Tag: AzureAD

5 Practical Usages of PIM for Groups Explained

I have always been a huge advocate of Entra ID Governance and its usage. It is paramount to make sure the Identity Governance health is in a good position while applying the best practices because Identity is an attack vector, period. Once a bad actor gets hold of the identity, accessing confidential data, Azure resources, … Continue reading 5 Practical Usages of PIM for Groups Explained

Login to M365 Services Using Email As An Alternate Login ID

One of the decisions you may have taken when you first planned on your Azure AD/ Entra ID sync was the UPN and what it will be. The recommendation from Microsoft is to always align the Entra ID UPN with the user's email address. Why you ask? It is mainly to avoid confusion among the … Continue reading Login to M365 Services Using Email As An Alternate Login ID

Don’t Mess Around with MDM User Scopes – A Different Take to “Something Went Wrong 8004005” and “OOBEAADV10” Errors

Something went horribly wrong. Not the policies. Not the deployment profiles, Not the ODJ profile, not the ESP. Let me explain. Setup in a high-level Intune Connector setup Intune Connector account is licensed and the Intune admin role assigned OU delegation done Hybrid Join GPO has setup MDM Auto-enrollment GPO has set Autopilot deployment profiles … Continue reading Don’t Mess Around with MDM User Scopes – A Different Take to “Something Went Wrong 8004005” and “OOBEAADV10” Errors

How to Use the Conditional Access Policy Gap Analyzer Workbook?

Did you know that like in all other Azure services, workbooks are available in Azure AD too? And the good thing about this is, there are a lot of good workbooks ready to be opened and no need to write your KQL queries again. Well, if you fancy your KQL, you can start a new … Continue reading How to Use the Conditional Access Policy Gap Analyzer Workbook?

🎙️MS EMS Community Podcast EP04

https://www.youtube.com/watch?v=XWvXVCIUm2c In this episode, myself along with Jonas Bøgvad , Andrew Taylor MVP, Lewis Barry and Eric Woodruff, CIDPRO discusses about,⚡️Intunemaps.com and the thought process behind that⚡️An in-depth look at AAD App Registration⚡️An in-depth look at the PRT⚡️MFA Number matching⚡️FIDO and Security

Protected Actions in Azure AD

At the time of writing this is still in Preview, but I was curious to find out more about this as anything Security and Azure AD-related is good 🙂 What are Protected Actions? Protected Actions feature is an added layer of security in Azure AD for certain actions you perform What Licenses You Require? Azure … Continue reading Protected Actions in Azure AD

Setup Prerequisites for Windows LAPS in Azure AD

By now you may have seen a lot of updates and posts on how to configure Windows LAPS in Azure AD. Credit goes to all the wonderful gurus out there who really contribute to the community in different ways. My approach in this post is to prepare for the Windows LAPS in Azure AD so … Continue reading Setup Prerequisites for Windows LAPS in Azure AD

Mergers, Acquisitions and Day 1 – Azure AD Cross-Tenant Synchronization

I would like to dedicate this post to writing something on a much-needed topic that personally got me to try a lot of methods and to be creative because this is one of the main tasks that an organization/ management is looking to get done from an IT Specialist. The Day 1. More precisely the … Continue reading Mergers, Acquisitions and Day 1 – Azure AD Cross-Tenant Synchronization

Use Authentication Context with Strong Auth on PIM Role Activation

What is Authentication Context? Authentication Contexts are being used to further secure your application data and actions. You may already have enabled Multi-Factor Authebtaion in your Azure AD tenant and everyone is using the MFA in the same way. However, imagine you have an application where you need to maintain confidential data that only a … Continue reading Use Authentication Context with Strong Auth on PIM Role Activation

[Nugget Post] How to Check All Intune Filter Related Associated Assignments?

You implement more and more filters in policies, but how to go back and see all the associated assignments? Rather than remembering or noting down all the filters you have created and checking manually, you can now see this in the Associated Assignments tab in the required filter. To check the created filter, go to … Continue reading [Nugget Post] How to Check All Intune Filter Related Associated Assignments?

Azure AD Cross-Tenant Access with B2B Direct Connect

This is my take on the Azure AD Cross-Tenant access settings. This was something I was hoping to configure a while back. However the capabilities weren't available at that time, but the need for some kind of a trust relationship between two Azure AD tenants was bubbling up. Gone of days organizations set up trust … Continue reading Azure AD Cross-Tenant Access with B2B Direct Connect

Microsoft Entra Identity Governance – Connecting the Dots

Been working on this blog post for a while as this talks about an important service in Azure AD. In a standard organization environment, how many resources will a user access from the point where they have Onboard to the day that they are offboarded from all the systems? Are you able to keep a … Continue reading Microsoft Entra Identity Governance – Connecting the Dots

Latest Microsoft Authenticator App/ MFA Improvements

Exciting new improvements in the Microsoft Authenticator front. This is a step towards phishing attacks that can lead to accidental MFA approvals. We all know about MFA fatigue by now and how much damage a bad actor can make when an account holder makes one wrong move. This will trend will not stop, but this … Continue reading Latest Microsoft Authenticator App/ MFA Improvements

How to Configure Azure AD Authentication Strengths

Require Multifactor Authentication is good, but what if the methods that can be registered aren't powerful enough to secure the resources? Eg: Accept the Auth push notification or SMS or Phone Call method. Those traditional methods have proved user authentication methods must be strengthened in-order to defend today's sophisticated phishing attacks. Introducing  Authentication strengths Conditional … Continue reading How to Configure Azure AD Authentication Strengths

Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?

Firstly I must say, during your cloud journey you may have seen this error many times and fixed this many times. Also there can be engineers who are yet to see this error (among other errors) and want to fix this. In a Hybrid AAD Joined (HAADJ) environment, ideally what you want the device registration … Continue reading Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?

[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49

FEITIAN Technologies recently reached me out via LinkedIn to request if I can review one of their latest Passwordless key products - K49. This is not a paid review and only contains my independent opinion as a technologist as well as an avid Identity and Access Management enthusiast. I'm always a big fan of going … Continue reading [Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49

A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy

Local Admin is a must needed account/ access that requires in a domain setup for so many reasons. Over the years Microsoft brought many options to manage these accounts in a secure manner. Restricted groups/ LAPS etc. With Azure AD and Endpoint Manager in the scene, many devices are moved to cloud managed rather than … Continue reading A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy

Windows Autopatch – General Availability With Improvements

This is an update post on the much awaited Windows Autopatch service. This went from Public Preview to General Availability today (12/06/2022) and number of good improvements have been introduced and I would like to go through them. If you haven't read my previous posts on Windows Autopatch, please check them from below. Features Enrollment … Continue reading Windows Autopatch – General Availability With Improvements