Microsoft has extended the capabilities of Azure AD authentication context to Azure AD Privileged Identity Management (PIM). By doing this we can trigger a Conditional Access policy to be executed at the moment someone elevates their role using Azure AD PIM. This functionality is now in preview. In June 2021 I already provided a first…
Tag: AzureAD
Conditional Access public preview functionality reviewed (22H2) – Part 3: Granular control for external user types
In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public preview, so please read the following article on what to expect from Preview functionality: Preview Terms Of Use | Microsoft Azure In these series of articles I will go through the following…
Conditional Access public preview functionality reviewed (22H2) – Part 2: Conditional Access filters for Apps and Workload Identities
In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public preview, so please read the following article on what to expect from Preview functionality: Preview Terms Of Use | Microsoft Azure In these series of articles I will go through the following…
Setting up Apple Business Manager for use with Azure Active Directory
Apple Business Manager is a service provided by Apple which helps to deploy Apple devices and apps in your organization. By leveraging Apple Business Manager (ABM) you can automatically enroll devices in Microsoft Endpoint Manager by using Automated Device Enrollment (ADE). You could say it provides similar functionality as to what Windows Autopilot provides for…
Preventing account breaches leveraging SIM swapping techniques by nudging your users to start using the Microsoft authenticator app
The last couple of years, Microsoft has been pushing the usage of Multi Factor Authentication for logins to their Cloud Services. MFA, which requires that users authenticate with at least two factors, can reduce the risk of identity compromise by as much as 99.9 percent over passwords alone. Now that more and more companies are…
Designing and building your Microsoft Endpoint Manager/Intune environment for Operations
In my work as a modern workplace consultant, I see a lot of Microsoft Endpoint Manager/Intune environments. Many of these environments have been build based on trial and therefore it lacks structure and overview. Most of the environments have been built from scratch, adding and removing functionality until a point was reached where the solution…
Assigning groups to Azure AD roles and Privileged access groups, a first look!
On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature is one of the most requested features to be found in the Azure AD feedback forum. I have been following this feature request for a while now, and up until recently…
Azure AD Identity Protection deep dive
One of the advantages of Microsoft having many customers using its services is that Microsoft can leverage data from those customers and apply some real fancy Machine Learning on that data, coming from Azure AD, Microsoft Accounts and even Xbox services. Based on all that data the Machine Learning capabilities are able to identify identity…
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
License requirements for administering Microsoft 365 services
Microsoft licensing is tough and vague but something we must deal with while implementing our solutions. I’m also aware that some of the features I describe on my blog are only available in the most expensive licensing options Microsoft provides, making some of the features I describe not usable for some of my readers. Update…
Microsoft is going to disable basic/legacy authentication for Exchange Online. What does that actually mean and does that impact me?
Update: On September 23, 2021, the Exchange Team announced that effective October 1st, 2022 basic authentication, regardless of usage will be permanently disabled in all tenants. Update: On June 17, 2021, the Exchange Team announced that they are going to turn of basic authentication for tenants not using it. Update: On February 5th, 2021, the…
Did you already modify your Azure AD consent defaults settings? Here is why you should
As you may know, it’s possible for your users to sign-in to SaaS based applications using their Azure AD account. By doing this, a Single Sign On (SSO) experience is created for the user. Before this SSO for an SaaS based application is possible though, the user needs to accept (a) permission request(s) from the…
Microsoft deprecates Conditional Access baseline policies in favour of Security Defaults, here is what you need to know and do
Last week, Microsoft announced that the Azure AD conditional access baseline policies will not make it out of their current preview status. The functionality of the baseline policies will be made in available in a new feature called “Security Defaults”, Microsoft will remove the baseline policies on February 29th, so if you are using them…
Intune: Choosing whether to assign to User or Device Groups
One of the disadvantages of being an experienced consultant in IT is the fact that once in a while you need to re-learn. With re-learn I mean that for some concepts it’s easier to understand how it works if you come from no-experience. I’ve experienced this with quite some Microsoft products as well. If you…
Extending Conditional Access to Microsoft Cloud App Security using Conditional Access App Control
In my blog article series on Conditional Access Demystied I mentioned that Conditional Access can be used to route sessions toward Microsoft Cloud App Security (MCAS). In this article I will go into more detail on what MCAS is, and how to setup Conditional Access App Control. Disclaimer: This article discusses the full option MCAS…