Microsoft Defender for Identity native alert page in Microsoft 365 Defender

by Contributed | May 13, 2021 | Technology

This article is contributed. See the original author and article here.

We are excited to announce that starting today, Microsoft Defender for Identity alerts are natively integrated into Microsoft 365 security center (security.microsoft.com) with a dedicated Identity alert page format. This marks the first step in our journey to introduce the full Microsoft Defender for Identity experience into the unified Microsoft 365 Defender portal and is a continuation of the convergence motion to integrate protection across domains, which started with Defender for Office 365 and Defender for Endpoint.

The new Identity alert page unlocks value for Microsoft Defender for Identity customers such as better cross-domain signal enrichment and new automated identity response capabilities. It ensures that we can best help our customers to stay secure and help improve the efficiency of security operations. To learn more about Microsoft 365 Defender, check out this dedicated Tech Community blog.

Alerts and investigation

Alerts are a key experience when working with any security product. That’s why Defender for Identity is continuously investing in research and engineering efforts to provide new alerts to attack techniques, tools and vulnerabilities. Starting today, Microsoft Defender for Identity alerts are available to view within the Microsoft 365 Defender portal.

(Figure 1. Alert experience in Microsoft 365 security center)

One of the benefits of investigating alerts through Microsoft 365 security center is that Microsoft Defender for Identity alerts are further correlated with information obtained from each of the other products in the suite. These enhanced alerts are consistent with the other Microsoft 365 Defender alert formats originating from Microsoft Defender for Office 365 and Microsoft Defender for Endpoint. The new page effectively eliminates that need to navigate (‘tab-out’) to another product portal to investigate alerts associated with identity.

(Figure 2. Side panel for device entity that is enriched by both Microsoft Defender for Endpoint and Microsoft Defender for Identity)

The new alert page maintains a similar look and feel to Defender for Identity while adapting to the Microsoft 365 Defender user experience and style.

Not just a new home…

Alerts are now in one common alert queue with Defender for Office 365, Defender for Endpoint, Microsoft Cloud App Security and various compliance workload alerts. Another stand-out feature for alerts originating from Defender for Identity is that they can now trigger the Microsoft 365 Defender automated investigation and response (AIR) capabilities, including automatically remediating alerts and the mitigation of tools and process that can contribute to the suspicious activity.

 (Figure 3. Automatic alert investigation based on Microsoft Defender for Identity alert)

How do I get started?

Defender for Identity alerts can easily be accessed from either the Incidents or Alerts queue. Open either of these areas, and then you can filter by Service Sources to see the specific alerts you’re looking for.

 (Figure 4. Microsoft 365 security menu)

(Figure 5. Filter options for alert view)

As always, we’d love to know what you think.

Leave us feedback directly on the Microsoft 365 security center

Setting up https for Teams Tabs projects – without ngrok

by Contributed | May 13, 2021 | Technology

This article is contributed. See the original author and article here.

I’ve started using the new Microsoft Teams toolkit, which is a Visual Studio Code extension and generator for Teams applications. One thing I noticed is a little challenge when creating tabs, and that’s due to the requirement to use SSL. The documentation is fine and explains how to trust your local project, but I found it a little painful since the certificates only last 1 month and there’s a different one for each project, so I need repeat the process frequently. Your teammates will need to do that as well.

Here is an alternative approach in which you create your own certificate authority and build certs from that so you can install just one root certificate across all your projects! Each teammate can have their own certs, so you can collaborate as much as you wish and nobody has to go installing certs.

NOTE: Did you know that the Teams Toolkit uses Create React App (CRA) for tabs? Create React App is a toolchain from Facebook (who created React in the first place) it’s very popular and well supported! If you need help, search on “Create React App” and you can find a plethora of helpful articles; this one helped me figure this out!

Step 1: Create and trust a certificate authority (CA)

This step only needs to be done once for as many projects as you wish. It assumes you already have Node.js installed, as required by the Teams Toolkit.

a. Create a safe/private folder somewhere and go there in your favorite command-line tool, and run these commands:

npm install -g mkcert

mkcert create-ca –organization “MyOrg” –validity 3650

mkcert create-cert –ca-key “ca.key” –ca-cert “ca.crt” –validity 3650

 

NOTE: 3650 is the number of days your certs will be valid; feel free to change it. You can use –help on mkcert to reveal other options, such as setting an organization name and location (the default org is “Test CA”) and customizing the domain names for your certificate (the default is “localhost,127.0.0.1”).

This will create a new Certificate Authority and a certificate that was issued from it. You should see 4 files:

b. Now you need to trust the certificate for your new CA; by doing that any cert you create will be trusted with no additional action on your part.

