Last month, the combined MFA and password reset registration portal has been made generally available. Previously, a user could register his security information on two separate locations, for MFA and … Continue Reading Requiring two MFA methods with the Combined Registration
Microsoft Endpoint Manager (Intune) currently supports three different Android Enterprise enrollment methods: Work Profile Dedicated Device Fully Managed Each method has it’s own purpose. Work Profile is mostly used for … Continue Reading Android Enterprise Dynamic Groups for Intune
Every Microsoft 365 Security engineer has the same struggle: maintaining corporate IP-address range needs to be done in two places. Once in trusted named locations in Azure AD and once … Continue Reading Sync Named Locations to MCAS IP Ranges using Azure Automation
Break The Glass or emergency accounts are a necessity in the cloud world we live today. Every year Azure AD goes down for a few hours because of some Multifactor … Continue Reading Best Practices for Emergency Accounts
Dynamic Groups in Azure AD are truly an amazing feature. It lets you manage a large group of users without the need to manually add every one of them in … Continue Reading Creating a dynamic group with all AAD Premium licensed users
During recent weeks, an increase in OAuth phishing attacks has been spotted. OAuth Phishing attacks are an evolution of the old phishing attacks we all know and hate. During a … Continue Reading Protecting against OAuth attacks: Setting-up Admin Consent Workflow
Last Thursday a new preview feature in Azure was announced for which I was very excited about: AAD Authentication to Windows/Linux VM’s on Azure. What? What does this mean exactly? … Continue Reading Azure AD Sign-in to an Azure VM
A while back Azure AD has announced Azure AD Security Defaults. Azure AD Security defaults is positioned as a baseline to harden the security of your Azure AD Tenant. Conditional … Continue Reading What is Azure AD Security Defaults & should you be using it?
Passwordless has been one of those buzzwords in 2019. So many articles and announcements have been made around it recently. First there was passwordless through the Microsoft Authenticator app. I … Continue Reading My thoughts on passwordless in AzureAD
I have been doing quite a few projects involving Hybrid Azure AD Join lately and have learnt a lot about it and how you should begin your troubleshooting journey. What … Continue Reading Troubleshooting Hybrid Azure AD Join
Checking the domain join type of a computer used to be easy (here was only one :)). We could to go to System Information pane of the Control Panel. Here … Continue Reading Checking the join method on a Windows 10 computers.
Setting up Multifactor Authentication the right way – Part three: Configuring a break the glass account
Welcome to the third and final part of the series ‘Setting up Multifactor Authentication the right way’. In part one, we have enabled MFA and in part two we disabled legacy authentication. If … Continue Reading Setting up Multifactor Authentication the right way – Part three: Configuring a break the glass account
Welcome to the second part of my series ‘Setting up Multifactor Authentication the right way’. In part one we have configured MFA through a Conditional Access policy. In this second part we … Continue Reading Setting up Multifactor Authentication the right way – Part two: Blocking Legacy Authentication
Multifactor Authentication is a hot topic at the moment. With the amount of attacks on cloud identities increasing each day, it is paramount to secure our identities. Multifactor Authentication plays … Continue Reading Setting up Multifactor Authentication the right way – Part one: Enabling MFA
On the 19th of November Office365 Multifactor Authentication was down starting from 4.39 UTC until 19 UTC in almost all regions. This meant that users who have MFA enabled weren’t … Continue Reading Lessons learned from the O365 MFA Outage