Week 21, 2023

There are some cool new updates for those of you using Azure Active Directory, as we’re now collecting more data types and providing monitoring for accounts using weak forms of multi-factor authentication. If you’re an Azure AD customer, read on!

📳 Monitor Weak MFA Usage in Azure AD

Over the past month, we’ve been busy making sure that we are collecting the best possible data around MFA enrollment and usage for Azure AD. We’re now able to present that data to you in checks, user profiles, and the dashboard!

First, the “Weak MFA Was Used To Successfully Sign In” check has now expanded to include Azure AD. This check makes it easy for you to continuously monitor those accounts that are using weak forms of MFA to successfully log in. This helps you to focus on the most significant weak spots in your identity attack surface. Don’t forget, you can also set up automated messaging workflows to communicate the risk to the user and/or their manager in Microsoft Teams.

You will now also see factor enrollment and usage within the User 360 profile under the “Authentication Factors” section. You will be able to filter by status, changes, usage, device, phone number, and last used. We tag the weak factors so you can easily identify them.

Finally, the “MFA Prevalence by User Count” widget on the main dashboard will now include more of Microsoft’s authentication factors. This component enables you to compare the factors in use with factors configured but not used.

🌐 New Ways to Sort and Explore IP Addresses

Oftentimes, there are users with a large number of associated IP addresses. This can make it difficult to quickly access the IP addresses you are most interested in.

We’ve recently made a number of changes to the Networks section of the User 360 profiles, including the ability to search and filter the results. In this release, we’ve added a new sort option that will allow you to sort by IP address and hit count in ascending or descending order.

Bug Fixes and Minor Improvements

- Azure Collection Changes. You can now enable Oort to collect Conditional Access and Provisioning data types. Go to Integrations to edit your settings!

- Check Feedback. Feedback options only appear for event-based checks within the dashboard.

- Application usage. Monitor application usage from non-interactive logins.