While Security frameworks suggest admin accounts that uses to manage privileged tasks in Entra and Azure must NOT be synchronised from the local AD, many organisations still sync them as usual accounts. Mostly because these accounts carry admin weight where recreating these accounts are nearly impossible. This blog looks at one practical use case of … Continue reading Breaking the Habit: Moving Privileged Accounts Out of AD. How to Transfer User SOA to Entra ID?
Tag: Entra ID
Guest User Access: A High-Level Checklist
The Guest User access dilemma in Entra is real. Balancing collaboration and security without distracting productivity is a challenge, but that's something you can't put on the back burner, because it can be the "Silent Insider Threat" you’re ignoring.🚩If you block Guest access completely, that can possibly degrade end user productivity. So how to balance … Continue reading Guest User Access: A High-Level Checklist
Converting AD Group SOA to Govern On-Prem Access via Entra ID
Microsoft recently introduced the Group SOA convert option. At the time of writing, this is in Preview, but with this feature, you can change the AD group's Source of Authority (SOA) to be Entra. HOW COOL? This can help IT admins in many ways. Moving to cloud is the buzz word, but some options are … Continue reading Converting AD Group SOA to Govern On-Prem Access via Entra ID
Making Identity and Access Management More Resilient with Microsoft Entra ID
As organizations are moving the Identity Infrastructure from on-prem to cloud, it is important to understand "what could go wrong" and how to be resilient so the identity-related activities will continue to work with minimum or less downtime. The identity strategy should have some key components when it comes to resilience and identify and document … Continue reading Making Identity and Access Management More Resilient with Microsoft Entra ID
Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
This is 2025 and going Passwordless or using long-lived (365 days) passwords is the recommendation. However, this has been a question for most customers wherever I go. But if you ask, everyone is using their own way to work around this. One popular method is notifying users of the password expiry like a set of … Continue reading Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
🎙High time for a Podcast – Out of Band
The name was coined as a little play to the Windows patch updates - "Out of Band Updates". We are 3 tech professionals talking about all things Microsoft Security and everything in between in the podcast sessions. This idea was bubbling away for a couple of months and finally, we were able to sit down … Continue reading 🎙High time for a Podcast – Out of Band
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
The 3 Stages of CA Policy Maturity – Lessons from the Field
Not too long ago I spoke in the Adelaide Microsoft IT Pro User Group regarding Conditional Access Policies (CA policies) we all know and love. It was not a 100% technical how-to discussion as chances are you are already using this in your environment. If I break down my presentation into 3 main parts, it … Continue reading The 3 Stages of CA Policy Maturity – Lessons from the Field
I May Have Finally Launched my YouTube Channel
This is something I wanted to do from a long time and I guess finally I did it. Launching my own YouTube channel. I gave a lot of thought to planning the goal of this channel and what content I want to bring in and I'm so excited to share my knowledge in this form … Continue reading I May Have Finally Launched my YouTube Channel
How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Long topic and number of jargon. Cloud Kerberos Trust, Windows Hello for Business (WHfB), Entra ID Joined. Let's break them down one by one and see how Cloud Kerberos Trust will help you in the cloud journey. This in fact will remove one more on-prem dependency. Exciting, isn't it? Let's dig in. What this article … Continue reading How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Hardening Exchange Online Security with Microsoft Entra, Intune, and Defender XDR
Your emails are now in the cloud, specifically Microsoft 365 - Exchange Online (EXO). Now what? For many organizations emails are the heart and soul of communication and past records and they use the same On-premises methods to protect emails in the cloud. Regardless, defending it from bad actors is a must because this is … Continue reading Hardening Exchange Online Security with Microsoft Entra, Intune, and Defender XDR
Control Device Code Flow With Entra ID Conditional Access Policies
With the latest developments in Entra ID Protection space, Conditional Access Policies got a bit of a facelift with the Authentication Flow control feature. Still, in Preview, Device Code Flow and Authentication Transfer are the features introduced with the Authentication Flows. I want to cover the Authentication Transfer process in a different article so this … Continue reading Control Device Code Flow With Entra ID Conditional Access Policies
5 Practical Usages of PIM for Groups Explained
I have always been a huge advocate of Entra ID Governance and its usage. It is paramount to make sure the Identity Governance health is in a good position while applying the best practices because Identity is an attack vector, period. Once a bad actor gets hold of the identity, accessing confidential data, Azure resources, … Continue reading 5 Practical Usages of PIM for Groups Explained
How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
One of the popular queries I have got by working with many customers for their Defender for Endpoint deployment projects is We need the Defender Security Policies to be assigned and working as soon as the device is onboarded to MDE.Having Onboarded to MDE, if and when Intune enrollment and Device Registration in Entra ID … Continue reading How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
Login to M365 Services Using Email As An Alternate Login ID
One of the decisions you may have taken when you first planned on your Azure AD/ Entra ID sync was the UPN and what it will be. The recommendation from Microsoft is to always align the Entra ID UPN with the user's email address. Why you ask? It is mainly to avoid confusion among the … Continue reading Login to M365 Services Using Email As An Alternate Login ID
How to Setup 3rd Party Device Compliance Partners in Intune for Conditional Access
While Intune and Entra ID as a whole provide industry-standard device compliance policies and conditional access policies to govern them, there might be a chance that a subset of your device fleet is managed via a different MDM. In the field when I'm talking with the customers, this is mostly because Microsoft Intune was catching … Continue reading How to Setup 3rd Party Device Compliance Partners in Intune for Conditional Access
EMS Route 