Blogging about Microsoft 365, Azure and Automation!
On one of my blogs on Practical 365, I discussed the need for separate administrator accounts. In my opinion, separate administrator accounts are necessary for adequate security posture. The question … Continue Reading Setting up an alternative email for an administrator
During previous blogs, I already talked about my love for passwordless. I really love the concept behind it and love it extensively. As a consultant, I have about 15 days … Continue Reading Choosing the correct FIDO2 keys
As a lot of organizations are moving to the cloud, security becomes more and more important. While a most organizations have already enabled multifactor authentication, protecting your administrator accounts is … Continue Reading Require Device Compliance for the non-primary user
Passwordless was one of the big buzzwords in 2020 when you think about Identity & Access. The goal of it is pretty simple: remove all passwords in the day-to-day life … Continue Reading Road to passwordless: 1 year in
Whenever you are managing a Microsoft 365 environment, you regularly come across repetitive tasks: Creating new Intune policies Setting up users Retrieving security data … For all these tasks, Microsoft … Continue Reading An introduction into the Graph API
If you are working with Office 365, some organizations will have the requirement that Office 365 data is only available offline when users are using their company-provided devices. This means … Continue Reading AzureAD – Device not recognized as Hybrid Joined
When organizations are starting their journey to the cloud, they are most likely starting off by joining their Windows 10 machines to both their local Active Directory domain and Azure … Continue Reading Hybrid vs Azure AD Join
In one of my previous blogs, I already talked about the dangers of OAuth and why you should be managing these. Monitoring and managing OAuth applications is also possible with … Continue Reading Managing OAuth applications with MCAS
Last month, the combined MFA and password reset registration portal has been made generally available. Previously, a user could register his security information on two separate locations, for MFA and … Continue Reading Requiring two MFA methods with the Combined Registration
Microsoft Endpoint Manager (Intune) currently supports fours different Android Enterprise enrollment methods: Work Profile Dedicated Device Fully Managed Fully Managed Devices with Work Profile (Corporate Owned – Personally Enabled (COPE)) … Continue Reading Android Enterprise Dynamic Groups for Intune
Every Microsoft 365 Security engineer has the same struggle: maintaining corporate IP-address range needs to be done in two places. Once in trusted named locations in Azure AD and once … Continue Reading Sync Named Locations to MCAS IP Ranges using Azure Automation
Break The Glass or emergency accounts are a necessity in the cloud world we live today. Every year Azure AD goes down for a few hours because of some Multifactor … Continue Reading Best Practices for Emergency Accounts
Dynamic Groups in Azure AD are truly an amazing feature. It lets you manage a large group of users without the need to manually add every one of them in … Continue Reading Creating a dynamic group with all AAD Premium licensed users
During recent weeks, an increase in OAuth phishing attacks has been spotted. OAuth Phishing attacks are an evolution of the old phishing attacks we all know and hate. During a … Continue Reading Protecting against OAuth attacks: Setting-up Admin Consent Workflow
Last Thursday a new preview feature in Azure was announced for which I was very excited about: AAD Authentication to Windows/Linux VM’s on Azure. What? What does this mean exactly? … Continue Reading Azure AD Sign-in to an Azure VM
A while back Azure AD has announced Azure AD Security Defaults. Azure AD Security defaults is positioned as a baseline to harden the security of your Azure AD Tenant. Conditional … Continue Reading What is Azure AD Security Defaults & should you be using it?
365 by Thijs