While Security frameworks suggest admin accounts that uses to manage privileged tasks in Entra and Azure must NOT be synchronised from the local AD, many organisations still sync them as usual accounts. Mostly because these accounts carry admin weight where recreating these accounts are nearly impossible. This blog looks at one practical use case of … Continue reading Breaking the Habit: Moving Privileged Accounts Out of AD. How to Transfer User SOA to Entra ID?
Tag: Identity Management
Guest User Access: A High-Level Checklist
The Guest User access dilemma in Entra is real. Balancing collaboration and security without distracting productivity is a challenge, but that's something you can't put on the back burner, because it can be the "Silent Insider Threat" youโre ignoring.๐ฉIf you block Guest access completely, that can possibly degrade end user productivity. So how to balance … Continue reading Guest User Access: A High-Level Checklist
From Blind Spots to Control: Governing Conditional Access Policies
There are millions of signals passing through Entra every day, some of which are legitimate and some malicious. Having a strong set of Conditional Access (CA) Policies will help you make sure malicious requests do not slip through the cracks and that every access request is verified before access is granted. As your CA Policy … Continue reading From Blind Spots to Control: Governing Conditional Access Policies
Converting AD Group SOA to Govern On-Prem Access via Entra ID
Microsoft recently introduced the Group SOA convert option. At the time of writing, this is in Preview, but with this feature, you can change the AD group's Source of Authority (SOA) to be Entra. HOW COOL? This can help IT admins in many ways. Moving to cloud is the buzz word, but some options are … Continue reading Converting AD Group SOA to Govern On-Prem Access via Entra ID
๐๏ธLet There Be Cloud-Native Endpoints
Recently I got the opportunity to present all about Cloud-Native Endpoints at the first APAC online event series of Microsoft Zero to Hero Community. This was a virtual session where I presented about Microsoft Entra, Intune and how to build a strategy to move your Windows devices to cloud, which is Entra Joined and Managed … Continue reading ๐๏ธLet There Be Cloud-Native Endpoints
3. Cloud Native Endpoints:ย Building a Plan
Previously.. https://emsroute.com/2025/06/09/2-cloud-native-endpoints-why-are-you-on-entra-hybrid-joined-today/ Strategizing the Cloud-Native journey is important. Many organizations have the local Active Directory (AD) as the source of truth for identities, and most systems depend on this mechanism. Most organizations are in a hybrid setup, at least for user identities. You can still build Cloud-Native Endpoints without harming the local AD being the … Continue reading 3. Cloud Native Endpoints:ย Building a Plan
2. Cloud Native Endpoints: Why are You on Entra Hybrid Joined Today?
If you missed the blog roll, check below ๐๐ผ https://emsroute.com/2025/05/09/cloud-native-endpoints/ Before moving to Cloud-Native, let's discuss the current phase where many organizations are possibly in at the moment. Entra Hybrid Joined state. This is the most common state I've seen in the organizations. What usually starts out as a PILOT or a POC to test … Continue reading 2. Cloud Native Endpoints: Why are You on Entra Hybrid Joined Today?
1. Cloud-Native Endpoints: Intro
This is article 1 of the Cloud-Native Endpoint Series. This is a nugget-sized how-to series where I want to showcase how to unlock capabilities to achieve the full cloud-native end goal. ๐กValue of going Hybrid? โกYou have the immediate opportunity to use Entra and Intune-related policies and settings.โกYou are already making an effort to move … Continue reading 1. Cloud-Native Endpoints: Intro
OAuth App Governance
How often do you check and track the Apps list or the app permissions in Enterprise apps in Microsoft Entra? Is that only when you need to register or create a new app? How about user-installed apps? What controls do you have on users' consent on apps? Or know what apps are making excessive calls … Continue reading OAuth App Governance
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
In today's threat landscape, the adversaries are trying to get into organizations in any way they can. New authentication methods are being introduced, and a combination of those methods or auth strengths are too. If you check the demographic of the QR code authentication as advised by Microsoft (which is in Public Preview as of … Continue reading QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
How to Change Intune Security Baseline Policy to Version 24H2?
Intune Security Baseline for Windows 10 and later Version 24H2 is finally here. This is a quick look at the policy and useful details on migration to the new policy. What you will see in the Security Baselines nowWhat's Available in Version 24H2Migrating from 23H2 BaselineTest Before Applying!Useful Links What you will see in the … Continue reading How to Change Intune Security Baseline Policy to Version 24H2?
๐Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Excited to bring the Out of Band: A Microsoft Security Podcast EP01 - Boots on Ground.In this episode, we discuss:- The Microsoft Summer Bootcamp highlights and the overall experience,- Microsoft Secure Future Initiative and what it means to Windows and the overall ecosystem, and- We navigate a password hash synchronization challenge and how to resolve … Continue reading ๐Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
๐High time for a Podcast – Out of Band
The name was coined as a little play to the Windows patch updates - "Out of Band Updates". We are 3 tech professionals talking about all things Microsoft Security and everything in between in the podcast sessions. This idea was bubbling away for a couple of months and finally, we were able to sit down … Continue reading ๐High time for a Podcast – Out of Band
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
The 3 Stages of CA Policy Maturity – Lessons from the Field
Not too long ago I spoke in the Adelaide Microsoft IT Pro User Group regarding Conditional Access Policies (CA policies) we all know and love. It was not a 100% technical how-to discussion as chances are you are already using this in your environment. If I break down my presentation into 3 main parts, it … Continue reading The 3 Stages of CA Policy Maturity – Lessons from the Field
Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access ๐
I've been doing a lot of research into Microsoft's new Global Secure Access recently as most of the features have gone on General Availability. Entra Private Access caught my eye. However, before discussing the feature, it is wise to discuss about the underlying technology that Entra Private Access uses and then jump on to it. … Continue reading Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access ๐
How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Long topic and number of jargon. Cloud Kerberos Trust, Windows Hello for Business (WHfB), Entra ID Joined. Let's break them down one by one and see how Cloud Kerberos Trust will help you in the cloud journey. This in fact will remove one more on-prem dependency. Exciting, isn't it? Let's dig in. What this article … Continue reading How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Microsoft Defender for Identity – A Deep Dive
Microsoft Defender for Identity or MDI. The main purpose of this write-up is to shed some light on the fact that why you need MDI in your environment and how it can protect your traditional on-premises AD infrastructure. It's no wonder that there are a lot of other products in the market that do similar … Continue reading Microsoft Defender for Identity – A Deep Dive
Infographic – Migrate MFA and SSPR Policies to the Converged Authentication Methods Policy
Some useful URLs apart from the below infographic: โค Microsoft Learn doc converged-authentication-methods-policyDownload
Adopting Microsoft Entra ID Governance – A Deep Dive
Lately, there has been a lot happened/ changed/ introduced in the Microsoft Entra ID Governance space and this is one of my favorite topics to write and explain as well. The main reason is that Entra ID Governance features are all interconnected and organizations can easily create an eco-system and start using its features. Not … Continue reading Adopting Microsoft Entra ID Governance – A Deep Dive
EMS Route 