On Windows

• Double click on the ca.crt file and click “Install Certificate”.
  
  
  

   

  
  


• Choose Local Machine and click next.
  
  
  

   

  
  


• Select “Place all certificates in the following store” and then click the “Browse” button. Choose “Trusted Root Certification Authorities” click “OK” to close the dialog box, and then click “Next”.
  
  


• Restart all instances of your browser to force it to re-read its trusted roots. If in doubt, reboot your computer.

On Mac

• Double click on the ca.crt file, which should be found under /Users/[your-name]/. It will launch Keychain Access app.


• Enter your password or use Touch ID when prompted. 
  


• The new certificate (in this case, “MyOrg”) should be added. Double-click it. 
  


• In a new window, expand the Trust section of the certificate details. Select “Always Trust” for every option. 
  


• Close the window. Enter your password or use Touch ID again if you are asked. Now the certificate is trusted. 
  


• Restart all instances of your browser to force it to re-read its trusted roots. If in doubt, reboot your computer.

On Linux

There are more steps on Linux as most browsers don’t use the operating system’s certificate store, and a tool called certutil is needed to modify the browsers’ cert?.db files. This article explains how to install your new root certificate on Linux.

Step 2 – Add the certs to your project

This is what you need to do for each project.

a. Create a new folder in your project folder (the same level as the package.json file) called .cert. Copy the cert.crt and cert.key files into this folder.

b. Modify your .env file to tell the local web server to use your cert:

c. Prevent saving the certs to your git repository by adding a line to the .gitignore file.

Azure Active Directory SSO Tabs

Tabs that implement Azure Active Directory Single Sign-On need to implement more than just a web page; they need to implement a web service to exchange the SSO token for an access token that the app can use to call downstream services such as the Microsoft Graph. This is explained in this blog article, or this one, more clearly than in the documentation.

When yo teams generates an SSO tab, this web service is hosted using the same web server as the page itself.

When the Teams Toolkit generates one, however, it creates a separate web service for the web service so there really are two endpoints that need to be SSL enabled. The web service is in a folder called api-server. To enable SSL here, follow these steps:

1. Add these lines to the api-server.env file.

HTTPS=true
SSL_CRT_FILE=../.cert/cert.crt
SSL_KEY_FILE=../.cert/cert.key
CORS_ORIGIN=https://devappsforteams.local:3000


2. Immediately above the line app.get(‘/getGraphAccessToken’) in server.ts or server.js, add these lines to allow the cross-origin call from the web page (port 3000) to the web service (port 5000):

const cors = require(‘cors’);
app.use(cors({
    origin: process.env.CORS_ORIGIN
}));


3. Near the bottom of the same file, replace the line

app.listen(port);


with this code:

const fs = require(‘fs’);
const https = require(‘https’);
var privateKey = fs.readFileSync(process.env.SSL_KEY_FILE );
var certificate = fs.readFileSync(process.env.SSL_CRT_FILE);

https.createServer({
    key: privateKey,
    cert: certificate
}, app).listen(port);

Working in a team

Each team member needs to do Step 1 on their computer just once. When a developer starts working on a project they can simply copy their .cert folder into their project and go to work.

Many thanks to my colleague Tomomi Imura for documenting the Mac instructions and providing screen shots.

Do you have ideas on how to do this better, especially in a project team? Please chime in using the comments; thanks!

Step-By-Step: Migrating Active Directory Certificate Service From Windows Server 2008 R2 to 2019

by Contributed | May 13, 2021 | Technology

This article is contributed. See the original author and article here.

Windows Server 2008 R2 achieved end of support via Microsoft on January 14th 2020. In a previous post, steps were detailed on Active Directory Certificate Service migration from 2008 R2 to 2019 but required the new Windows Server 2019 server to have the same name as the previous 2008 R2 server.  Many of you have reached out asking for an update of the steps to reflect Active Directory Certificate Service migration from 2008 R2 to 2016 / 2019 containing a different name.  A solution has been found and tested with repeatable steps shared below.

NOTE: The following was tested in a lab environment. While the solution was successful it may not reflect your organization’s current setup. Please test the steps below in a lab environment prior to implementing on production.

Step 1: Backup Windows Server 2008 R2 certificate authority database and its configuration
 

1. Log in to Windows 2008 R2 Server as member of local administrator group


2. Go to Start > Administrative Tools > Certificate Authority


3. Right Click on Server Node > All Tasks > Backup CA
    
   Certification Authority Backup CA
    


4. Click Next on the Certification Authority Backup Wizard screen
   


5. Click both check boxes to select both items to backup and provide the backup path for the file to be stored
    
   Certification Authority Backup Wizard Item Selection
    


6. Click Next


7. Provide a password to protect private key and CA certificate file and click on next to continue


8. Click Finish to complete the process
   

Step 2: Backup CA Registry Settings

1. Click Start > Run > type regedit and click OK


2. Expand the key in following path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCertSvc


3. Right click on the Configuration key and click Export


4. Provide a name, save the backup file and then click on save to complete the backup
    
   Backup CA Registry Settings

Backup of the Certificates is now complete and the files can now be moved to the new Windows 2016 / 2019 server.

