One of the decisions you may have taken when you first planned on your Azure AD/ Entra ID sync was the UPN and what it will be. The recommendation from Microsoft is to always align the Entra ID UPN with the user's email address. Why you ask? It is mainly to avoid confusion among the … Continue reading Login to M365 Services Using Email As An Alternate Login ID
Category: Entra
A Summary of the Microsoft Entra Announcements
❗A Summary of the Microsoft Entra Announcements in case you have missed the chatter :) Full Story - https://www.microsoft.com/en-us/security/blog/2023/07/11/microsoft-entra-expands-into-security-service-edge-and-azure-ad-becomes-microsoft-entra-id/ ⚡Microsoft Entra IDAzure AD --> Now "Microsoft Entra ID"🔗https://lnkd.in/gmr756ws ⚡Microsoft Entra ID Governance - Now Generally Available🔗https://lnkd.in/gJ3zQbj5 ⚡Microsoft Entra Internet Access (preview) - An identity-centric Secure Web Gateway that protects access to internet, software as a service (SaaS), … Continue reading A Summary of the Microsoft Entra Announcements
How to Use the Conditional Access Policy Gap Analyzer Workbook?
Did you know that like in all other Azure services, workbooks are available in Azure AD too? And the good thing about this is, there are a lot of good workbooks ready to be opened and no need to write your KQL queries again. Well, if you fancy your KQL, you can start a new … Continue reading How to Use the Conditional Access Policy Gap Analyzer Workbook?
Configure Intune Built-In Roles Using Azure AD PIM for Groups
The perfect Azure AD, Intune combo does not exi..... Some time ago I wrote about Azure AD PIM for groups and its usages. This came to light a few days ago in Microsoft Tech Community as an article and I thought I will give my touch to it. What is it and Why Does This … Continue reading Configure Intune Built-In Roles Using Azure AD PIM for Groups
Protected Actions in Azure AD
Update 18/06/2024 Protected Actions are out of Preview and have 17 actions as opposed to 7 actions that was there when it was in preview. ✅Available Protected Actions Update basic properties for Conditional Access policies Create Conditional Access policies Update allowed cloud endpoints of cross-tenant access policy Update Microsoft Entra B2B collaboration settings of the … Continue reading Protected Actions in Azure AD
4 Steps to Configure Azure AD PIM for Groups
Few uses of PIM-managed groupsChallengeSolutionFew NotesPrerequisites - LicensesStep 1 - Group CreationStep 2 - Onboard the group for PIMStep 3 - Add PIM AssignmentsStep 4 - Setup Role SettingsUser ActivationUse Access ReviewsWrapping Up When I 1st posted the below infographic in my Socials, I thought I made myself clear that this is not an Azure … Continue reading 4 Steps to Configure Azure AD PIM for Groups
Setup Prerequisites for Windows LAPS in Azure AD
By now you may have seen a lot of updates and posts on how to configure Windows LAPS in Azure AD. Credit goes to all the wonderful gurus out there who really contribute to the community in different ways. My approach in this post is to prepare for the Windows LAPS in Azure AD so … Continue reading Setup Prerequisites for Windows LAPS in Azure AD
Mergers, Acquisitions and Day 1 – Entra ID Cross-Tenant Synchronization
I would like to dedicate this post to writing something on a much-needed topic that personally got me to try a lot of methods and to be creative because this is one of the main tasks that an organization/ management is looking to get done from an IT Specialist. The Day 1. More precisely the … Continue reading Mergers, Acquisitions and Day 1 – Entra ID Cross-Tenant Synchronization
Use Authentication Context with Strong Auth on PIM Role Activation
What is Authentication Context? Authentication Contexts are being used to further secure your application data and actions. You may already have enabled Multi-Factor Authebtaion in your Azure AD tenant and everyone is using the MFA in the same way. However, imagine you have an application where you need to maintain confidential data that only a … Continue reading Use Authentication Context with Strong Auth on PIM Role Activation
BYOD – Part 2 – Manage Your Azure AD Registered Devices
Previously on BYOD... I discussed the restrictions and conditions you can make so the BYOD fleet can be managed well. Read below if you haven’t. My focus was the Azure AD and Intune side of things when it comes to managing the fleet. https://shehanperera.com/2023/01/26/byod-01/ However, part 2 of this series is focusing on the scenario … Continue reading BYOD – Part 2 – Manage Your Azure AD Registered Devices
BYOD – Part 1 – The Love-Hate Relationship
