I was using EasyEntra for the last couple of weeks and was impressed by its usability and security. In a situation where you have to manage a few Entra ID tenants at the same time in an organization or in a legit MSP type scenario, rather than opening a few browser sessions to jump from … Continue reading 10 EasyEntra Features That Simplify Daily IT Tasks
Tag: Azure
My Most Viewed Blog Posts in 2025
Now that I have posted 180 blog posts here and end of 2025 is just around the corner, I thought it would be best to list down my most viewed blogs. I believe they are most viewed for a reason. Specially in an era where everything is AI and GPT based, I do believe there … Continue reading My Most Viewed Blog Posts in 2025
Breaking the Habit: Moving Privileged Accounts Out of AD. How to Transfer User SOA to Entra ID?
While Security frameworks suggest admin accounts that uses to manage privileged tasks in Entra and Azure must NOT be synchronised from the local AD, many organisations still sync them as usual accounts. Mostly because these accounts carry admin weight where recreating these accounts are nearly impossible. This blog looks at one practical use case of … Continue reading Breaking the Habit: Moving Privileged Accounts Out of AD. How to Transfer User SOA to Entra ID?
Device Risk Meets Conditional Access: The Real Power of Unified Endpoint Security
Device compliance is one of the things that should be on top of the list of any organization's Cybersecurity activities. This enforces the next steps that can be taken by the device management solution from reporting to block access to resources immediately if the configured device policies are not meeting a certain standard. For an … Continue reading Device Risk Meets Conditional Access: The Real Power of Unified Endpoint Security
Guest User Access: A High-Level Checklist
The Guest User access dilemma in Entra is real. Balancing collaboration and security without distracting productivity is a challenge, but that's something you can't put on the back burner, because it can be the "Silent Insider Threat" you’re ignoring.🚩If you block Guest access completely, that can possibly degrade end user productivity. So how to balance … Continue reading Guest User Access: A High-Level Checklist
Getting Started with Windows Autopatch in 2025 (cheat sheet)
Windows Autopatch have come a long way to become the new normal of updating your Windows endpoints, M365 apps, device drivers and Edge browser with Intune whether the devices are physical (workstations/ laptops/ kiosks/ billboards) or virtual (AVD/ W365). Microsoft Learn documentation will have more detailed info into the services, but this is a short … Continue reading Getting Started with Windows Autopatch in 2025 (cheat sheet)
Converting AD Group SOA to Govern On-Prem Access via Entra ID
Microsoft recently introduced the Group SOA convert option. At the time of writing, this is in Preview, but with this feature, you can change the AD group's Source of Authority (SOA) to be Entra. HOW COOL? This can help IT admins in many ways. Moving to cloud is the buzz word, but some options are … Continue reading Converting AD Group SOA to Govern On-Prem Access via Entra ID
5. Cloud-Native Endpoints – Group Policy Analytics
Previously.. https://emsroute.com/2025/06/13/4-cloud-native-endpoints-from-config-manager-to-intune/ Group Policies are a major piece of the Cloud-Native Endpoints puzzle and it's not always easy to track back and remove the legacy policies and now you are planning on policy push via Intune and it's vital to add the GPOs in to the mix. Chances are there are GPO settings you still … Continue reading 5. Cloud-Native Endpoints – Group Policy Analytics
4. Cloud-Native Endpoints – From Config Manager to Intune
Previously.. https://emsroute.com/2025/06/11/3-cloud-native-endpoints-building-a-plan/ If you have Config Manager today and you are thinking of or planning on moving the devices and the workloads to Intune, this article is for you. If you are in that state today, chances are you have a stable (or near-stable) method of managing the devices, patch updates, and GPOs. Moving the … Continue reading 4. Cloud-Native Endpoints – From Config Manager to Intune
3. Cloud Native Endpoints: Building a Plan
Previously.. https://emsroute.com/2025/06/09/2-cloud-native-endpoints-why-are-you-on-entra-hybrid-joined-today/ Strategizing the Cloud-Native journey is important. Many organizations have the local Active Directory (AD) as the source of truth for identities, and most systems depend on this mechanism. Most organizations are in a hybrid setup, at least for user identities. You can still build Cloud-Native Endpoints without harming the local AD being the … Continue reading 3. Cloud Native Endpoints: Building a Plan
2. Cloud Native Endpoints: Why are You on Entra Hybrid Joined Today?
If you missed the blog roll, check below 👇🏼 https://emsroute.com/2025/05/09/cloud-native-endpoints/ Before moving to Cloud-Native, let's discuss the current phase where many organizations are possibly in at the moment. Entra Hybrid Joined state. This is the most common state I've seen in the organizations. What usually starts out as a PILOT or a POC to test … Continue reading 2. Cloud Native Endpoints: Why are You on Entra Hybrid Joined Today?
Why Defendnot is a Wake-up Call? A Ground Level Analysis
TL;DR If you are in the Security world, I believe you have heard all about Defendnot and how lethal it can be. The TL;DR is, Defendnot is a research project (by es3n1n), which is a tool that silently disables Defender AV when a 3rd party AV is not installed in the endpoint. When it's successfully … Continue reading Why Defendnot is a Wake-up Call? A Ground Level Analysis
1. Cloud-Native Endpoints: Intro
This is article 1 of the Cloud-Native Endpoint Series. This is a nugget-sized how-to series where I want to showcase how to unlock capabilities to achieve the full cloud-native end goal. 💡Value of going Hybrid? ➡You have the immediate opportunity to use Entra and Intune-related policies and settings.➡You are already making an effort to move … Continue reading 1. Cloud-Native Endpoints: Intro
OAuth App Governance
How often do you check and track the Apps list or the app permissions in Enterprise apps in Microsoft Entra? Is that only when you need to register or create a new app? How about user-installed apps? What controls do you have on users' consent on apps? Or know what apps are making excessive calls … Continue reading OAuth App Governance
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
In today's threat landscape, the adversaries are trying to get into organizations in any way they can. New authentication methods are being introduced, and a combination of those methods or auth strengths are too. If you check the demographic of the QR code authentication as advised by Microsoft (which is in Public Preview as of … Continue reading QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
This is 2025 and going Passwordless or using long-lived (365 days) passwords is the recommendation. However, this has been a question for most customers wherever I go. But if you ask, everyone is using their own way to work around this. One popular method is notifying users of the password expiry like a set of … Continue reading Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
The 3 Stages of CA Policy Maturity – Lessons from the Field
Not too long ago I spoke in the Adelaide Microsoft IT Pro User Group regarding Conditional Access Policies (CA policies) we all know and love. It was not a 100% technical how-to discussion as chances are you are already using this in your environment. If I break down my presentation into 3 main parts, it … Continue reading The 3 Stages of CA Policy Maturity – Lessons from the Field
How to Use the Conditional Access Policy Gap Analyzer Workbook?
Did you know that like in all other Azure services, workbooks are available in Azure AD too? And the good thing about this is, there are a lot of good workbooks ready to be opened and no need to write your KQL queries again. Well, if you fancy your KQL, you can start a new … Continue reading How to Use the Conditional Access Policy Gap Analyzer Workbook?
EMS Route 