CA Backup complete

Step 3: Uninstall CA Service from Windows Server 2008 R2

1. Navigate to Server Manager


2. Click Remove Roles under Roles Summary to start the Remove Roles Wizard, and then click Next
    
   Uninstalling a CA
   
   


3. Click to clear the Active Directory Certificate Services check box and click Next
    
   Removing Active Directory Certificate Services
    


4. Click Remove on the Confirm Removal Options page


5. If Internet Information Services (IIS) is running and you are prompted to stop the service before you continue with the uninstall process, click OK


6. Click Close


7. Restart the server to complete the uninstall

Step 4: Install Windows Server 2016 / 2019 Certificate Services

*NOTE: The screenshots below show the server name as WS2019 to highlight which server we are working on. This step-by-step highlights screenshots from Windows Server 2019. Windows Server 2016 process is the same with similar screenshots
 

1. Log in to Windows Server 2019 as Domain Administrator or member of local administrator group


2. Navigate to Server Manager > Add roles and features


3. Click on next to continue in the Add Roles and features Wizard


4. Select Role-based or Feature-based installation and click next
   


5. Keep the default selection from the server selections window and click next
    
   Windows Server 2019 Server Selections
    


6. Select Active Directory Certificate Services, click next in the pop up window to acknowledge the required features that need to be added, and click next to continue
    
   Adding Active Directory Certificate Services
    


7. Click Next in the Features section to continue


8. Review the brief description about AD CS and click next to continue


9. Select Certificate Authority and Certification Authority Web Enrollment, click next in the pop up window to acknowledge the required features that need to be added, and click next to continue
    
   Windows Server 2019 Add Role Services
    


10. Review the brief description about IIS and click next to continue


11. Leave the default and click next to continue


12. Click Install to begin the installation process


13. Close the wizard once it is complete

Step 5: Configure AD CS

In this step will look in to configuration and restoring the backup created previously

1. Navigate to Server Manager > AD CS


2. In right hand panel it will show message as following screenshot and click on More
    
   AD CS
    


3. Click on Configure Active Directory Certificate Service …… in the pop up window
    
   Configure Active Directory Certificate Service
    


4. In the Role Configuration wizard, ensure the proper credential for Enterprise Administrator is shown and click next to continue
   


5. Select Certification Authority and Certification Authority Web Enrollment and click next to continue


6. Ensure Enterprise CA is selected the setup type and click next to continue


7. Select Root CA as the CA type and click next to continue


8. With this being a migration, select Use existing private key and Select a certificate and use its associated private key and click next to continue
    
   AD CS Configuration
    


9. Click Import in the AD CS Configuration window


10. Select the key backed up during the backup process from windows 2008 R2 server. Browse and select the key from the backup we made and provide the password we used for protection and click OK.
     
    Import Existing Certificate
     


11. With the key successfully imported and select the imported certificate and click next to continue


12. Leave the default certificate database path and click next to continue


13. Click on configure to proceed with the configuration process


14. Close the configuration Wizard once complete
    


15. Open the Command Prompt in Administrator Mode


16. Run the following to stop certificate services
     
    
    

    net stop certsvc

    
    


17. Open the registry file exported from the Windows 2008 server in Notepad
     
    NOTE: Please ensure you have tested this in lab first prior to completing these steps. While the solution was successful in lab it may not reflect your organization’s current setup and may disrupt your service. Microsoft is not liable for any possible disruption that may occur.
    
    


18. Locate CAServerName and change the value to the name of the NEW 2016 / 2019 Windows Server
     
    Modify registry file
     


19. Save the changes in Notepad

Step 6: Restore CA Backup

1. Navigate to Server Manager > Tools > Certification Authority


2. Right click on server node > All Tasks > Restore CA


3. A window will appear confirming the stop of Active Directory Certificate Services. Click OK to continue.
    
   Confirm stop of Active Directory Certificate Services
   


4. Click Next to start the Certification Authority Restore Wizard
   


5. Click both check boxes to select both items to restore and provide the backup path for the file to be restored from
    
   Certification Authority Restore Wizard
   


6. Enter the password used to protect private key during the backup process and click next


7. Click Finish to complete the restore process


8. Click Yes to restart Active Directory Certificate Services

Step 7: Restore Registry info

1. Navigate to the folder containing the backed-up registry key with the newly edited CAServerName value and double click > Run to initialize the restore


2. Click yes to proceed with registry key restore


3. Click OK once confirmation about the restore is shared

Step 8: Reissue Certificate Templates

It is now time to reissue the certificate with the migration process now complete.

