054 - I like to move it - but you are not allowed to

NEWS


Mimikatz:
https://dirkjanm.io/digging-further-into-the-primary-refresh-token/

Ignite 2020: https://www.microsoft.com/en-us/ignite

Become a KQL Ninja:
https://security-tzu.com/2020/08/07/become-a-kql-ninja/

Teams:
https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-july-2020/ba-p/1551561

SCC Report: https://github.com/jangeisbauer/SCCReport

Booking "14 people are
     currently watching this product"
--> random()*12 + 3:
https://twitter.com/RoninDey/status/1292002070363541505?s=20

MCAS spoofing:
https://stephanwaelde.com/2020/08/04/mitigate-mcas-issue-with-user-agent-spoofing/

Überall tauchen DUOs auf:
https://twitter.com/matvelloso/status/1291576776238305281?s=20



I LIKE TO MOVE IT


Mover.io (2019 gekauft)

"Alternativen"      SharePoint
Migration Tool, ShareGate, AvePoint, …

Viele Anbindungen (14): S3, AZ Blob, Box, Dropbox, G Suite,
Gdrive, O365, OneDrive



User vs Admin


Self Service Migration


OneDrive 2 OneDrive

DropBox 2 OneDrive

OneDrive 2 DropBox



Admin driven migration


Immer noch die Rede von
      User!

User Mapping = Site Mapping
      = Url 2 Url

Permission Mapping (upn =
      upn) - damit auch B2B
machbar?



UX


Anmelden an Service 1

Anmelden an Service 2

Auf jeder Seite den Ordner
      wählen

Im Ziel auch anlegbar



Tech


2 AAD Apps (alles
      OIDC/Oauth)

Anmeldung an zwei Tenants in derselben Browser Session

Mover OneDrive (user consent)

Office 365 Mover (admin consent)

Keine "Lizenz"

Performance: Mein OneDrive 45k 106 GB = 12 stunden



Use Case


Blob to SharePoint über ein Schedule

https://www.youtube.com/watch?v=vuo8kD5zF5I



BUT YOU ARE NOT ALLOWED TO: Microsoft Endpoint Data Loss
Prevention


Public Preview

Native built into Windows (in MDATP component and edge)



Compliance.microsoft.com


Sensitive Info Type: ex german passport number

AND Share Condition: Is shared with somebody inside or
outside my org



Audit or restrict activities      on
windows devices


Upload to cloudservices or
      access by unallowed browsers

Copy to clipboard

Copy to USB

Copy to network share

Access by unallowed apps

Print



https://techcommunity.microsoft.com/t5/microsoft-security-and/announcing-public-preview-of-microsoft-endpoint-data-loss/ba-p/1534085