This is a 2 part series and I would like to get to the nitty gritty of BYOD because as IT Pros or leaders who are managing IT in an organization, we have dealt with BYOD (Bring Your Own Device) related questions at least once in our career. Not once, but maybe daily or maybe … Continue reading BYOD – Part 1 – The Love-Hate Relationship
It’s 2023. Let’s Talk About Azure AD Connect Cloud Sync
The first post for 2023 and I thought I want to focus on something that will take over the main stage soon (probably). Azure AD Connect Cloud Sync. This has been there for a while and its capabilities (some capabilities) are proven to minimize that admin overhead and if you have dealt with the Azure … Continue reading It’s 2023. Let’s Talk About Azure AD Connect Cloud Sync
Azure AD Cross-Tenant Access with B2B Direct Connect
This is my take on the Azure AD Cross-Tenant access settings. This was something I was hoping to configure a while back. However the capabilities weren't available at that time, but the need for some kind of a trust relationship between two Azure AD tenants was bubbling up. Gone of days organizations set up trust … Continue reading Azure AD Cross-Tenant Access with B2B Direct Connect
Microsoft Entra Identity Governance – Connecting the Dots
Been working on this blog post for a while as this talks about an important service in Azure AD. In a standard organization environment, how many resources will a user access from the point where they have Onboard to the day that they are offboarded from all the systems? Are you able to keep a … Continue reading Microsoft Entra Identity Governance – Connecting the Dots
How to Configure Azure AD Connect Sync and Cloud Sync Tools to Prevent Accidental Object Deletions
This blog post is a combination of old and new features of Azure AD Connect Sync and Azure AD Cloud Sync tools. AAD Connect Sync feature was there already and what's new is the Sync Client's feature of preventing accidental deletion. There can be many reasons for this kind of mishap to take place Intentional … Continue reading How to Configure Azure AD Connect Sync and Cloud Sync Tools to Prevent Accidental Object Deletions
Latest Microsoft Authenticator App/ MFA Improvements
Exciting new improvements in the Microsoft Authenticator front. This is a step towards phishing attacks that can lead to accidental MFA approvals. We all know about MFA fatigue by now and how much damage a bad actor can make when an account holder makes one wrong move. This will trend will not stop, but this … Continue reading Latest Microsoft Authenticator App/ MFA Improvements
How to Configure Azure AD Authentication Strengths
Require Multifactor Authentication is good, but what if the methods that can be registered aren't powerful enough to secure the resources? Eg: Accept the Auth push notification or SMS or Phone Call method. Those traditional methods have proved user authentication methods must be strengthened in-order to defend today's sophisticated phishing attacks. Introducing Authentication strengths Conditional … Continue reading How to Configure Azure AD Authentication Strengths
Azure AD Device Registration – Part 2 – Use Azure Automation to Get Notified When Devices Go Pending State
This is the 2nd post of this 2 part troubleshooting series and In the 1st part of this series I showed you why the devices can go on Pending and what can you do to troubleshoot and fix the issue. But what if you go Hybrid AAD Join mode with your fleet and you need … Continue reading Azure AD Device Registration – Part 2 – Use Azure Automation to Get Notified When Devices Go Pending State
Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?
Firstly I must say, during your cloud journey you may have seen this error many times and fixed this many times. Also there can be engineers who are yet to see this error (among other errors) and want to fix this. In a Hybrid AAD Joined (HAADJ) environment, ideally what you want the device registration … Continue reading Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?
[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49
![[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49](https://emsroute.com/wp-content/uploads/2022/07/windows-feature-update-device-readiness-reports-11.png?w=863&h=0&crop=1)
FEITIAN Technologies recently reached me out via LinkedIn to request if I can review one of their latest Passwordless key products - K49. This is not a paid review and only contains my independent opinion as a technologist as well as an avid Identity and Access Management enthusiast. I'm always a big fan of going … Continue reading [Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49
EMS Route 