1. Under Server Manager, navigate to Tools > Certification Authority


2. Right click on Certificate Templates Folder > New > Certificate Template to Reissue


3. From the certificate templates list click on the appropriate certificate template and click OK

This completes the Active Directory Certificate Service migration steps from 2008 R2 to 2016 / 2019 containing a different server name. 

The following video also shares steps surrounding this process as well as migrating DNS.

https://channel9.msdn.com/Shows/IT-Ops-Talk/Windows-2008-End-Of-Support-Active-Directory-Migration/player?WT.mc_id=modinfra-27462-abartolo

Build real-time application with lightweight server and Azure Web PubSub service

by Contributed | May 13, 2021 | Technology

This article is contributed. See the original author and article here.

With the growth of internet, the demands of real-time is also expanded to web application to achieve live and synchronous interaction with the world. The data must be efficiently processed and delivered to produce a responsive, real time experience, for example cross platforms chatting application with live video, group collaboration in remote education, live dashboard for IoT, instant notification and alert for IT systems, and so on.

The Azure Web PubSub service (AWPS) could help you build real-time web application easily with large scale and high availability and focus on your own business instead of infrastructure. This service enables you to build the real-time web application based on WebSocket technology and publish-subscribe pattern. It enables an extensive client platform, and you also have the flexibility to leverage WebSocket community ecosystem.

In some scenarios, we need the server to process the data between clients, for example, implementing the language moderation for a cross platforms chat room, raw data scaling and calibration for logistic location tracking, data statistics for live dashboard, etc. But in other cases, you may look for a more effective model which routes the data between clients directly with a lightweight server. Taking the group collaboration scenario in remote education as an example, you may want to build a whiteboard application for remote customers which will synchronize the customized events between clients.

The Azure Web PubSub service could support both server with the ability to process messages and lightweight server scenarios. To help you build application with lightweight server, the AWPS published a predefined subprotocol json.webpubsub.azure.v1 which empowers the clients to do publish-subscribe directly. For the client supporting this subprotocol, we call it “PubSub WebSocket Client”. Let’s walk through how to use this subprotocol and build a chatroom with lightweight server together. You build the application with any programming language supporting WebSocket API. We are taking JavaScript as an example here. If you are using others, like Node.JS, Python, etc., you need to replace the APIs accordingly.

Create the instance of AWPS

First, sign in to the Azure portal  with your Azure account. You could create the new free instance by searching the “Web PubSub” or find it from the “Web” category.

Once the instance is created, we need to go to the “Client URL Generator” in “Key” tab to generate the “Client Access URL”. Please make sure that it has the roles of “Send To Groups” and “Join/Leave Groups”.

Create the PubSub WebSocket Client

It is using the Client_Access_URL and the subprotocol json.webpubsub.azure.v1 to create the WebSocket connection. In general, you need to generate the URL and token by server with the connection string. To simplify this demo, we just copy the URL from portal directly.

// PubSub WebSocket client
var publisher = new WebSocket('Client_Access_URL', 'json.webpubsub.azure.v1');
var subscriber = new WebSocket('Client_Access_URL', 'json.webpubsub.azure.v1');

Join and subscribe message from group

You need to join the group at first before receiving the messages. The message format to join a group is as below.

{
    "type": "joinGroup",
    "group": "<group_name>"
}

Once you join the group, it is easy to receive the messages from the specific group by onmessage event as the code snippet below. 

subscriber.onopen = function () {
    subscriber.send(JSON.stringify({
        "type": "joinGroup",
        "group": "group1"
    }));
}

subscriber.onmessage = function (e) {
    console.log(e.data);
}

Publish a text message the group

You could publish a text message to the specific group with this message format, if you have proper permission with the Client Access URL. It is not required to join the group at first.

{
    "type": "sendToGroup",
    "group": "<group_name>",
    "dataType" : "text",
    "data": "Hello World!"
}

Here is the code snippet in Javascript :

publisher.onopen = function () {
    publisher.send(JSON.stringify({
        "type": "sendToGroup",
        "group": "group1",
        "dataType" : "text",
        "data": "Hello World!"
    }));
}

Next Steps

Now, you have learned how to use Azure Web PubSub to complete pub/sub between clients, and you can use it to build a real application like chat room as this online demo and the sample code.  You could also get more helpful resources from the getting stated contents. We are looking forward your feedback and ideas to help us become better via Azure Feedback Forum!