Microsoft recently announced the release of new features such as “password management and autofill capability” in their Authenticator app for mobile devices. The app also supports two-factor authentication and is compatible on both Android and iOS devices.
The feature that allows users to use the Microsoft Authenticator app to save passwords and automatically populate sign-in fields was in the beta stage up until December. However, its use was restricted to only to users with Microsoft accounts. Enterprise customers could however, get access to the feature by placing a request.
It is to be noted that organizations can only enable the password management and autofill capability for either all of their users or for none of them. The feature works best on the Microsoft Edge browser and will work on Google Chrome with the help of an extension.
Microsoft recently released a couple of new additional features to its Azure AD system. The new features, namely My Apps Collections and Risk Detections will let end users create their own set of apps in the Azure AD “My Apps” portal. The latter feature will help administrators spot sign-in anomalies. However, Microsoft also announced that some Azure AD features will also be discontinued.
A look into the My Apps Collections Feature:
This feature will allow end users to create their own collections of apps in the Azure AD My Apps portal and will also enable them to arrange their apps under “tabs”. IT teams are initially required to grant access to these applications to the end users for them to utilize the new feature. The new feature allows end users arrange them under tab categories, they are just reorganizing what they already have the rights to use. It is to be noted that the new feature will require an organization to have an “Azure AD Premium P1 or P2 license” to use it.
Risk Detections in Azure AD – A closer look
The new feature lets organizations spot signals of sign-in risk if they use the Azure AD Identity Protection service. These protections are borrowed from the pre-existing Microsoft Cloud App Security service and they are as follows:
- Sign in from a new country
- Activity from Anonymous IP Address
- Suspicious Inbox Forwarding Rules
“IT admins can now use such signals to investigate any anomalies further if necessary”, Microsoft said in their announcement.
Microsoft is helping organizations that are investigating whether they are victims of the Solorigate attack by offering them a free tool, the CodeQL queries that the company used to scan its source code for after the attack. the queries Microsoft used with CodeQL identify any code that is similar in pattern and function to the SolarWinds malware. So, these queries can be used on any software to do the same.
Meanwhile, security researchers from SecurityScorecard say that they have found a piece of malware used in the attack that dates back to almost four years ago. The malware, dubbed Teardrop, profiles a victim’s system and network, and this dates back all the way to 2017.
Ryan Sherstobitoff, vice president of cyberthreat research and intelligence at SecurityScorecard derived from this fact that Teardrop was likely used in other APT operations before SolarWinds by this nation-state hacking team.
Notably, when FireEye went public about suffering the data breach in December 2020, the company described Teardrop as a piece of malware that they have not seen before.