Hello there! This week I thought I will write one more article on Conditional Access Policies. As you know setting up an access policy is easy and it is basically mandatory to have one or more polices now, but you may have internal polices where anyone who is registering for MFA must do that in … Continue reading Use Conditional Access Policies to Securely Register Security Information for MFA and SSPR
By now anyone who is in the industry, looking at Azure AD daily basis and who are thinking about how to implement Zero-Trust know what are Conditional Access Policies (CAPs). Anyone who is new to the Azure AD Premium benefits and starting out, must be wondering what are CAPs and how to config one. I'm … Continue reading Azure AD Conditional Access Policies 101
As you may already know KQL has become the standard for querying large data sets in Azure Log Analytics space. When you have thousands of users who are in Azure AD and when you have MFA and other Conditional Access Policies setup, next thing you will see is tons of sign in logs, activity logs, … Continue reading How to Use KQL and Azure Log Analytics to Inspect Azure AD Sign-in Logs?
When you planning (of course you are!) to bring the local AD joined Windows workstations to Microsoft Endpoint Manager/ Intune, one of the first things you need to complete is a Pilot/ controlled deployment to understand the end result, Hybrid AAD Joined state's features and what options will be opened for you to test and … Continue reading Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
Often times the issue with the IT Admins is with the ever growing Teams popularity, how to beat the demand and how to create Teams and specially, how to template it out and automate it. Well, Teams templates are now in the Teams Admin Center where you can see pre-defined templates and the ability to … Continue reading How to use Microsoft Graph and Power Automate to Automate Teams Creation With a Template
When I first had a play with CAE for the 1st time, I wrote about on the importance of this setting and how to enable it in your environment. Please check the previous article below. https://shehanperera.com/2021/07/10/aad-cae/ Microsoft recently announced the same CAE control will be available via Conditional Access Policies and can be setup per … Continue reading Manage Continues Access Evaluation behaviour via Conditional Access Polices
With the growing threats around the world everyday, bad actors are targeting Microsoft 365 ecosystem like never before. Attacks are taking place everyday and if and when they have breached in, their end goal is to go for the "keys to the kingdom". Usually its just the end of the story when they get them. … Continue reading Azure AD Break Glass Account: What to consider when creating one and how to monitor sign ins
Temporary Access Pass or TAP, is a cool Azure AD feature which is still in Preview, but I see huge wins if Microsoft put this in to general availability so that the IT admins can provide uninterupted security over user accounts. In real life, users may forget to bring the mobile phone to office or … Continue reading Azure AD Hidden Gems. Azure AD Temporary Access Pass
As of July 31 2021, this feature in Generally Available and was notified in the M365 Admin Center with the message MC274516 This approach is how you assign roles to Azure AD Groups along with the Privileged Identity Management features Just in Time access and Access Reviews options. Previous setup If you need to assign … Continue reading How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?
Conditional Access Polices can be setup in 3 main modes. On/ Off/ Report Only. On and Off modes are self explanatory where "Report Only" mode needs additional work. This post will go in detail on how to use the Report Only mode before you actually switch to ON. Read more about Conditional Access Policies https://shehanperera.com/2022/05/03/aad-cap101/ … Continue reading How to analyze Conditional Access Policies with ‘Report Only’ Mode?
Continues Access Evaluation or CAE is still in preview, but it has proven to refresh the near-real time refresh for Conditional Access Policies. Ideally this is a very helpful feature in the world of Identity and Access Management, because there are frequent attacks happening and the IdAM Admins need to take action quickly. Some actions … Continue reading Why Azure AD Continues Access Evaluation is Important?
With the Azure AD Identity Governance feature "Entitle Management" it is easier to automate the access requests, set expiry dates, justify why a user needs access and get the load out of the IT admins. Azure B2B collaboration is a hot topic these days and the end result should be stresses access from the end … Continue reading Automate Cross Tenant Resource Access With Azure AD Entitlement Management