/en/bypass-sensitivity-label-restrictions/images/Preview.png

Bypass sensitivity label restrictions with mobile Edge and conditional access policies

Fabian Bader published on 2021-08-30 included in Azure AD Entra ID Conditional Access Identity and Access Microsoft Information Protection Security KQL

Vulnerability assesment by MSRC Severity Important Security Impact Security Feature Bypass Scope of the security vulnerability This article describes a security vulnerability that allowed an authenticated Microsoft 365 user to bypass additional protective measures based on sensitivity labels to download content to an unmanaged device. The user could not access files that she otherwise would not have access to. Fixed The issue has now been fixed by Microsoft and it is no longer possible to reproduce this behavior.

/en/golden-certificate-ocsp/images/OCSP-IssuedSerialNumbersDirectories.png

Golden Certificate and OCSP

Fabian Bader published on 2021-08-08 included in PKI Security

In this blog, I want to discuss one mitigation technique for the attack DPERSIST1 better known as “golden certificate”.

/en/create-persistent-defender-av-exclusions-circumvent-defender-endpoint-detection/images/EICAR.png

Create persistent Defender AV exclusions and circumvent Defender for Endpoint detection

Fabian Bader published on 2021-08-04 included in Defender AV Defender for Endpoint KQL

A user with administrative permissions is able to create Defender AV exclusions without using the Add-MPPrefence cmdlet. Because of the way the exclusion is created, most public guidelines and hunting queries on detecting this kind of change won’t detect it. Even more troubling is the fact that Microsoft Defender for Endpoint will not log any of those changes made. Therefore it’s not easy to detect and could go undetected for security personnel which relies on those queries and products.

/en/pulse-secure-windows-11/images/Preview.png

Use Pulse Secure on Windows 11

Fabian Bader published on 2021-07-26 included in PowerShell

Officially Pulse Secure does not yet support Windows 11, but that doesn’t mean it won’t work. However, it is not as easy as expected. The connection keeps getting disconnected after a few seconds. The manual solution which is described in the forum was a bit too “manual” for me. Open the settings of the “Juniper Networks Virtual Adapter” Enable the “Juniper Network Service” network binding Since the virtual network card is automatically removed if the connection is not successful and then loses the setting, I have automated the steps via PowerShell.

/en/the-case-of-mapiexceptionshutoffquotaexceeded/images/Preview.png

The case of the... MapiExceptionShutoffQuotaExceeded

Fabian Bader published on 2021-07-13 included in Exchange The case of the Microsoft 365

Some Exchange Online users receive the following error message for one or more invited mailboxes when creating new meetings: MapiExceptionShutoffQuotaExceeded. This article looks for the cause and a solution to the problem.

/en/journey-passwordless-restrict-fido2/images/Preview.png

Journey To Passwordless: Restrict FIDO2 key usage & conclusion

Fabian Bader published on 2021-07-05 included in Azure AD Entra ID Conditional Access FIDO2 Identity and Access Passwordless

In the last blogpost of the series it gets a bit more technical. Because for FIDO2 Security Keys as a login method, some additional settings can be configured in the Azure Portal

Work and live with IT