| spath path=properties.status.errorCode output=errorCode
| spath path=properties.status.failureReason output=failureReason
| spath path=properties.userPrincipalName output=userPrincipalName
| eval errorCode=tonumber(errorCode)
| stats latest(properties.createdDateTime) as properties.createdDateTime,
latest(time) as time,
latest(errorCode) as last_errorCode,
values(failureReason) as all_failureReasons, 
Khan rezamt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let data = SigninLogs | |
| | where AppDisplayName in ('*') or '*' in ('*') | |
| | where UserDisplayName in ('*') or '*' in ('*') | |
| | extend errorCode = Status.errorCode | |
| | extend SigninStatus = case(errorCode == 0, "Success", errorCode == 50058, "Pending action (Interrupts)", errorCode == 50140, "Pending action (Interrupts)", errorCode == 51006, "Pending action (Interrupts)", errorCode == 50059, "Pending action (Interrupts)", errorCode == 65001, "Pending action (Interrupts)", errorCode == 52004, "Pending action (Interrupts)", errorCode == 50055, "Pending action (Interrupts)", errorCode == 50144, "Pending action (Interrupts)", errorCode == 50072, "Pending action (Interrupts)", errorCode == 50074, "Pending action (Interrupts)", errorCode == 16000, "Pending action (Interrupts)", errorCode == 16001, "Pending action (Interrupts)", errorCode == 16003, "Pending action (Interrupts)", errorCode == 50127, "Pending action (Interrupts)", errorCode == 50125, "Pending action (Interrupts)", errorCode == 50129, "Pending a |
- AADSTS16000: User account doesn't exist in tenant and can't access the application. [cite: 1]
- AADSTS16003: User hasn't been explicitly added to the tenant. [cite: 9]
- AADSTS50014: User account doesn’t exist in the directory (Guest user in pending state). [cite: 59]
- AADSTS50015: User requires legal age group consent. [cite: 62]
- AADSTS50020: User account from identity provider does not exist in tenant and cannot access the application. [cite: 66]
- AADSTS50034: User account not found; account must be added to the directory. [cite: 79]
- AADSTS50053: Account is locked (too many incorrect sign-in attempts) or sign-in blocked from malicious IP. [cite: 86, 87]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| index=your_index_name sourcetype="your_sourcetype" IsInteractive=true | |
| | eval week=strftime(_time, "%U"), day=strftime(_time, "%Y-%m-%d") | |
| | eval Result=if(ResultType="0", "Success", "Failure") | |
| | eval weekLabel=case(relative_time(now(), "@w0") <= _time, "This Week", relative_time(now(), "-1w@w0") <= _time AND _time < relative_time(now(), "@w0"), "Last Week", "Other") | |
| | search weekLabel="This Week" OR weekLabel="Last Week" | |
| | stats count by day, weekLabel, Result | |
| | eval Label=case(Result="Success" AND weekLabel="This Week", "Current Success", | |
| Result="Failure" AND weekLabel="This Week", "Current Failure", | |
| Result="Success" AND weekLabel="Last Week", "Success Trend (Last Week)", | |
| Result="Failure" AND weekLabel="Last Week", "Failure Trend (Last Week)") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $gpoList = Get-CsvData -FilePath "gpo-data.csv" | |
| $gpoList| foreach { | |
| $gpo = Get-GPO -Guid $_.ID | |
| # Write-Output "$($gpo.Id),$($gpo.DisplayName),$($gpo.Owner)" | |
| $gpo | |
| } |
https://nicolasuter.medium.com/why-you-should-use-entra-workload-identity-federation-dfe8b6b626a1
Which scenarios support “Workload identity Federation”?
- Workloads running on any Kubernetes cluster (Azure Kubernetes Service (AKS), Amazon Web Services EKS, Google Kubernetes Engine (GKE), or on-premises)
- GitHub Actions (CI / CD Pipelines) [2]
- GitLab (CI / CD Pipelines) [3]
- Workloads / VMs Google Cloud
- Workloads / VMs running in Amazon Web Services (AWS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Framework | |
| # Reference Architecture | |
| https://www.youtube.com/watch?v=1fjXNfIysbg&t=2612s |
By requiring signed requests, you ensure that the authentication requests are coming from a trused source. This helps prevent unauthorized access and reduces the risk of man-in-the-middle attacks1.
Signed requests guarantee that the data within the authentication request has not been tampered with during transmission. This ensures the integrity of the authentication process1.
Many regulatory frameworks and security standards require the use of signed authentication requests to ensure secure data exchange. Enforcing signed requests helps organizations meet these compliance requirements1.