Microsoft Entra – An Overview

Woke up to a nice little surprise from Microsoft this morning. Microsoft Entra. At first glance It looked like they have bundled the Identity and Access related products in to one portal and provides access via https://entra.microsoft.com According to Microsoft, this is a single pane of view for all Identity and Access related solutions, which … Continue reading Microsoft Entra – An Overview

Use Conditional Access Policies to Securely Register Security Information for MFA and SSPR

Hello there! This week I thought I will write one more article on Conditional Access Policies. As you know setting up an access policy is easy and it is basically mandatory to have one or more polices now, but you may have internal polices where anyone who is registering for MFA must do that in … Continue reading Use Conditional Access Policies to Securely Register Security Information for MFA and SSPR

How to Use KQL and Azure Log Analytics to Inspect Azure AD Sign-in Logs?

As you may already know KQL has become the standard for querying large data sets in Azure Log Analytics space. When you have thousands of users who are in Azure AD and when you have MFA and other Conditional Access Policies setup, next thing you will see is tons of sign in logs, activity logs, … Continue reading How to Use KQL and Azure Log Analytics to Inspect Azure AD Sign-in Logs?

Azure AD Break Glass Account: What to consider when creating one and how to monitor sign ins

With the growing threats around the world everyday, bad actors are targeting Microsoft 365 ecosystem like never before. Attacks are taking place everyday and if and when they have breached in, their end goal is to go for the "keys to the kingdom". Usually its just the end of the story when they get them. … Continue reading Azure AD Break Glass Account: What to consider when creating one and how to monitor sign ins

How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?

As of July 31 2021, this feature in Generally Available and was notified in the M365 Admin Center with the message MC274516 This approach is how you assign roles to Azure AD Groups along with the Privileged Identity Management features Just in Time access and Access Reviews options. Previous setup If you need to assign … Continue reading How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?

Azure AD Passwordless Authentication with Yubico FIDO2 key

Lately I got the opportunity to test the latest Identity Authentication method with Azure AD. None other than the Passwordless Authentication. I will post few related articles on FIDO2 and what it does rather than re-explaining what has already well explained by the FIDO Alliance and Microsoft. The good thing is passwordless methods can be … Continue reading Azure AD Passwordless Authentication with Yubico FIDO2 key

Azure AD Connect Cloud Provisioning. The new feature that may come in handy!

Microsoft have finally answered the prayers of the IT admins! Long story short, gone of the days where the IT admins had to make sure 2 AD forests can see each other and the ports are opened, before it adds to the Azure AD Sync tool as another directory, so the users from that directory … Continue reading Azure AD Connect Cloud Provisioning. The new feature that may come in handy!

Microsoft is retiring Basic Authentication, because Modern Authentication is here to stay!

Microsoft have announced that they will retire the Basic Authentication method from Office 365 Exchange Online and make Modern Authentication method the standard way of authenticating going forward.There are continues updates in the M365 Admin Center messages and what admins need to do to prepare for the change. Companies now have to prepare for the … Continue reading Microsoft is retiring Basic Authentication, because Modern Authentication is here to stay!

Azure Files – Create File Shares in Azure and Authenticate via Azure AD Domain Services

Almost everyone is familiar with the traditional Windows file servers/ shared drives concepts and its a heavily used Windows Service. Users are very familiar with how to access those directories, request access to certain files and folders and request for file recovery if it's deleted.So far this mechanism has been used/ still using with on-premises … Continue reading Azure Files – Create File Shares in Azure and Authenticate via Azure AD Domain Services