FAQ: How can I track Windows 10 Azure AD Device Registrations?

This question came up twice for me this week, and the answer is not obvious if you’ve not gone looking for this info before.

You can actually track your Windows device registrations in two places:

One option is through searching your Azure AD Audit logs and filtering on Device Registration.


Another is the Azure AD Power BI Dashboard, which received an updated in late June that includes a couple of new reports that include info on registered devices.

3 Truths of Modern Enterprise Security

The threat landscape, specifically the types and sources of threats, has changed significantly in the last few years. There are a number of readily identifiable causal factors, including:

  •  Changes in technology. The introduction of new technology results in weaknesses that are related to low technological maturity, improper use, improper integration with existing systems, low user awareness, etc.
  • Advances in the capabilities of threat agents. The skills, available tools, available resources, information on exploits and motivation of threat agents (sometimes called ‘threat actors’) has evolved. The types of threat agents have evolved from the script kiddies of the 90’s to today’s well-resourced and highly sophisticated hackers, who in some cases are even sponsored by malicious nation states.
  • Data growth. 90% of all the world’s data has been produced in the last two years, and with the growth of myriad devices (the Internet of Things), the target just keeps getting bigger.

With the evolution of the threat landscape comes the need to modernize our thinking and approach to security and identity. Make no mistake, firewalls and antivirus are no longer enough. To help frame some of the key challenges, here are three truths of modern enterprise security, along with some free resources to start you on the journey to modernize your approach.

Truth #1: Your trusted network is not as secure as you think

While your trusted corporate network may seem like the simplest resource to secure, it may be, in fact, the most vulnerable. Some of the most common points of entry to your trusted network are through browser exploits, malicious document delivery, and phishing attacks. What these exploits all have in common are that they target what is perhaps the greatest vulnerability on your network – the end user. The reality is that trusting users can be fooled into clicking malicious URLs. This may result in the opening of infected e-mail attachments that install malware or ransomware on client computers, letting hackers and thieves through your secure network perimeter undetected.

This malware often lives undetected on your trusted network for an average of more than 200 days, listening to conversations, waiting to uncover network credentials, then stealing these secrets that enable lateral movement through your environment. This challenge is compounded by compromising more systems and uncovering more credentials, eventually enabling vertical movement from client to server.

Think your users are too smart to be lured into a phishing scam? Just ask Chairman of the Clinton presidential campaign, John Podesta, who fell for a phishing scam that landed his email archive on Wikileaks!

Truth #2: The network perimeter, as you know it, is history

The traditional model of the network perimeter, including firewalls and proxies and a perimeter network (aka DMZ), is dead. The perimeter, where access and authorization are enforced, can be the login screen on a mobile device, or an app installed on that device. The app is the window to your corporate data (content), and the new perimeter is the content and context by which the user tries to access that data.

The Cloud Security Alliance (CSA) advises that “identity management in the context of cloud computing should not only manage the user identities. It should extend this to manage cloud application/services identities, access control policies for these cloud applications/services, as well as privileged identities for the applications/services, etc.”.

With this in mind, organizations must rethink their approach to identity management, authentication, and authorization in a world that did not exist when the concept of username and password entered on a PC behind a trusted network were conceived. With an increasingly mobile workforce, Multi-factor authentication (MFA) is a must and policy-based authentication that evaluates the full context of the authentication attempt (user, device, location, date/time, app and data) is more important than ever.

And what about the security of your sensitive corporate data on employees’ personal mobile devices, full of unmanaged apps and direct connectivity to personal cloud storage?

Truth #3: Breach will happen…and you need to be prepared when it does

While post-breach detection may feel “too little too late”, it is actually a critical layer of defense, particularly as your efforts to mature your security posture in a race against an ever-evolving threat landscape. When a breach has occurred, detecting both weak spots and actual breaches in the context of your computing environments, as opposed to a single device, is absolutely critical to providing context and visibility into the scope of items that need attention.

It is one thing to see an alert on an infected computer in your trusted network. It is quite another to see lateral movement of a malicious entity in your environment through a suspicious pattern of behavior with a common set of compromised credentials. In this case, detecting and squashing lateral movement at the client tier can prevent the next step in the intrusion process…listening for and capturing privileged credentials that enable vertical movement into server and application tiers containing sensitive business and customer data.

Finding answers to the big questions

While important, these three truths are just the tip of the iceberg and raise some very important questions:

  • How do you defend against the weakest links in your trusted, on-premises network?
  • How do you secure your sensitive corporate information on devices that could be anywhere…and beyond your management reach?
  • What type of post-breach defense can you implement to ensure you have eyes on the presence and scope of a security breach?

Making the big picture of security and identity in a cloud-first, work-from-anywhere world, full of threats that marginalize the efficacy of traditional tools and techniques can seem an impossible task? I have two concise (and free!) resources I’d like to share with you to help you on your journey:

E-book: Defending the New Perimeter: Modern Security for the Enterprise

This comprehensive, yet concise guide to Microsoft’s approach to modern enterprise security will help you get a handle on how you can implement a strong, comprehensive cybersecurity strategy with a single vendor.

Download your free copy at http://modernsecurity.info.

Inside the MS Cloud Episode 4 – Hybrid Identity with EMS

If you are interested in learning more about Microsoft’s Enterprise Mobility Suite, and come spend an hour with Azure expert and PowerShell automation Guru Wes Kroesbergen. Wes works with SoftChoice, billion dollar+ LAR, where he specializes in EMS deployment for clients of all sizes.

When it comes to EMS, my buddy Wes knows his stuff! He brings both technical expertise and real-world experience to what I think was an interesting session.

Watch epdisode 4 at http://ipn.tv/imc4/