There are millions of signals passing through Entra every day, some of which are legitimate and some malicious. Having a strong set of Conditional Access (CA) Policies will help you make sure malicious requests do not slip through the cracks and that every access request is verified before access is granted. As your CA Policy … Continue reading From Blind Spots to Control: Governing Conditional Access Policies
Tag: Microsoft 365
Getting Started with Windows Autopatch in 2025 (cheat sheet)
Windows Autopatch have come a long way to become the new normal of updating your Windows endpoints, M365 apps, device drivers and Edge browser with Intune whether the devices are physical (workstations/ laptops/ kiosks/ billboards) or virtual (AVD/ W365). Microsoft Learn documentation will have more detailed info into the services, but this is a short … Continue reading Getting Started with Windows Autopatch in 2025 (cheat sheet)
Converting AD Group SOA to Govern On-Prem Access via Entra ID
Microsoft recently introduced the Group SOA convert option. At the time of writing, this is in Preview, but with this feature, you can change the AD group's Source of Authority (SOA) to be Entra. HOW COOL? This can help IT admins in many ways. Moving to cloud is the buzz word, but some options are … Continue reading Converting AD Group SOA to Govern On-Prem Access via Entra ID
🎙️Let There Be Cloud-Native Endpoints
Recently I got the opportunity to present all about Cloud-Native Endpoints at the first APAC online event series of Microsoft Zero to Hero Community. This was a virtual session where I presented about Microsoft Entra, Intune and how to build a strategy to move your Windows devices to cloud, which is Entra Joined and Managed … Continue reading 🎙️Let There Be Cloud-Native Endpoints
3. Cloud Native Endpoints: Building a Plan
Previously.. https://emsroute.com/2025/06/09/2-cloud-native-endpoints-why-are-you-on-entra-hybrid-joined-today/ Strategizing the Cloud-Native journey is important. Many organizations have the local Active Directory (AD) as the source of truth for identities, and most systems depend on this mechanism. Most organizations are in a hybrid setup, at least for user identities. You can still build Cloud-Native Endpoints without harming the local AD being the … Continue reading 3. Cloud Native Endpoints: Building a Plan
1. Cloud-Native Endpoints: Intro
This is article 1 of the Cloud-Native Endpoint Series. This is a nugget-sized how-to series where I want to showcase how to unlock capabilities to achieve the full cloud-native end goal. 💡Value of going Hybrid? ➡You have the immediate opportunity to use Entra and Intune-related policies and settings.➡You are already making an effort to move … Continue reading 1. Cloud-Native Endpoints: Intro
OAuth App Governance
How often do you check and track the Apps list or the app permissions in Enterprise apps in Microsoft Entra? Is that only when you need to register or create a new app? How about user-installed apps? What controls do you have on users' consent on apps? Or know what apps are making excessive calls … Continue reading OAuth App Governance
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
In today's threat landscape, the adversaries are trying to get into organizations in any way they can. New authentication methods are being introduced, and a combination of those methods or auth strengths are too. If you check the demographic of the QR code authentication as advised by Microsoft (which is in Public Preview as of … Continue reading QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Excited to bring the Out of Band: A Microsoft Security Podcast EP01 - Boots on Ground.In this episode, we discuss:- The Microsoft Summer Bootcamp highlights and the overall experience,- Microsoft Secure Future Initiative and what it means to Windows and the overall ecosystem, and- We navigate a password hash synchronization challenge and how to resolve … Continue reading 🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
🎙High time for a Podcast – Out of Band
The name was coined as a little play to the Windows patch updates - "Out of Band Updates". We are 3 tech professionals talking about all things Microsoft Security and everything in between in the podcast sessions. This idea was bubbling away for a couple of months and finally, we were able to sit down … Continue reading 🎙High time for a Podcast – Out of Band
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
I've been doing a lot of research into Microsoft's new Global Secure Access recently as most of the features have gone on General Availability. Entra Private Access caught my eye. However, before discussing the feature, it is wise to discuss about the underlying technology that Entra Private Access uses and then jump on to it. … Continue reading Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
💻 Intune Policy refresh intervals Vs. Config Refresh in simple terms
These are similar-looking terms that perform two different tasks and this quick nugget is to unpack what they do. ⚡Policy Refresh Intervals⚡ This is the standard way for the device to check in with the Intune service to receive the policies and settings.When the device is enrolled with Intune for the 1st time, notifications will … Continue reading 💻 Intune Policy refresh intervals Vs. Config Refresh in simple terms
Microsoft Intune Enterprise App Catalog is Here!
As announced in Microsoft Ignite 2023, the latest addition to the Intune Suite features the Enterprise Application Management and it's Enterprise App Catalog is finally GA as of today. This will remove a lot of hassle that the Device Management Admins need to go through in re-packaging apps in to a .intunewin file and adding … Continue reading Microsoft Intune Enterprise App Catalog is Here!
Adopting Microsoft Entra ID Governance – A Deep Dive
Lately, there has been a lot happened/ changed/ introduced in the Microsoft Entra ID Governance space and this is one of my favorite topics to write and explain as well. The main reason is that Entra ID Governance features are all interconnected and organizations can easily create an eco-system and start using its features. Not … Continue reading Adopting Microsoft Entra ID Governance – A Deep Dive
Login to M365 Services Using Email As An Alternate Login ID
One of the decisions you may have taken when you first planned on your Azure AD/ Entra ID sync was the UPN and what it will be. The recommendation from Microsoft is to always align the Entra ID UPN with the user's email address. Why you ask? It is mainly to avoid confusion among the … Continue reading Login to M365 Services Using Email As An Alternate Login ID
Quick Defender SmartScreen Deep Dive with Niklas Tinner
Recently I got the opportunity to sit with Niklas Tinner, a like-minded tech guru and an End User Computing specialist to discuss Defender SmartScreen and its benefits, advanced hunting for SmartScreen incidents, policies, and best practices. https://www.youtube.com/watch?v=YI_x_dtrSFQ And detailed blog post on the same can be found below. https://shehanperera.com/2022/12/14/defender-smartscreen-deep-dive-02/
How to Track Devices with a Faulty MDE Sensor Health State, Using a Logic App Workflow?
The MDE Sensor Health what we like to see is "Active". The sensor health we don't want is "Inactive" or "Misconfigured". But sometimes it is almost impossible to track the sensor status of all the devices every day so the devices will be all healthy. However, in order to properly communicate with Defender, the endpoint's … Continue reading How to Track Devices with a Faulty MDE Sensor Health State, Using a Logic App Workflow?
🎙️MS EMS Community Podcast EP04
https://www.youtube.com/watch?v=XWvXVCIUm2c In this episode, myself along with Jonas Bøgvad , Andrew Taylor MVP, Lewis Barry and Eric Woodruff, CIDPRO discusses about,⚡️Intunemaps.com and the thought process behind that⚡️An in-depth look at AAD App Registration⚡️An in-depth look at the PRT⚡️MFA Number matching⚡️FIDO and Security
Configure Intune Built-In Roles Using Azure AD PIM for Groups
The perfect Azure AD, Intune combo does not exi..... Some time ago I wrote about Azure AD PIM for groups and its usages. This came to light a few days ago in Microsoft Tech Community as an article and I thought I will give my touch to it. What is it and Why Does This … Continue reading Configure Intune Built-In Roles Using Azure AD PIM for Groups
EMS Route 