Secure your Infrastructure with Azure Multi-Factor ...... · Online Conference June 17 thand 18...

transcript

Online Conference

June 17th and 18th 2015EVENTS.COLLAB365.COMMUNITY

Secure your Infrastructure with

Azure Multi-Factor Authentication Server

EVENTS.COLLAB365.COMMUNITY

Prabhat Nigam

Email:

Prabhat.Nigam@GoldenFive.net

Twitter: @PrabhatNigamXHG

Phone: +1-609-738-728

LinkedIn:https://www.linkedin.com/

in/prabhat-nigam-42644a8/

CTO – Golden Five ConsultingCEO - LAEXUG Foundation18 years in IT | Worked for All IT Giants3xMVP, Blogger, Speaker, Author, Father, Husband Blog: MSExchangeguru.comWebsite: GoldenFiveConsulting.com

Agenda

• Identifying the Security Risk

• Security Options

• Azure Multi-Factor Authentication

• Secure Your Infrastructure with Azure MFA

Security Analysis shared By Microsoft

160 million customer records compromised

140-200+ days between infiltration and detection

87% of senior managers admit using personal accounts for work

50% year over year growth in electronic data

Ever-evolving industry standards across geographies

Recent Cyber Attacks

My Doom A Virus which caused $38.5 Billion Financial damage

Year 2016 witnessed frequent cyber-attacks Increased by 400 hundred percent

Malware Attack nearly doubled 8.19 billon

Cesar Ransomware – Witnessed by me

$18000 Ransom paid by Hospital in my city

Ransomware or Crypto Virus or Crypto-Locker Chief of Police wrote this:

http://www.officer.com/article/12304582/alert-ransomware-and-crypto-virus

Reality Check of Cyber Attack• How many here has been experienced of cyber

attack?

• Your Organization has been attacked.

Let us check here.

http://map.norsecorp.com/#/

Security Options

• No Internet

• DMZ

• VPN

• Enforce Paraphrase Password

• MFA or Two Factor Authentication

Multi-Factor Authenticationoptions

• OCTA MFA • AWS MFA• RSA Token• Symantec VIP• CA Advance authentication• Duo Two Factor Authentication• Eset Two Factor Authentication• Azure MFA

Azure MFA Options

There are two versions of Azure MFA

• Office 365 version

• On-Premise version

• Azure Multi-Factor Authentication Server

Conditions

Allow access

Block access

Enforce MFA per

user/per app

Location (IP range)

Device state

User groupUser

Azure MFA O365 Version

Download Azure MFA Server4. Click on “Go to the Portal”

5. Click on Downloads then on Download

1. Login to Azure

2. Add either of these licenses

Azure Multi-Factor Authentication,

Azure Active Directory Premium,

Enterprise Mobility Suite

Enterprise Cloud Suite.

3. Expand the Active Directory Clicked

on Configure browse down to “multi-

factor Authentication” Clicked on

“Manage Service Settings”

Applications Required to Secure Infrastructure

We need to deploy the following:On Premises• Server 1 with the following:

– Active Directory Federation Services (ADFS)– Azure Multi-Factor Authentication (AMFA)

• Server 2 with the following:– Remote Desktop WEB (RDW)– Remote Desktop Gateway (RDG)– Network Policy Server (NPS)– Web Application Proxy (WAP).

Configure Secure Office with Azure MFA 1We need to configure the following:

• Obtain an SSL Cert with the private key• Install & Configure Azure MFA Server• Install & Configure ADFS. Also configure to use Azure MFA• Install & Configure Web Application Proxy to connect to ADFS Server• Install and Configure RDWeb, RDGateway and Network Policy Server for

Radius pointing to Azure MFA• Configure Azure MFA for Radius Server• Configure Certificate at all the places.

Configure Secure Office with Azure MFA 2

• Configure external dns for ADFS url to Point to WAP Server• Point your RDWeb Portal and RDGateway DNS to the same WAP server.• In ADFS configure the following:

– Add Relying party trusts for OWA and ECP and add claims.– Add Non-Claims aware Relying party Trust in the ADFS server– Add Office 365 relying party Trust and add claims.

• Configure WAP all the External URL except OWA/ECP• Configure Exchange server for Azure MFA• Configure Application for the RDWeb Portal Page.

Allow access

Or Block access

Enforce MFA per

user/per app

Azure MFA Server Architecture

WAP |RDW|RDG

Exchange

Azure AD and MFA Token

server

RDWEB will send direct request to MFA Server

Azure MFA

Azure MFA Server: Known Issues• Twice MFA Prompt for MAC Users

– Expected behavior– Work around is to add cache

• NPS Database Corruption– Uninstall and Reinstall NPS, RDGateway – Restart the server then reconfigure everything.

• OWA Showing Blank Page– Configure OWA Redirection in IIS at “Default Web SiteOWAAuth”

• Unable to connect to the Master MFA server– Add MFA computer object in “PhoneFactor Admins” Group membership

• Unable to Open Application on Non-IE Browsers– Use correct parameter with the cmd Set-RDSessionCollectionConfiguration

• Thin PC Getting Certificate popup– Add Certificate thumbprint using GPO

Takeaways

• Reasons to secure your Infrastructure?

• Ways to Secure your Infrastructure?

• How can we Use Azure MFA to Secure whole Infrastructure

• Places to troubleshoot Azure MFA

References

• http://msexchangeguru.com/2017/01/16/unable-to-download-azuremfa/

• http://msexchangeguru.com/2017/01/28/azure-mfa1/• http://msexchangeguru.com/2017/01/28/azure-mfa2/• http://msexchangeguru.com/2017/02/02/mfa-for-rds1/• http://msexchangeguru.com/2017/02/02/mfa-for-rds2/• http://msexchangeguru.com/2016/12/09/wap-adfs-mfa-part-1/• http://msexchangeguru.com/2016/12/09/wap-adfs-mfa-part-2/

Connect For More✓ Twitter: @MSExchangeGuru

@PrabhatNigamXHG

✓ Facebook Group: Microsoft Exchange 2016Microsoft Exchange Server 2019

✓ YouTube: MSExchangeGuru Channel

✓ Yammer: Microsoft Exchange Server 2019

✓ LinkedIn: Microsoft Exchange Server Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019

User Groups: LAEXUGLACIUGLAEXUG_ALL_IT

σας

ευχαριστώधन्यवाद

Merci mulțumesc

Stay tuned for more great sessions …

Secure your Infrastructure with Azure Multi-Factor ...... · Online Conference June 17 thand 18...

Documents