Why Azure AD Continues Access Evaluation is Important?

Continues Access Evaluation or CAE is still in preview, but it has proven to refresh the near-real time refresh for Conditional Access Policies.

Ideally this is a very helpful feature in the world of Identity and Access Management, because there are frequent attacks happening and the IdAM Admins need to take action quickly.

Some actions including Reset user password, adding or removing Trusted IPs and specially when the user is moving from location to location and when the Conditional Access policies to govern the trusted locations.

Usually the token expiration and refresh interval is 1 hour and ideally when a client application that is Modern Authentication aware tries to connect, the API requests are authorized using OAuth 2.0 access tokens.

Every hour, when they are due to refresh, it reevaluates the user state, policies in order to enforce what’s in the policy.

The client app redirects back to the Azure AD to refresh the token and according to the user state, the new token will make sure whether the user access to be blocked or to be allowed.

Continue reading “Why Azure AD Continues Access Evaluation is Important?”

Azure Automate Hybrid Worker Groups to Automate On-Premises Workloads

While Azure Automate can run PowerShell and Python scripts to make the cloud workloads to automate I like to focus on the PowerShell side of things. With PowerShell, you have the ability to connect to connect to modules like Exchange Online, MSOL, Azure AD, Az Storage and etc. Similar to that you can use the automation runbooks to update patches on the Azure VMs, Restart VMs and to make sure the VMs are in the desired state configuration.

Continue reading “Azure Automate Hybrid Worker Groups to Automate On-Premises Workloads”

Automate Cross Tenant Resource Access With Azure AD Entitlement Management

With the Azure AD Identity Governance feature “Entitle Management” it is easier to automate the access requests, set expiry dates, justify why a user needs access and get the load out of the IT admins.

Azure B2B collaboration is a hot topic these days and the end result should be stresses access from the end user’s end, however security is a concern and who gets the right access is a consideration.

The feature I’m testing today is not specifically related to internal users, but it will be helpful in managing Guest User access to resources.

Continue reading “Automate Cross Tenant Resource Access With Azure AD Entitlement Management”

3 Ways to Enforce Azure AD MFA Registration in Azure AD/ M365 Tenant

Requirement of having MFA on Azure AD accounts are top priority at the moment and basically it has become a basic requirement.

There are couple of ways to enable MFA on to user accounts by default. This can make sure all users are protected without having t o run periodic reports etc.

Reason for collation of all the options in this article is the options are in few different locations and depending on your licensing tier (free or paid), the options are different

Continue reading “3 Ways to Enforce Azure AD MFA Registration in Azure AD/ M365 Tenant”

Edge Browser Apps – A simple solution for managing multiple Outlook accounts for Teams meetings and multiple Teams sessions!

With the current upraise of Teams usage for collaboration meetings have been simplified and gone up to the next level of features.

However, Microsoft still haven’t addressed the use case where users having multiple Mailboxes in Outlook added with delegation permissions (Shared mailboxes or User mailboxes) and to use the specific account’s Teams features when it comes to organizing meetings.

Noticed everyone is trying their own DIY methods to get around this challenge. Opening number of browsers for each profile and maybe incognito sessions etc.

These multiple browsers will hog the memory and often confusing users when they have to toggle between few different browsers.

I’m really hopeful that Microsoft will provide a solution for this soon, but until then, Edge browser apps along with the Edge profiles will do the needful

Continue reading “Edge Browser Apps – A simple solution for managing multiple Outlook accounts for Teams meetings and multiple Teams sessions!”

Azure AD Passwordless Authentication with Yubico FIDO2 key

Lately I got the opportunity to test the latest Identity Authentication method with Azure AD. None other than the Passwordless Authentication. I will post few related articles on FIDO2 and what it does rather than re-explaining what has already well explained by the FIDO Alliance and Microsoft.

The good thing is passwordless methods can be activated on top of the standard Azure MFA methods (Authenticator and/or phone SMS).

Continue reading “Azure AD Passwordless Authentication with Yubico FIDO2 key”

Cool and a Powerful feature to stop bulk accidental/ intentional deletion exports in an Azure AD Hybrid Environment

This is a hidden gem for Azure AD Sync connect configurations and I was looking for a feature like this for sometime now. Noticed this was available while trying to perform a migration of the tool to anew server and when reviewing the new confit before commuting.

Continue reading “Cool and a Powerful feature to stop bulk accidental/ intentional deletion exports in an Azure AD Hybrid Environment”

Azure MFA Authentication Loop Fix

Issue: Office 365 Web apps users (SharePoint Online, Office.com, OWA etc.) will receive the MFA prompt every time after opening the browser.
Ideally the browser should honor the “Stay signed in?” messages when there are no session lifetime settings configured.
When the user click Yes, the persistent browser cookie will get saved and work for 90 days. However if the user states changes it will be refreshed.

I’ve recently noticed, even though the above setting is setup, users will still get the re-authenticate when they close and open web apps. This is the same even after clearing browser cache and updating the browser.

Continue reading “Azure MFA Authentication Loop Fix”

Effective use of Azure AD Administrative Units [Azure AD AUs]

I look at the Azure AD portal with curiosity to see what are the new features and then want to play around with them to better understand it’s usage. This is not a latest feature, but it’s out of the preview mode and this is me writing the effective use of Azure AD AUs.

Continue reading “Effective use of Azure AD Administrative Units [Azure AD AUs]”

Preparing workstations for the Cloud Journey with Hybrid Azure AD Join – Part 2: Add the devices to Intune

Part 1: Preparing workstations for the Cloud Journey with Hybrid Azure AD Join

Now that we have add the existing computers to Azure AD in the Hybrid Join mode, there are few more steps that needs to be completed before adding it as an Intune managed device.

Continue reading “Preparing workstations for the Cloud Journey with Hybrid Azure AD Join – Part 2: Add the devices to Intune”
Categories MEM

My review on Outlook Spaces AKA Project Moca

While I was navigating through my personal Outlook (Hotmail) recently, I’ve noticed a new icon has emerged from the side and I had to look what that is. That was Project Moca or Outlook Spaces. A common ground to manage a project, brain storm or gather information on a canvas and collaborate

Continue reading “My review on Outlook Spaces AKA Project Moca”

How to federate Google (Gmail) accounts with Azure AD to access resources without a Microsoft account

My DIY project for this weekend is to try and implement a method to set Google as an identity provider for Azure AD resource access requirements. If someone can access apps or services on a different platform without having to create an account of the resource owner’s end, that makes lives more easier and simply takes off the hassle of registering another account.

Read mo