Using standard security monitoring
In this section, we will configure and simulate some typical events that get reported in the Azure AD Monitoring section.
First, we configure a Password protection
feature, Custom smart lockout
. We set the value to 10
incorrect logins:
Azure AD password protection features
You should receive the following message if you provide a wrong password 10 times:
Locked message dialog
You can see the activity under Monitoring
| Sign-In
:
Azure AD monitoring capabilities
You can also test Sign-ins from multiple geographies
with simulation software such as CyberGhost (http://www.cyberghostvpn.com/en_us). Another option would be to use an Azure Virtual Machine.
Log in with an account between geographic regions that are far apart, such as Europe and Asia. This requires a remote machine from your location and in a different time zone, with logons as close together as possible:
- Log in to https://myapps.microsoft.com as
Don.Hall@domain.onmicrosoft.com
from your local PC - Log in to https://myapps.microsoft.com as
Don.Hall@domain.onmicrosoft.com
on a machine in a different time zone than your original PC
To configure users with an anomalous sign-in activity, you can use the Tor browser:
- Utilize an anonymous browsing tool such as Tor
- Download the secure Tor browser from https://www.torproject.org/download/download-easy.html.en
Open the Tor browser, go to https://myapps.microsoft.com, and log in as Don.Hall@domain.onmicrosoft.com
. Your user account will be locked.
The following result is expected in security monitoring:
Security monitoring overview - Azure AD
Now that we have had a short journey through the security-monitoring options, we will integrate our Windows 10 client into Azure AD.