Azure AD Break Glass Account: What to consider when creating one and how to monitor sign ins

With the growing threats around the world everyday, bad actors are targeting Microsoft 365 ecosystem like never before. Attacks are taking place everyday and if and when they have breached in, their end goal is to go for the “keys to the kingdom”. Usually its just the end of the story when they get them. Meaning the bad actors can basically do whatever the can and harm that companies M365 related activates or ask for a ransom to release the accounts. Either way its not for the organization and admins should have a proper and a quick way to recover the accounts ASAP.

Continue reading “Azure AD Break Glass Account: What to consider when creating one and how to monitor sign ins”

How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?

As of July 31 2021, this feature in Generally Available and was notified in the M365 Admin Center with the message MC274516

This approach is how you assign roles to Azure AD Groups along with the Privileged Identity Management features Just in Time access and Access Reviews options.

Continue reading “How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?”

Azure AD Passwordless Authentication with Yubico FIDO2 key

Lately I got the opportunity to test the latest Identity Authentication method with Azure AD. None other than the Passwordless Authentication. I will post few related articles on FIDO2 and what it does rather than re-explaining what has already well explained by the FIDO Alliance and Microsoft.

The good thing is passwordless methods can be activated on top of the standard Azure MFA methods (Authenticator and/or phone SMS).

Continue reading “Azure AD Passwordless Authentication with Yubico FIDO2 key”

Azure AD Connect Cloud Provisioning. The new feature that may come in handy!

Microsoft have finally answered the prayers of the IT admins! Long story short, gone of the days where the IT admins had to make sure 2 AD forests can see each other and the ports are opened, before it adds to the Azure AD Sync tool as another directory, so the users from that directory will be synced to the portal.
Once I saw this in Microsoft’s roadmap, I thought I’d read more and play with it and see how it can be helpful for anyone who is curious about it.

Continue reading “Azure AD Connect Cloud Provisioning. The new feature that may come in handy!”

Microsoft is retiring Basic Authentication, because Modern Authentication is here to stay!

Microsoft have announced that they will retire the Basic Authentication method from Office 365 Exchange Online and make Modern Authentication method the standard way of authenticating going forward.
There are continues updates in the M365 Admin Center messages and what admins need to do to prepare for the change.

Companies now have to prepare for the change and Microsoft is sending continuous updates on what we need to do and how to identify how many clients are using Basic Auth to connect Outlook/ Exchange Server.

I have written a quick set of guidelines that will help you to see all the important points in on go.
This will include the steps to enable Modern Authentication and block the Basic Authentication.

Continue reading “Microsoft is retiring Basic Authentication, because Modern Authentication is here to stay!”

Azure Files – Create File Shares in Azure and Authenticate via Azure AD Domain Services

Almost everyone is familiar with the traditional Windows file servers/ shared drives concepts and its a heavily used Windows Service. Users are very familiar with how to access those directories, request access to certain files and folders and request for file recovery if it’s deleted.
So far this mechanism has been used/ still using with on-premises files servers. 1 or 2 if not many file servers.

Continue reading “Azure Files – Create File Shares in Azure and Authenticate via Azure AD Domain Services”