While Security frameworks suggest admin accounts that uses to manage privileged tasks in Entra and Azure must NOT be synchronised from the local AD, many organisations still sync them as usual accounts. Mostly because these accounts carry admin weight where recreating these accounts are nearly impossible. This blog looks at one practical use case of … Continue reading Breaking the Habit: Moving Privileged Accounts Out of AD. How to Transfer User SOA to Entra ID?
Tag: Entra
Device Risk Meets Conditional Access: The Real Power of Unified Endpoint Security
Device compliance is one of the things that should be on top of the list of any organization's Cybersecurity activities. This enforces the next steps that can be taken by the device management solution from reporting to block access to resources immediately if the configured device policies are not meeting a certain standard. For an … Continue reading Device Risk Meets Conditional Access: The Real Power of Unified Endpoint Security
Guest User Access: A High-Level Checklist
The Guest User access dilemma in Entra is real. Balancing collaboration and security without distracting productivity is a challenge, but that's something you can't put on the back burner, because it can be the "Silent Insider Threat" you’re ignoring.🚩If you block Guest access completely, that can possibly degrade end user productivity. So how to balance … Continue reading Guest User Access: A High-Level Checklist
From Blind Spots to Control: Governing Conditional Access Policies
There are millions of signals passing through Entra every day, some of which are legitimate and some malicious. Having a strong set of Conditional Access (CA) Policies will help you make sure malicious requests do not slip through the cracks and that every access request is verified before access is granted. As your CA Policy … Continue reading From Blind Spots to Control: Governing Conditional Access Policies
Getting Started with Windows Autopatch in 2025 (cheat sheet)
Windows Autopatch have come a long way to become the new normal of updating your Windows endpoints, M365 apps, device drivers and Edge browser with Intune whether the devices are physical (workstations/ laptops/ kiosks/ billboards) or virtual (AVD/ W365). Microsoft Learn documentation will have more detailed info into the services, but this is a short … Continue reading Getting Started with Windows Autopatch in 2025 (cheat sheet)
Converting AD Group SOA to Govern On-Prem Access via Entra ID
Microsoft recently introduced the Group SOA convert option. At the time of writing, this is in Preview, but with this feature, you can change the AD group's Source of Authority (SOA) to be Entra. HOW COOL? This can help IT admins in many ways. Moving to cloud is the buzz word, but some options are … Continue reading Converting AD Group SOA to Govern On-Prem Access via Entra ID
🎙️Let There Be Cloud-Native Endpoints
Recently I got the opportunity to present all about Cloud-Native Endpoints at the first APAC online event series of Microsoft Zero to Hero Community. This was a virtual session where I presented about Microsoft Entra, Intune and how to build a strategy to move your Windows devices to cloud, which is Entra Joined and Managed … Continue reading 🎙️Let There Be Cloud-Native Endpoints
5. Cloud-Native Endpoints – Group Policy Analytics
Previously.. https://emsroute.com/2025/06/13/4-cloud-native-endpoints-from-config-manager-to-intune/ Group Policies are a major piece of the Cloud-Native Endpoints puzzle and it's not always easy to track back and remove the legacy policies and now you are planning on policy push via Intune and it's vital to add the GPOs in to the mix. Chances are there are GPO settings you still … Continue reading 5. Cloud-Native Endpoints – Group Policy Analytics
4. Cloud-Native Endpoints – From Config Manager to Intune
Previously.. https://emsroute.com/2025/06/11/3-cloud-native-endpoints-building-a-plan/ If you have Config Manager today and you are thinking of or planning on moving the devices and the workloads to Intune, this article is for you. If you are in that state today, chances are you have a stable (or near-stable) method of managing the devices, patch updates, and GPOs. Moving the … Continue reading 4. Cloud-Native Endpoints – From Config Manager to Intune
3. Cloud Native Endpoints: Building a Plan
Previously.. https://emsroute.com/2025/06/09/2-cloud-native-endpoints-why-are-you-on-entra-hybrid-joined-today/ Strategizing the Cloud-Native journey is important. Many organizations have the local Active Directory (AD) as the source of truth for identities, and most systems depend on this mechanism. Most organizations are in a hybrid setup, at least for user identities. You can still build Cloud-Native Endpoints without harming the local AD being the … Continue reading 3. Cloud Native Endpoints: Building a Plan
