What if there is something 100% secure than passwords but doesn't have too much weight on the configuration and still a phishing resistant authentication method? Passkeys are your answer. Passkeys are not new as you have seen it's been used pretty much everywhere these days. Why Passkeys is the Future of Passwordless Authentication?How Passkeys Satisfy … Continue reading A Beginner’s Deep Dive Guide to Entra Passkeys
Category: Entra
Simple But a Powerful Entra Setting to Make MFA Prompts User Friendly
MFA Fatigue is real and at the same time an informed decision to complete an MFA authentication request is important. But the end user only knows so much about the difference between a legit prompt and an attacker-led MFA prompt after stealing their credentials (for an example). This Entra setting will take the guesswork out … Continue reading Simple But a Powerful Entra Setting to Make MFA Prompts User Friendly
Breaking the Habit: Moving Privileged Accounts Out of AD. How to Transfer User SOA to Entra ID?
While Security frameworks suggest admin accounts that uses to manage privileged tasks in Entra and Azure must NOT be synchronised from the local AD, many organisations still sync them as usual accounts. Mostly because these accounts carry admin weight where recreating these accounts are nearly impossible. This blog looks at one practical use case of … Continue reading Breaking the Habit: Moving Privileged Accounts Out of AD. How to Transfer User SOA to Entra ID?
Guest User Access: A High-Level Checklist
The Guest User access dilemma in Entra is real. Balancing collaboration and security without distracting productivity is a challenge, but that's something you can't put on the back burner, because it can be the "Silent Insider Threat" you’re ignoring.🚩If you block Guest access completely, that can possibly degrade end user productivity. So how to balance … Continue reading Guest User Access: A High-Level Checklist
From Blind Spots to Control: Governing Conditional Access Policies
There are millions of signals passing through Entra every day, some of which are legitimate and some malicious. Having a strong set of Conditional Access (CA) Policies will help you make sure malicious requests do not slip through the cracks and that every access request is verified before access is granted. As your CA Policy … Continue reading From Blind Spots to Control: Governing Conditional Access Policies
Converting AD Group SOA to Govern On-Prem Access via Entra ID
Microsoft recently introduced the Group SOA convert option. At the time of writing, this is in Preview, but with this feature, you can change the AD group's Source of Authority (SOA) to be Entra. HOW COOL? This can help IT admins in many ways. Moving to cloud is the buzz word, but some options are … Continue reading Converting AD Group SOA to Govern On-Prem Access via Entra ID
OAuth App Governance
How often do you check and track the Apps list or the app permissions in Enterprise apps in Microsoft Entra? Is that only when you need to register or create a new app? How about user-installed apps? What controls do you have on users' consent on apps? Or know what apps are making excessive calls … Continue reading OAuth App Governance
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
In today's threat landscape, the adversaries are trying to get into organizations in any way they can. New authentication methods are being introduced, and a combination of those methods or auth strengths are too. If you check the demographic of the QR code authentication as advised by Microsoft (which is in Public Preview as of … Continue reading QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
Making Identity and Access Management More Resilient with Microsoft Entra ID
As organizations are moving the Identity Infrastructure from on-prem to cloud, it is important to understand "what could go wrong" and how to be resilient so the identity-related activities will continue to work with minimum or less downtime. The identity strategy should have some key components when it comes to resilience and identify and document … Continue reading Making Identity and Access Management More Resilient with Microsoft Entra ID
Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
This is 2025 and going Passwordless or using long-lived (365 days) passwords is the recommendation. However, this has been a question for most customers wherever I go. But if you ask, everyone is using their own way to work around this. One popular method is notifying users of the password expiry like a set of … Continue reading Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
The 3 Stages of CA Policy Maturity – Lessons from the Field
Not too long ago I spoke in the Adelaide Microsoft IT Pro User Group regarding Conditional Access Policies (CA policies) we all know and love. It was not a 100% technical how-to discussion as chances are you are already using this in your environment. If I break down my presentation into 3 main parts, it … Continue reading The 3 Stages of CA Policy Maturity – Lessons from the Field
Mandatory MFA Enforcements! Including Service Accounts and Break Glass Accounts. Now What?
Mark the calendars and make the necessary reminders - 15 Oct 2024 as this will be the day that this enforcement will come into play. This is a good initiative as it will apply the extra layer of protection to the set of applications below. As you can see most of the applications listed below … Continue reading Mandatory MFA Enforcements! Including Service Accounts and Break Glass Accounts. Now What?
Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
I've been doing a lot of research into Microsoft's new Global Secure Access recently as most of the features have gone on General Availability. Entra Private Access caught my eye. However, before discussing the feature, it is wise to discuss about the underlying technology that Entra Private Access uses and then jump on to it. … Continue reading Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Long topic and number of jargon. Cloud Kerberos Trust, Windows Hello for Business (WHfB), Entra ID Joined. Let's break them down one by one and see how Cloud Kerberos Trust will help you in the cloud journey. This in fact will remove one more on-prem dependency. Exciting, isn't it? Let's dig in. What this article … Continue reading How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Leave the Privileged Cloud Identities in the cloud with PIM and RBAC enabled and not synced!
🔸What does this mean?It simply states that Privileged accounts or the accounts that can be elevated in to privileged accounts responsible for tasks in cloud systems must be created as “in-cloud” accounts rather than syncing from a local/ on-prem directory. 🔸Why you ask?The most classic example anyone can think of is Entra ID privileged roles … Continue reading Leave the Privileged Cloud Identities in the cloud with PIM and RBAC enabled and not synced!
Control Device Code Flow With Entra ID Conditional Access Policies
With the latest developments in Entra ID Protection space, Conditional Access Policies got a bit of a facelift with the Authentication Flow control feature. Still, in Preview, Device Code Flow and Authentication Transfer are the features introduced with the Authentication Flows. I want to cover the Authentication Transfer process in a different article so this … Continue reading Control Device Code Flow With Entra ID Conditional Access Policies
5 Practical Usages of PIM for Groups Explained
I have always been a huge advocate of Entra ID Governance and its usage. It is paramount to make sure the Identity Governance health is in a good position while applying the best practices because Identity is an attack vector, period. Once a bad actor gets hold of the identity, accessing confidential data, Azure resources, … Continue reading 5 Practical Usages of PIM for Groups Explained
Infographic – Migrate MFA and SSPR Policies to the Converged Authentication Methods Policy
Some useful URLs apart from the below infographic: ❤ Microsoft Learn doc converged-authentication-methods-policyDownload
Adopting Microsoft Entra ID Governance – A Deep Dive
Lately, there has been a lot happened/ changed/ introduced in the Microsoft Entra ID Governance space and this is one of my favorite topics to write and explain as well. The main reason is that Entra ID Governance features are all interconnected and organizations can easily create an eco-system and start using its features. Not … Continue reading Adopting Microsoft Entra ID Governance – A Deep Dive
EMS Route 