Using standard security monitoring
In this section, we will configure and simulate some typical events that get reported in the Azure AD Monitoring section.
First, we configure a Password protection feature, Custom smart lockout. We set the value to 10 incorrect logins:
You should receive the following message if you provide a wrong password 10 times:
You can see the activity under Monitoring | Sign-In:
You can also test Sign-ins from multiple geographies with simulation software such as CyberGhost (http://www.cyberghostvpn.com/en_us). Another option would be to use an Azure Virtual Machine.
Log in with an account between geographic regions that are far apart, such as Europe and Asia. This requires a remote machine from your location and in a different time zone, with logons as close together as possible:
- Log in to https://myapps.microsoft.com as Don.Hall@domain.onmicrosoft.com from your local PC
- Log in to https://myapps.microsoft.com as Don.Hall@domain.onmicrosoft.com on a machine in a different time zone than your original PC
To configure users with an anomalous sign-in activity, you can use the Tor browser:
- Utilize an anonymous browsing tool such as Tor
- Download the secure Tor browser from https://www.torproject.org/download/download-easy.html.en
Open the Tor browser, go to https://myapps.microsoft.com, and log in as Don.Hall@domain.onmicrosoft.com. Your user account will be locked.
The following result is expected in security monitoring:
Now that we have had a short journey through the security-monitoring options, we will integrate our Windows 10 client into Azure AD.