On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature is one of the most requested features to be found in the Azure AD feedback forum. I have been following this feature request for a while now, and up until recently…
Category: Security
Office 365 Templated policies and Preset security policies in Exchange Online Protection and Office 365 ATP
In my deep dive article on Office 365 Advanced Threat Protection (ATP) I mentioned that Microsoft provides best practices as described in the following article: “Recommended settings for EOP and Office 365 ATP security“. When implementing the settings in the article you either have the option to go for a “Standard” or “Strict” security level,…
Completed the Azure Solution Architect Expert Certification
After earning my Microsoft 365 Certified Enterprise Administrator Expert certification in May, I decided to continue my certification journey and earn the Azure certification. Today I completed the last exam in order to earn the Azure Solution Architect Expert certification. The Azure Solution Architect Expert Certification is earned by completing two exams: AZ-300: Microsoft Azure…
May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation spreadsheet
In August last year, I published eight articles in a series on Conditional Access, and later when finished I decided to bundle those articles in a paper which I made available on the TechNet Gallery. In March this year, Microsoft decided to retire the TechNet Gallery, so I had to find another solution to host…
Some welcome additions to the Admin consent workflow in Azure AD
Update October 7 2020: This functionality is now GA, see Publisher verification and app consent policies are now generally available In February this year, I wrote an article about Admin consent in Azure Active Directory. The article titled: “Did you already modify your Azure AD consent defaults settings? Here is why you should“, explained why…
Azure AD Identity Protection deep dive
One of the advantages of Microsoft having many customers using its services is that Microsoft can leverage data from those customers and apply some real fancy Machine Learning on that data, coming from Azure AD, Microsoft Accounts and even Xbox services. Based on all that data the Machine Learning capabilities are able to identify identity…
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
License requirements for administering Microsoft 365 services
Microsoft licensing is tough and vague but something we must deal with while implementing our solutions. I’m also aware that some of the features I describe on my blog are only available in the most expensive licensing options Microsoft provides, making some of the features I describe not usable for some of my readers. Update…
Microsoft is going to disable basic/legacy authentication for Exchange Online. What does that actually mean and does that impact me?
Update: On September 23, 2021, the Exchange Team announced that effective October 1st, 2022 basic authentication, regardless of usage will be permanently disabled in all tenants. Update: On June 17, 2021, the Exchange Team announced that they are going to turn of basic authentication for tenants not using it. Update: On February 5th, 2021, the…
A guide to implementing Applocker on your Modern Workplace
At our last Windows Management User Group Netherlands meeting, we had the honor to have Sami Laiho, one of the world’s leading professionals in the Windows OS and Security flying over to the Netherlands and present for our user group. In his presentation titled: “Securing Windows in 2020 and forward”, Sami made us aware that…
Challenges while managing administrative privileges on your Azure AD joined Windows 10 devices
By default, on Windows 10 devices which are Azure AD joined, the user performing the join is added to the Local Administrator group. Besides the user and the local administrator (which is disabled by default), two other SIDs are added without any friendly name which explain who they are. So where are those SIDs coming…
Ask yourself if you still really need ADFS
In Q1 2017 Microsoft released the Pass Through Authentication (PTA) functionality as part of Azure AD connect. With the release of Azure Active Directory (Azure AD) Pass-through Authentication allowed for your users to sign in to both on-premises and cloud-based applications using the same passwords without the need to implement a Active Directory Federation Services…