What Are You Doing Right Now
-
@wrx7m said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
Dealing with this...
https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/RemediateBreachedAccount.ps1Oh no! How did you find out about the breach? Also, that is an interesting tool.
a customer called and stated he was getting emails from clients that were from him. We noticed it was sent from the Office 365 account and they had a delete rule for all the incoming and sent email.
-
@dbeato said in What Are You Doing Right Now:
@wrx7m said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
Dealing with this...
https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/RemediateBreachedAccount.ps1Oh no! How did you find out about the breach? Also, that is an interesting tool.
a customer called and stated he was getting emails from clients that were from him. We noticed it was sent from the Office 365 account and they had a delete rule for all the incoming and sent email.
Yikes!
-
@dbeato said in What Are You Doing Right Now:
Dealing with this...
https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/RemediateBreachedAccount.ps1Yeah we went through this a couple months back. Office 365 tools to help detect/prevent these types of things aren't strong unless you're willing to pay for Azure AD Premium. Thankfully minimal damage done.
-
@zachary715 said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
Dealing with this...
https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/RemediateBreachedAccount.ps1Yeah we went through this a couple months back. Office 365 tools to help detect/prevent these types of things aren't strong unless you're willing to pay for Azure AD Premium. Thankfully minimal damage done.
Did you enable MFA after that on the accounts?
-
@dbeato said in What Are You Doing Right Now:
@zachary715 said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
Dealing with this...
https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/RemediateBreachedAccount.ps1Yeah we went through this a couple months back. Office 365 tools to help detect/prevent these types of things aren't strong unless you're willing to pay for Azure AD Premium. Thankfully minimal damage done.
Did you enable MFA after that on the accounts?
We looked into MFA before this ever happened, but it doesn't seem to work well since we have Office 365 through GoDaddy. The authentication seems to run through GoDaddy first so it makes it act fairly wonky. I'm now testing a "pure" Office 365 account and going to enable MFA there to confirm my suspicions that GoDaddy is where my issues lie.
-
@zachary715 said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
@zachary715 said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
Dealing with this...
https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/RemediateBreachedAccount.ps1Yeah we went through this a couple months back. Office 365 tools to help detect/prevent these types of things aren't strong unless you're willing to pay for Azure AD Premium. Thankfully minimal damage done.
Did you enable MFA after that on the accounts?
We looked into MFA before this ever happened, but it doesn't seem to work well since we have Office 365 through GoDaddy. The authentication seems to run through GoDaddy first so it makes it act fairly wonky. I'm now testing a "pure" Office 365 account and going to enable MFA there to confirm my suspicions that GoDaddy is where my issues lie.
Oh okay, this account is fully Office 365.
-
@dbeato said in What Are You Doing Right Now:
@zachary715 said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
@zachary715 said in What Are You Doing Right Now:
@dbeato said in What Are You Doing Right Now:
Dealing with this...
https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/RemediateBreachedAccount.ps1Yeah we went through this a couple months back. Office 365 tools to help detect/prevent these types of things aren't strong unless you're willing to pay for Azure AD Premium. Thankfully minimal damage done.
Did you enable MFA after that on the accounts?
We looked into MFA before this ever happened, but it doesn't seem to work well since we have Office 365 through GoDaddy. The authentication seems to run through GoDaddy first so it makes it act fairly wonky. I'm now testing a "pure" Office 365 account and going to enable MFA there to confirm my suspicions that GoDaddy is where my issues lie.
Oh okay, this account is fully Office 365.
Yeah we ended up creating some new rules as a result and learned a whole lot about all the different Office 365 relevant portals to capture logs, etc that we weren't fully aware of prior. It's really quite scattered at the moment and the ability to setup alerting is pretty weak, especially on the Azure side. Now we're having to manually check the "Users Flagged for Risk" and "Risky Sign Ins" weekly to help identify any fishy (phishy?) business.
-
Updating my FreePBX VM at the colo.
-
@eddiejennings said in What Are You Doing Right Now:
Updating my FreePBX VM at the colo.
We did that tonight. SO many updates.
-
@scottalanmiller said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
Updating my FreePBX VM at the colo.
We did that tonight. SO many updates.
New install for me. Got ZeroTier installed on it, so I don't have to go through a fedora VM in VirtManager to get to the web interface
-
Loads of FreePBX updates.
-
Loads of NodeBB updates!
-
Getting ready for MangoLassi to update as we are slow after a very busy day.
-
First three NodeBB test sites are good.
-
Working on Emails and Updates
-
Backup taken. Okay, starting in a moment...
-
@scottalanmiller said in What Are You Doing Right Now:
Backup taken. Okay, starting in a moment...
Good luck
-
@dbeato said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Backup taken. Okay, starting in a moment...
Good luck
Thanks.
-
Here we go....
-
And we are back!