{"id":388,"date":"2021-06-01T18:59:31","date_gmt":"2021-06-01T18:59:31","guid":{"rendered":"https:\/\/thecloudmarathoner.com\/?p=388"},"modified":"2021-06-18T19:05:16","modified_gmt":"2021-06-18T19:05:16","slug":"protecting-against-compromised-user-devices-with-zero-trust-access-control","status":"publish","type":"post","link":"https:\/\/thecloudmarathoner.com\/index.php\/2021\/06\/01\/protecting-against-compromised-user-devices-with-zero-trust-access-control\/","title":{"rendered":"Protecting against compromised user devices with Zero Trust Access Control?"},"content":{"rendered":"\n

Hello Cloud Marathoners,<\/p>\n\n\n\n

I have been asked to expand upon set of available Microsoft Azure services that could help with compromised user devices. One way to deal with such scenarios is to temporarily suspend user access until endpoint is cleaned.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Taking into account that your user’s device is compromized, you can automate response either to restric or restore the access to the endpoint.<\/p>\n\n\n\n

Option#1 – Retrict Access<\/h3>\n\n\n\n

To help with this scenarious you could use the Azure AD’s Conditional Access features. The Conditional Access<\/strong> knows about the device risks because Microsoft Defender for Endpoint (MDE) notified Intune, who then updated the compliance status of the device in Azure AD.

During this period, the user is restricted from accessing corporate resources. These applies to all new resource requests and will block any current access to resources that support continuous access evaluation (CAE).

Your user will still be able to do general internet productivity and research (like Wikipedia, external web resources and anything else that doesn\u2019t require corporate authentication), but won\u2019t have access to corporate resources.<\/p>\n\n\n\n

Option#2 – Restore Access<\/h3>\n\n\n\n

The second option (illustrated on infographic) mitigates the “Access restored” scenariou. This correspondce to sceanriou wher threat has been remediated and cleaned up, MDE triggers Intune to update Azure AD and Conditional Access restores the user\u2019s access to corporate resources.<\/p>\n\n\n\n

Described two scenarious above, mitigate the risk to the organization by ensuring attackers who may be in control of these devices cannot access corporate resources, while minimizing the impact on user productivity to minimize disruption of business processes.<\/p>\n\n\n\n

What is next?<\/h3>\n\n\n\n

Check this interesting references on Microsoft docs and learn about Continue Access Evaluation (CAE)<\/a> – and other Common Conditional Access policies.<\/p>\n\n\n\n

F\u1d0f\u029f\u029f\u1d0f\u1d21 \u1d0d\u1d07 \ud83c\udfaf \u1d00\u0274\u1d05 become \u1d00 #cloudmarathoner<\/a> \u26c5\ud83c\udfc3\u200d\u2642\ufe0f\ud83c\udfc3\u200d\u2640\ufe0f – \ud835\udc0b\ud835\udc04\ud835\udc13’\ud835\udc12 \ud835\udc02\ud835\udc0e\ud835\udc0d\ud835\udc0d\ud835\udc04\ud835\udc02\ud835\udc13 \ud83d\udc4d#microsoftazure<\/a> 
#conditionalaccess<\/a> 
#compromiseduser<\/a>
#continuouslearning<\/a><\/p>\n

<\/div>

<\/path><\/svg><\/i> \"Loading\"<\/p>

<\/div>","protected":false},"excerpt":{"rendered":"

Hello Cloud Marathoners, I have been asked to expand upon set of available Microsoft Azure services that could help with compromised user devices. One way to deal with such scenarios is to temporarily suspend user access until endpoint is cleaned. Taking into account that your user’s device is compromized, you can automate response either to … Continue reading “Protecting against compromised user devices with Zero Trust Access Control?”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,15],"tags":[],"class_list":["post-388","post","type-post","status-publish","format-standard","hentry","category-microsoft-learn","category-security-governance"],"_links":{"self":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/388","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/comments?post=388"}],"version-history":[{"count":4,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/388\/revisions"}],"predecessor-version":[{"id":394,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/388\/revisions\/394"}],"wp:attachment":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/media?parent=388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/categories?post=388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/tags?post=388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}