Continuous learning. The need for peer review, collaborative sharing, and developing strategies for digital security.

Microsoft provided information about Password Spray Attack Detection in April 2023. It is a good article, read more here.

There are some other listed Blog Posts on hardening your Apps and Servers and data in the Cloud.

HOWEVER… things do not always work out the way we hope and plan. As you know, Microsoft was hacked in November of 2023 using the Password Spray Attack. Information was accessed. Data was held hostage and some leaked and lost.

Now there is a new post. These are some of the listed steps to make sure your team is on track:

Microsoft Active Directory Federation Services (ADFS)

  1. Event and Security Logging
  2. Install ADFS Connect Health
  3. Install Microsoft Entra Connect Health for ADFS
  4. Install the Azure ADFS Connect Health Agent
  5. Setup ADFS Risky IP report workbook and Azure Monitor
  6. Set up SIEM tool alerts on Microsoft Sentinel
  7. SIEM integration into Microsoft Defender for Cloud Apps
  8. SIEM integration with Graph API
  9. Using Splunk? It still works for alerts and more

And some questions for you to considere:

  • What are your Investigation Triggers?
  • What is your team actually looking for in their examinations?
  • What mitigation steps do you have in play and practice?
  • What is the Recovery plan?

Please make sure you read the new update called: Password spray investigation

This article is found on the Microsoft security site here.