In my work as a modern workplace consultant, I see a lot of Microsoft Endpoint Manager/Intune environments. Many of these environments have been build based on trial and therefore it lacks structure and overview. Most of the environments have been built from scratch, adding and removing functionality until a point was reached where the solution…
Category: AzureAD
Conditional Access demystified: My recommended default set of policies
In August last year, I published eight articles in a series on Conditional Access, and later once finished I decided to bundle those articles in a paper which are now available on GitHub. You can find version 1.1. of the Conditional Access demystified paper there. You can expect a new version coming soon, since I…
Understanding and governing reauthentication settings in Azure Active Directory
Governing when users receive authentication prompts when authenticating to Azure Active Directory (Azure AD) is depending on more than one setting, on which functionalities are in use and also in which scenario you authenticate (Browser, Modern clients or other). Reauthentication can take place by asking for a single factor, like password, FIDO, the password less…
Announcing #WMUG_NL Tuesdays Webinar 13 on October 27th featuring Erik Loef and Kenneth van Surksum
For Tuesday, October 27th we are proud to announce that Erik Loef, CTO and Microsoft MVP at Proxsys, and Kenneth van Surksum, Modern Workplace consultant at Insight24 will host a session about: “What is this Modern Authentication everyone is talking about, and why you should phase out Legacy authentication?”
Azure AD Continuous access evaluation (CAE), a first look
In April 2020 Alex Weinert, Director of Identity Security at Microsoft announced that Microsoft was working on moving towards real time policy and security enforcement. The first implementation for this move is now available as an option you can enabled within Azure AD, called Continuous access evaluation (CAE). The functionality released in April was only…
Announcing #WMUG_NL Tuesdays Webinar 12 featuring Thijs Lecomte
Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call WMUG_NL Tuesdays Webinars. For Tuesday, October 13th we are proud to announce that Thijs Lecomte, senior Microsoft 365 consultant at The Collective Consulting and technical editor for the Microsoft 365 Security…
Assigning groups to Azure AD roles and Privileged access groups, a first look!
On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature is one of the most requested features to be found in the Azure AD feedback forum. I have been following this feature request for a while now, and up until recently…
Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions
One of the scenario’s we can build with Conditional Access, is the scenario where we restrict access inside the web application itself. By doing so, you could for example limit the functionality of the web applications on non-managed devices, or when accessing the web application from a country where your company normally doesn’t operate. The…
May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation spreadsheet
In August last year, I published eight articles in a series on Conditional Access, and later when finished I decided to bundle those articles in a paper which I made available on the TechNet Gallery. In March this year, Microsoft decided to retire the TechNet Gallery, so I had to find another solution to host…
Some welcome additions to the Admin consent workflow in Azure AD
Update October 7 2020: This functionality is now GA, see Publisher verification and app consent policies are now generally available In February this year, I wrote an article about Admin consent in Azure Active Directory. The article titled: “Did you already modify your Azure AD consent defaults settings? Here is why you should“, explained why…
Azure AD Identity Protection deep dive
One of the advantages of Microsoft having many customers using its services is that Microsoft can leverage data from those customers and apply some real fancy Machine Learning on that data, coming from Azure AD, Microsoft Accounts and even Xbox services. Based on all that data the Machine Learning capabilities are able to identify identity…
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
License requirements for administering Microsoft 365 services
Microsoft licensing is tough and vague but something we must deal with while implementing our solutions. I’m also aware that some of the features I describe on my blog are only available in the most expensive licensing options Microsoft provides, making some of the features I describe not usable for some of my readers. Update…
Microsoft is going to disable basic/legacy authentication for Exchange Online. What does that actually mean and does that impact me?
Update: On September 23, 2021, the Exchange Team announced that effective October 1st, 2022 basic authentication, regardless of usage will be permanently disabled in all tenants. Update: On June 17, 2021, the Exchange Team announced that they are going to turn of basic authentication for tenants not using it. Update: On February 5th, 2021, the…
Challenges while managing administrative privileges on your Azure AD joined Windows 10 devices
By default, on Windows 10 devices which are Azure AD joined, the user performing the join is added to the Local Administrator group. Besides the user and the local administrator (which is disabled by default), two other SIDs are added without any friendly name which explain who they are. So where are those SIDs coming…