FireMon: How to Configure SAML SSO with Azure Active Directory (AzAD, AAD)
Read: 6 mins. This article goes over how to configure FireMon Single Sign-On with Azure Active Directory using the appropriate Group Claim schema.
22
Mar 2022
22
Feb 2022
Azure Active Directory: Role Changes (ie. Global Administrators) (Auditing and Splunk)
Read: 5 mins. This article covers three ways to audit Azure Active Directory Role changes, such as the Global Administrators: Azure Portal, Microsoft 365 Compliance Center, and Splunk (SIEM).
1
May 2020
Active Directory: Group And Membership Changes (Windows Event IDs, Auditing, and Splunk)
Read: 12 mins. How do you find out who made a change to an Active Directory or Builtin Local Group? Which users were added to or removed from a group? When was a group deleted? In this post, we look at Group and Membership change Event IDs, and explore how to use Splunk to find relevant information to aid in your investigations.
14
Apr 2020
MS Teams: Who Recorded The Meeting? Who Downloaded a Copy of The Recording?
Read: 3 mins. A sensitive, internal meeting was held within Microsoft Teams, and someone had accidentally recorded it. The organizer was extremely unhappy when nobody admitted to it, particularly since any attendee was able to download a copy of the recording. An urgent request to the Office 365 and Information Security teams was put out to investigate. How did we go about in doing so?