2. Cloud Native Endpoints: Why are You on Entra Hybrid Joined Today?
If you missed the blog roll, check below 👇🏼 https://emsroute.com/2025/05/09/cloud-native-endpoints/ Before moving to Cloud-Native, let's discuss the current phase where many organizations are possibly in at the moment. Entra Hybrid Joined state. This is the most common state I've seen in the organizations. What usually starts out as a PILOT or a POC to test … Continue reading 2. Cloud Native Endpoints: Why are You on Entra Hybrid Joined Today?
1. Cloud-Native Endpoints: Intro
This is article 1 of the Cloud-Native Endpoint Series. This is a nugget-sized how-to series where I want to showcase how to unlock capabilities to achieve the full cloud-native end goal. 💡Value of going Hybrid? ➡You have the immediate opportunity to use Entra and Intune-related policies and settings.➡You are already making an effort to move … Continue reading 1. Cloud-Native Endpoints: Intro
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
In today's threat landscape, the adversaries are trying to get into organizations in any way they can. New authentication methods are being introduced, and a combination of those methods or auth strengths are too. If you check the demographic of the QR code authentication as advised by Microsoft (which is in Public Preview as of … Continue reading QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
Making Identity and Access Management More Resilient with Microsoft Entra ID
As organizations are moving the Identity Infrastructure from on-prem to cloud, it is important to understand "what could go wrong" and how to be resilient so the identity-related activities will continue to work with minimum or less downtime. The identity strategy should have some key components when it comes to resilience and identify and document … Continue reading Making Identity and Access Management More Resilient with Microsoft Entra ID
🎙Out of Band: Microsoft Security Podcast. EP02: Intune it
In this episode, we discuss:- The transformation of SC-400 to SC-401,- An amazing resource on the DSPM for AI journey,- The new version of IntuneMaps (Version 3),- A new web-series to assist in your Intune cloud migration journey,- and... a special guest announcement for Episode 3. https://www.youtube.com/watch?v=6FvzfEOSHaE&feature=youtu.be Tune in and let us know what you … Continue reading 🎙Out of Band: Microsoft Security Podcast. EP02: Intune it
🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Excited to bring the Out of Band: A Microsoft Security Podcast EP01 - Boots on Ground.In this episode, we discuss:- The Microsoft Summer Bootcamp highlights and the overall experience,- Microsoft Secure Future Initiative and what it means to Windows and the overall ecosystem, and- We navigate a password hash synchronization challenge and how to resolve … Continue reading 🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
This is 2025 and going Passwordless or using long-lived (365 days) passwords is the recommendation. However, this has been a question for most customers wherever I go. But if you ask, everyone is using their own way to work around this. One popular method is notifying users of the password expiry like a set of … Continue reading Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
🎙High time for a Podcast – Out of Band
The name was coined as a little play to the Windows patch updates - "Out of Band Updates". We are 3 tech professionals talking about all things Microsoft Security and everything in between in the podcast sessions. This idea was bubbling away for a couple of months and finally, we were able to sit down … Continue reading 🎙High time for a Podcast – Out of Band
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
The 3 Stages of CA Policy Maturity – Lessons from the Field
Not too long ago I spoke in the Adelaide Microsoft IT Pro User Group regarding Conditional Access Policies (CA policies) we all know and love. It was not a 100% technical how-to discussion as chances are you are already using this in your environment. If I break down my presentation into 3 main parts, it … Continue reading The 3 Stages of CA Policy Maturity – Lessons from the Field
EMS Route 