Comment on Daily discussion thread: đŚ Monday, May 13, 2024
Gibsonisafluffybutt@aussie.zone â¨5⊠â¨months⊠agoThatâs fucking hilarious 𤣠but youâre absolutely spot on. They want basic AD knowledge which is pretty straightforward. Just brushing up.
I actually did work on IAM and conditional access at my last job, but only as a project manager.
TinyBreak@aussie.zone â¨5⊠â¨months⊠ago
Absolutely bring that up. Fair to assume they are directory synced to the cloud. honestly conditional access is one of the coolest things Microsoft have done in the last 10 years!!
For inside knowledge: Microsoft apparently working on enabling more complex passwords in entra id. Iâm very excited about this because itâs stupid that you have to have an on premises active directory to be able to set minimum complexity requirements.
Gibsonisafluffybutt@aussie.zone â¨5⊠â¨months⊠ago
Interesting! Iâve been hearing that two factor isnât enough anymore is that true?
This job, itâs linked to the courts, so everything is still on prem. Although, maybe if I get this job I can start an initiative to move to the cloud.
TinyBreak@aussie.zone â¨5⊠â¨months⊠ago
Correct, mfa ainât enough. Especially in sensitive settings like the courts. Government gets twitchy about data going out of the country. You might even find dealing with the courts the mandate IS on prem.
But Iâve had clients/customers/whatever click on links and have their auth token stolen from the browser, allowed an attacker to come in totally bypassing mfa. Iâve also had customers have their phone number ported away to steal the sms auth. Shit is scary.
Gibsonisafluffybutt@aussie.zone â¨5⊠â¨months⊠ago
Pretty sure the court is mandated to be on prem if I recall from the interview. Browser stuff can be mitigated to a degree, but how the fuck do you stop number porting and Sim cloning?