Some useful URLs apart from the below infographic: ❤ Microsoft Learn doc converged-authentication-methods-policyDownload
Tag: Identity Management
Adopting Microsoft Entra ID Governance – A Deep Dive
Lately, there has been a lot happened/ changed/ introduced in the Microsoft Entra ID Governance space and this is one of my favorite topics to write and explain as well. The main reason is that Entra ID Governance features are all interconnected and organizations can easily create an eco-system and start using its features. Not … Continue reading Adopting Microsoft Entra ID Governance – A Deep Dive
Login to M365 Services Using Email As An Alternate Login ID
One of the decisions you may have taken when you first planned on your Azure AD/ Entra ID sync was the UPN and what it will be. The recommendation from Microsoft is to always align the Entra ID UPN with the user's email address. Why you ask? It is mainly to avoid confusion among the … Continue reading Login to M365 Services Using Email As An Alternate Login ID
How to Use the Conditional Access Policy Gap Analyzer Workbook?
Did you know that like in all other Azure services, workbooks are available in Azure AD too? And the good thing about this is, there are a lot of good workbooks ready to be opened and no need to write your KQL queries again. Well, if you fancy your KQL, you can start a new … Continue reading How to Use the Conditional Access Policy Gap Analyzer Workbook?
🎙️MS EMS Community Podcast EP04
https://www.youtube.com/watch?v=XWvXVCIUm2c In this episode, myself along with Jonas Bøgvad , Andrew Taylor MVP, Lewis Barry and Eric Woodruff, CIDPRO discusses about,⚡️Intunemaps.com and the thought process behind that⚡️An in-depth look at AAD App Registration⚡️An in-depth look at the PRT⚡️MFA Number matching⚡️FIDO and Security
4 Steps to Configure Azure AD PIM for Groups
Few uses of PIM-managed groupsChallengeSolutionFew NotesPrerequisites - LicensesStep 1 - Group CreationStep 2 - Onboard the group for PIMStep 3 - Add PIM AssignmentsStep 4 - Setup Role SettingsUser ActivationUse Access ReviewsWrapping Up When I 1st posted the below infographic in my Socials, I thought I made myself clear that this is not an Azure … Continue reading 4 Steps to Configure Azure AD PIM for Groups
Use Authentication Context with Strong Auth on PIM Role Activation
What is Authentication Context? Authentication Contexts are being used to further secure your application data and actions. You may already have enabled Multi-Factor Authebtaion in your Azure AD tenant and everyone is using the MFA in the same way. However, imagine you have an application where you need to maintain confidential data that only a … Continue reading Use Authentication Context with Strong Auth on PIM Role Activation
🎙️MS EMS Community Podcast EP02
With no particular agenda other than having a casual chat about recent tech events, this time including: Hybrid IdentitiesSecurity PostureMindset changesAzure AD Cross-Tenant Sync https://www.youtube.com/watch?v=0RAvGTAlDSc
🎙️MS EMS Community Podcast EP01
BYOD – Part 2 – Manage Your Azure AD Registered Devices
Previously on BYOD... I discussed the restrictions and conditions you can make so the BYOD fleet can be managed well. Read below if you haven’t. My focus was the Azure AD and Intune side of things when it comes to managing the fleet. https://shehanperera.com/2023/01/26/byod-01/ However, part 2 of this series is focusing on the scenario … Continue reading BYOD – Part 2 – Manage Your Azure AD Registered Devices
It’s 2023. Let’s Talk About Azure AD Connect Cloud Sync
The first post for 2023 and I thought I want to focus on something that will take over the main stage soon (probably). Azure AD Connect Cloud Sync. This has been there for a while and its capabilities (some capabilities) are proven to minimize that admin overhead and if you have dealt with the Azure … Continue reading It’s 2023. Let’s Talk About Azure AD Connect Cloud Sync
Microsoft Intune Bulk Device Actions
This will be a short blog post, but I want to cover something that is important when you have a large device fleet. This is a useful feature if you haven't seen it yet or not tried it yet, because rather than using a CLI, you can use the Intune Portal to perform bulk actions. … Continue reading Microsoft Intune Bulk Device Actions
Azure AD Cross-Tenant Access with B2B Direct Connect
This is my take on the Azure AD Cross-Tenant access settings. This was something I was hoping to configure a while back. However the capabilities weren't available at that time, but the need for some kind of a trust relationship between two Azure AD tenants was bubbling up. Gone of days organizations set up trust … Continue reading Azure AD Cross-Tenant Access with B2B Direct Connect
How to Plan for a Windows 365 Cloud PC Deployment?
In my 1st blog post related to Windows 365, I discussed how to get started with the product. This is post #2 of the series and in this, I want to discuss what to think when planning for your Windows 365 deployment and especially how to set up RBAC. Before jumping into the technical side … Continue reading How to Plan for a Windows 365 Cloud PC Deployment?
Microsoft Entra Identity Governance – Connecting the Dots
Been working on this blog post for a while as this talks about an important service in Azure AD. In a standard organization environment, how many resources will a user access from the point where they have Onboard to the day that they are offboarded from all the systems? Are you able to keep a … Continue reading Microsoft Entra Identity Governance – Connecting the Dots
My First Speaking Session and the First Microsoft EM+S Community Live Event
So last week I finally did my very 1st speaking session. This is the very 1st community event held by the Discord Group Microsoft EM+S Community. Microsoft EM+S Community https://www.youtube.com/watch?v=Cxr61C4g7iQ Shout out to the other speakers as they've all done a great job in presenting their sessions as well as continuously sharing their knowledge on … Continue reading My First Speaking Session and the First Microsoft EM+S Community Live Event
How to Configure Azure AD Connect Sync and Cloud Sync Tools to Prevent Accidental Object Deletions
This blog post is a combination of old and new features of Azure AD Connect Sync and Azure AD Cloud Sync tools. AAD Connect Sync feature was there already and what's new is the Sync Client's feature of preventing accidental deletion. There can be many reasons for this kind of mishap to take place Intentional … Continue reading How to Configure Azure AD Connect Sync and Cloud Sync Tools to Prevent Accidental Object Deletions
Latest Microsoft Authenticator App/ MFA Improvements
Exciting new improvements in the Microsoft Authenticator front. This is a step towards phishing attacks that can lead to accidental MFA approvals. We all know about MFA fatigue by now and how much damage a bad actor can make when an account holder makes one wrong move. This will trend will not stop, but this … Continue reading Latest Microsoft Authenticator App/ MFA Improvements
How to Configure Azure AD Authentication Strengths
Require Multifactor Authentication is good, but what if the methods that can be registered aren't powerful enough to secure the resources? Eg: Accept the Auth push notification or SMS or Phone Call method. Those traditional methods have proved user authentication methods must be strengthened in-order to defend today's sophisticated phishing attacks. Introducing Authentication strengths Conditional … Continue reading How to Configure Azure AD Authentication Strengths
The Calm After the Storm. Microsoft Ignite 2022 All Endpoint Management and Identity and Access Announcements
Microsoft Ignite 2022 just finished and it was a blast! So many new product updates and announcements. It was truly exciting to see all the Ignite related news. Because obviously it was a lot and probably the LinkedIn feeds are flooded with the updates and reposts and what not, I thought to give it a … Continue reading The Calm After the Storm. Microsoft Ignite 2022 All Endpoint Management and Identity and Access Announcements
EMS Route 