![[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49](https://emsroute.com/wp-content/uploads/2022/07/windows-feature-update-device-readiness-reports-11.png?w=863&h=0&crop=1)
FEITIAN Technologies recently reached me out via LinkedIn to request if I can review one of their latest Passwordless key products - K49. This is not a paid review and only contains my independent opinion as a technologist as well as an avid Identity and Access Management enthusiast. I'm always a big fan of going … Continue reading [Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49
Tag: Identity Management
A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy
Local Admin is a must needed account/ access that requires in a domain setup for so many reasons. Over the years Microsoft brought many options to manage these accounts in a secure manner. Restricted groups/ LAPS etc. With Azure AD and Endpoint Manager in the scene, many devices are moved to cloud managed rather than … Continue reading A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy
Use Conditional Access Policies to Securely Register Security Information for MFA and SSPR
Hello there! This week I thought I will write one more article on Conditional Access Policies. As you know setting up an access policy is easy and it is basically mandatory to have one or more polices now, but you may have internal polices where anyone who is registering for MFA must do that in … Continue reading Use Conditional Access Policies to Securely Register Security Information for MFA and SSPR
How to use Log Analytics on Endpoint Manager
Ever since I learned about KQL I'm obsessed about it and what it can do in Azure Log Analytics space and this is my attempt on plugging another service to Log Analytics to experiment with the logs. KQL has proven to be a clever tool when it comes to dig deeper in to Log Analytics. … Continue reading How to use Log Analytics on Endpoint Manager
How to Setup Endpoint Manager RBAC
Welcome to another MEM article. Today I'm going to talk about an essential component of Microsoft Endpoint Manager where a lot of admins ignore or fail to configure. As your team grows or if you planning on outsourcing tasks to a different team of admins, a MSP perhaps, it is vital to configure correct RBAC … Continue reading How to Setup Endpoint Manager RBAC
How to Use KQL and Azure Log Analytics to Inspect Azure AD Sign-in Logs?
As you may already know KQL has become the standard for querying large data sets in Azure Log Analytics space. When you have thousands of users who are in Azure AD and when you have MFA and other Conditional Access Policies setup, next thing you will see is tons of sign in logs, activity logs, … Continue reading How to Use KQL and Azure Log Analytics to Inspect Azure AD Sign-in Logs?
Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
When you planning (of course you are!) to bring the local AD joined Windows workstations to Microsoft Endpoint Manager/ Intune, one of the first things you need to complete is a Pilot/ controlled deployment to understand the end result, Hybrid AAD Joined state's features and what options will be opened for you to test and … Continue reading Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
Manage Continues Access Evaluation behaviour via Conditional Access Polices
When I first had a play with CAE for the 1st time, I wrote about on the importance of this setting and how to enable it in your environment. Please check the previous article below. https://shehanperera.com/2021/07/10/aad-cae/ Microsoft recently announced the same CAE control will be available via Conditional Access Policies and can be setup per … Continue reading Manage Continues Access Evaluation behaviour via Conditional Access Polices
Azure AD Hidden Gems. Azure AD Temporary Access Pass
Temporary Access Pass or TAP, is a cool Azure AD feature which is still in Preview, but I see huge wins if Microsoft put this in to general availability so that the IT admins can provide uninterupted security over user accounts. In real life, users may forget to bring the mobile phone to office or … Continue reading Azure AD Hidden Gems. Azure AD Temporary Access Pass
How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?
As of July 31 2021, this feature in Generally Available and was notified in the M365 Admin Center with the message MC274516 This approach is how you assign roles to Azure AD Groups along with the Privileged Identity Management features Just in Time access and Access Reviews options. Previous setup If you need to assign … Continue reading How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?
How to analyze Conditional Access Policies with ‘Report Only’ Mode?
Conditional Access Polices can be setup in 3 main modes. On/ Off/ Report Only. On and Off modes are self explanatory where "Report Only" mode needs additional work. This post will go in detail on how to use the Report Only mode before you actually switch to ON. Read more about Conditional Access Policies https://shehanperera.com/2022/05/03/aad-cap101/ … Continue reading How to analyze Conditional Access Policies with ‘Report Only’ Mode?
Why Azure AD Continues Access Evaluation is Important?
Continues Access Evaluation or CAE is still in preview, but it has proven to refresh the near-real time refresh for Conditional Access Policies. Ideally this is a very helpful feature in the world of Identity and Access Management, because there are frequent attacks happening and the IdAM Admins need to take action quickly. Some actions … Continue reading Why Azure AD Continues Access Evaluation is Important?
Automate Cross Tenant Resource Access With Azure AD Entitlement Management
With the Azure AD Identity Governance feature "Entitle Management" it is easier to automate the access requests, set expiry dates, justify why a user needs access and get the load out of the IT admins. Azure B2B collaboration is a hot topic these days and the end result should be stresses access from the end … Continue reading Automate Cross Tenant Resource Access With Azure AD Entitlement Management
3 Ways to Enforce Azure AD MFA Registration in Azure AD/ M365 Tenant
Requirement of having MFA on Azure AD accounts are top priority at the moment and basically it has become a basic requirement. There are couple of ways to enable MFA on to user accounts by default. This can make sure all users are protected without having t o run periodic reports etc. Reason for collation … Continue reading 3 Ways to Enforce Azure AD MFA Registration in Azure AD/ M365 Tenant
Effective use of Azure AD Administrative Units [Azure AD AUs]
![Effective use of Azure AD Administrative Units [Azure AD AUs]](https://emsroute.com/wp-content/uploads/2020/12/blog.jpg?w=863&h=0&crop=1)
I look at the Azure AD portal with curiosity to see what are the new features and then want to play around with them to better understand it’s usage. This is not a latest feature, but it’s out of the preview mode and this is me writing the effective use of Azure AD AUs. How … Continue reading Effective use of Azure AD Administrative Units [Azure AD AUs]
How to federate Google (Gmail) accounts with Azure AD to access resources without a Microsoft account
My DIY project for this weekend is to try and implement a method to set Google as an identity provider for Azure AD resource access requirements. If someone can access apps or services on a different platform without having to create an account of the resource owner's end, that makes lives more easier and simply … Continue reading How to federate Google (Gmail) accounts with Azure AD to access resources without a Microsoft account
Azure AD User Automation For Better Identity And Access Management
Why automate such a workload? Few reasons though Better Identity and access managementNot having to update too many locations for these type of requestsMeet demands/ less stress on the frontline IT This is the age of automation and everyone is in the automation bandwagon to automate the tech workloads in the cloud or on-premises. If … Continue reading Azure AD User Automation For Better Identity And Access Management
Preparing workstations for the Cloud Journey with Hybrid Azure AD Join
In almost all the cases, the organization is not in a position to get away from the local domain as its tightly connected with other services that are running on-premises and maintaining the on-premises identity is vital. Further, you have the on-premises domain and the workstations are joined to it, GPOs being pushed across and … Continue reading Preparing workstations for the Cloud Journey with Hybrid Azure AD Join
Block Sign-in from Shared Mailboxes
I Found something very interesting in the Microsoft 365 Admin Center related to Shared Mailboxes recently and was inquisitive to check more on that. No explanations required for Shared Mailboxes and how it operates and the limitations. As long as a licensed user has got the delegation rights, that said user can open the mailbox … Continue reading Block Sign-in from Shared Mailboxes
EMS Route 