Automation In the realm of database management, maintaining optimal performance and storage efficiency for your Azure SQL Elastic pool and databases is critical. SQL databases are the backbone of countless business applications, supporting everything from transaction processing to analytics. However, as ...
Read More →
Malware Analysis – Shortcuts in zip file
Recently, we encountered two distinct variants of a payload delivered through Google Drive, both containing a malicious shortcut. While these threats were successfully mitigated, it’s crucial to understand their mechanisms and implement protective measures. In this blog, we’ll dissect these threats and explore strategies for defending against them. Threat Analysis ...
Read More →
Identifying Duplicate Files Across All SharePoint Sites Using PowerShell
Managing a SharePoint environment can be a complex task, especially when it comes to ensuring that your storage is being used efficiently. Duplicate files across various sites and document libraries can quickly consume valuable space, slow down search results, and create confusion among users. Fortunately, with the power of PowerShell ...
Read More →
Session Token Theft in Microsoft 365
Session hijacking occurs when an attacker steals a valid session token—essentially, the key to a user’s active login session. In the case of Microsoft Teams, once a user logs in, their session token remains active and allows them to continue their work without repeatedly entering their password. While convenient, this ...
Read More →
IT-Boost TOTP Secret Exposure
IT-Boost’s TOTP secrets were exposed due to browser-based OTP calculations, allowing extraction and potential security risks. ConnectWise released a fix using a secure TOTP API. Users should cycle secrets to prevent breaches. Read more in this blog about the vulnerability, risks, and best practices for secure TOTP implementation.
Read More →
Balance Device Wave Groups for granular Intune deployments
We've developed a C# Function App designed to balance devices from a main group into various Wave groups. This app can run on a recurring schedule, rebalancing devices as needed when there are changes in the number of devices due to growth or shrinkage.
Read More →
Platform Upgrade: Microsoft 365 agentless CSS phishing protection
Exciting news! 🎉 We’ve recently created this advanced CSS phishing protection, and we’re making it available for everyone, for free! Threat Actors (TAs) frequently target finance or accounting personnel, and once they gain access, they often send altered invoices to existing customers with fraudulent account details. Depending on the business, ...
Read More →
Exchange Online External Forwarding Risk – quarantine bypass
I’ve recently encountered an issue where malicious email was imported into the Zendesk platform, while it was successfully quarantined by Microsoft 365. In this post, I go over the options to mitigate this threat. The problem lies in the fact that forwarding takes place prior to the email being processed ...
Read More →
Microsoft Sentinel: Malicious Inbox Rule V2
This improved Sentinel Analytics Rule can be used to detect malicious Inbox Rules used by threat actors to hide invoice fraud activity. I've used the Inbox rule currently available as a template within Sentinel, and modified it to alert on Outlook rules I encountered in the wild.
Read More →
M365 Account Compromise Checklist
A checklist to follow for Microsoft 365 accounts that are compromised
Read More →
Microsoft 365 Security / Necessities / Checklist
Microsoft 365 is often considered safe, as it's always up to date and maintained by Microsoft. Unfortunately, this is not true! Well, at least some parts aren't. There are quite some options and products/features that should be configured to limit risk and exposure. In this post, I’m outlining the most important ...
Read More →
Get Entra ID User Group Membership with PowerShell on endpoints
Use this PowerShell script and Azure logic app to get the Entra ID Group membership of a user in a safe and secure way. I’ve created this solution to be able to execute certain code based on the user’s group membership. Back in the day it would be easy to ...
Read More →
Streamlining Intune: Automate Changing Device Names to include Primary user UPN
Follow the steps in this blog to seamlessly rename your Intune devices, appending the primary assigned user’s UPN along with a random suffix. I’ve created this Logic App that renames the devices as the Intune options are limited to the serial number and random generated values. Both are not easy ...
Read More →
Azure App Service Pmv3 deployment & migration
Microsoft has released a new Azure Mv3 series App Service Plan, which has double the amount of ram. In this blog I explain how to deploy and migrate your existing web apps. The M series are hosted on different servers, you won’t be able to upgrade or scale to this ...
Read More →
Azure Storage Account File Shares – Lessons learned
Azure File Shares do not behave the same as a SMB share hosted on a Windows Server and there are challenges when you connect from non-domain joined computers. In this blog I’ll go over the lessons I learned implementing them. Feel free to shoot me a message on LinkedIn if ...
Read More →
Synchronize SharePoint libraries on endpoints by leveraging PS, Logic Apps and Entra ID Group memberships!
Use this PowerShell script and Azure logic app to sync library’s based on Azure AD Group assignments. Ever had to Sync 100 folders to 10 or more different security groups, and didn’t want to create configuration profiles for each group? Or had to wait up to 8 hours before Intune ...
Read More →
SOAR: Block Log Analytics IP Entities on Azure Frontdoor / WAF #2
Use this function and logic app, to block abusive IP addresses using a custom rule, that hit a certain block limit on Azure WAF / Frontdoor. Leveraging Log Analytics Alerts. This greatly improves security for your origins, as threat actors won’t be able to scan indefinitely (or until rate limit ...
Read More →
Automate Azure SQL Backup with Private Links leveraging PowerShell and Automation Accounts
Azure SQL Services work great, have high availability options, built-in backup functionality, but what if someone breaks into your Azure Tenants and deletes everything!? There are (expensive) SQL backup solutions that use various CPU-intensive techniques to backup databases, but there are Azure native techniques as well by using Az.SQL. The ...
Read More →
SOAR: Block Sentinel IP Entities on Azure Frontdoor / WAF
Please read blog 2 instead, using Log Analytics is more cost effective and doesn’t have a 10 entity limit. https://potsolutions.nl/2023/05/20/block-sentinel-log-analytics-entities-on-azure-waf-2/ Update 2025.02.22 – Just released blog 3: SOAR: Block Log Analytics IP Entities on Azure Frontdoor / WAF #3 – Prof-IT Azure Frontdoor is a powerful tool for managing web ...
Read More →
