Comments (1)
Cyb3rWard0g
commented on August 17, 2024
Hello @Dabuek
I believe one of the expensive services is the Azure Bastion Host. For security purposes and to integrate it with access to your portal and resource group, it is a good service to use. However, it can be expensive in the long run. Therefore, the template also has the option to simply use NSG rules to allow RDP only from a specific public IP address. Set the following parameter to AllowPublicIP.
https://github.com/Azure/SimuLand/blob/main/2_deploy/aadHybridIdentityADFS/azuredeploy.json#L112
Also, make sure you set the specific Public IP address (i.e. Your home or organization) in this parameter (it is set to * by default):
https://github.com/Azure/SimuLand/blob/main/2_deploy/aadHybridIdentityADFS/azuredeploy.json#L123
That should help a lot! Also, from a MS Sentinel perspective, you can adjust the XPath queries used to collect data from Windows Security events and other Win providers (i.e. Sysmon). You can adjust the queries before deployment via the template parameters:
- Windows Security Auditing provider:
- Other Windows Event Providers (i.e. Sysmon is very noisy)
or via Microsoft Sentinel data connectors UI:
Also since this is a lab environment, I would set a policy to shutdown at least the domain-joined workstations.
I hope this helps!
from simuland.
Related Issues (20)
- API Call for oauth2PermissionGrants HOT 13
- New AADInternals scripts running to avoid error HOT 2
- Issue Enabling Audit Log Search in O365 HOT 2
- Enforce TLS 1.2 Azure AD Connect HOT 1
- AAD diagnostic setting build failure HOT 2
- Error on enableOffice365AuditLogSearch.md HOT 1
- M365 Defender Connector - Missing Consent - Invalid License HOT 26
- CreateADForest Conflict Error HOT 6
- No authorization to deploy HOT 3
- Update Windows Events Data Collection to Data Collection Rules (DCR) and XPath Queries
- Invalid content link HOT 1
- Certificate thumbprint error in Install-ADFS HOT 3
- SetupADFS VM Extension Failing, SetupDC VM Extension failing with 403 Forbidden message
- incorrect uri to Import Identity Workbook HOT 1
- Issue on page /environments/aadHybridIdentityADFS/README.html HOT 3
- Exiting. Error Message: invalid uri https://STORAGE ACCOUNT.blob.core.windows.net/pfx_blob
- InvalidContentLink - https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimFileEvent/ARM/vimFileEventMicrosoftSysmonCreated/vimFileEventMicrosoftSysmonCreated.json
- Issue on page /environments/_helper-docs/startM365E5Trial.html
- ARM Template Deployment
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simuland.