SignToolGUI 2.1.0.0 Released 🎉
Last Updated on December 16, 2025 by Michael Morten Sonne Introduction I’m happy to announce the release of… The post SignToolGUI 2.1.0.0 Rel...
Read Article →Microsoft Azure Security Posts
Discover the latest insights, best practices, and security research related to Microsoft Azure cloud platform.
Search Azure Posts
Filter Posts
Posts
Soft Delete in Microsoft Entra Conditional Access: Easily Restore Deleted Policies
Thanks to Soft Delete, a deleted policy in Microsoft Entra Conditional Access remains available for up to 30 days and can be fully restored during ...
Read Article →Global Secure Access – Guest Access support with the Windows Client (B2B Guest)
Last Updated on December 10, 2025 by Michael Morten Sonne Introduction Big news is on the horizon for… The post Global Secure Access – Guest ...
Read Article →The Hidden Steps Microsoft Forgot to Document: Securing Azure App Service Authentication Behind Front Door with Private Link
Today I want to walk through how to configure Azure App Service Authentication when your App Service sits behind Azure Front Door and is accessed t...
Read Article →Unified Security Posture Management
Ignite has brought us a lot of news about products improvement and I was happy to see how much there is incoming to Microsofts Security portfolio. ...
Read Article →Microsoft 365: The Essential 10 Security Considerations
When we talk about Microsoft 365 security, we are talking about two things: The latter can be used to achieve the former, as well as other (non-Mic...
Read Article →Global Secure Access – Intelligent Local Access for Private Access
Last Updated on November 25, 2025 by Michael Morten Sonne Introduction As organizations increasingly adopt hybrid work models,… The post Glob...
Read Article →Monitoring Azure Access Elevation in Entra ID
Learn how to detect when a Global Admin silently elevates their access across all Azure subscriptions using Entra ID, Log Analytics, Azure Monitor,...
Read Article →The Hidden Microsoft Entra PIM URLs Microsoft Never Documented – Even When ‘Restrict Access to Microsoft Entra Admin Center’ Is Enabled
Last Updated on November 14, 2025 by Michael Morten Sonne Introduction Many organizations are tightening there security for… The post The Hid...
Read Article →Microsoft Azure Attestation: The Next Step in Compliance
Microsoft is redefining Windows 11 compliance with Microsoft Azure Attestation (MAA). They are doing so with some new evaluation settings, such as ...
Read Article →WatchTra: Automated Attribute Compliance for Microsoft Entra ID
In many Microsoft Entra ID environments, the quality of user attributes remains an often underestimated factor in security and governance. WatchTra...
Read Article →Secure access to Azure VM´s with Bastion and Phising Resistant MFA
This blog explains how Azure Bastion enables secure access to virtual machines without exposing public endpoints, leveraging hub-spoke architecture...
Read Article →Mastering Microsoft Entra Authentication Contexts - Part 4: Monitoring and Reporting with KQL & M365IdentityPosture
We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365. Now it’...
Read Article →Conditional Access Cloud Apps: Why Your App Doesn’t Show Up and the Risks of Exclusions
In-depth exploration of why certain apps do not appear in the Conditional Access app picker in Microsoft Entra ID, the impact of public vs. confide...
Read Article →How to Use Managed Identity for Multi-Tenant Microsoft Teams Authentication
Learn how to connect to Microsoft Teams across tenants using a multi-tenant enterprise application and managed identities in Azure. The post How to...
Read Article →Disable Entra Connect Seamless SSO – Step-by-Step Guide
Seamless Single Sign-On (Seamless SSO) is an optional feature in Microsoft Entra Connect that enables domain-joined Windows devices on the internal...
Read Article →Automating Microsoft 365 with PowerShell November 2025 Update
The November 2025 update for the Automating Microsoft 365 with PowerShell eBook is available online. Subscribers can download the new PDF and EPUB ...
Read Article →Using the Secret Management PowerShell Module with Azure Key Vault and Azure Automation
If you can't use managed identities, credential resources are a way to manage username and password credentials for Azure Automation runbooks. The ...
Read Article →Mastering Certificate Rotation in Entra ID
Recently I posted a blog about Entra ID Application Registration secret management, in which I explained how to rotate Application Registration sec...
Read Article →Defender XDR VS Microsoft Sentinel table changes
Introduction When connecting Microsoft Sentinel to Defender XDR, there are a couple of changes happening in tables which you should be aware of. Ev...
Read Article →Real-time protection for ‘AI Agents’
Microsoft Copilot Studio is a graphical, low-code/no‑code (LCNC) platform to build AI agents to support human tasks.Microsoft Copilot Studio — AI A...
Read Article →Application Registration secrets: fire & forget!
Application Registrations are an amazing feature within Entra ID, allowing you to deploy a non-personal identity for a wide array of different use-...
Read Article →Azure Back to School 2025 – Azure Arc Under the Hood: Troubleshooting the Azure Connected Machine agent
Azure Back to School s a fantastic community initiative founded by Dwayne Natwick and Derek Smith. As in previous years,Continue Reading
Read Article →Running Teams PowerShell Cmdlets in Azure Automation
This article describes the prerequisites and how to run cmdlets from the Teams PowerShell module in Azure Automation runbooks. We also consider whe...
Read Article →Collect Microsoft Entra Connect Sync Audit Events
Starting with version 2.4.129.0, Microsoft Entra Connect Sync introduces a new admin audit logging feature that is enabled by default. This capabil...
Read Article →Protect Security Info Registration with Microsoft Entra Conditional Access and Microsoft Entra ID Protection
Registration of security information such as the Microsoft Authenticator app, FIDO2 security keys or OATH tokens is a critical component of modern ...
Read Article →Creating and Using an Azure Automation Custom Runtime Environment
A custom runtime environment is a way of defining a specific job execution environment for Azure Automation runbooks, including Microsoft Graph Pow...
Read Article →Finding Seamless SSO usage
A brief history Seamless Single Sign On was first introduced in late 2016 and provided a way for users to authenticate to Entra ID (Azure AD at the...
Read Article →Entra ID – Managed Identity Permission Manager: A Community-Driven Recap
Last Updated on August 18, 2025 by Michael Morten Sonne Introduction Managing permissions for Managed Identities in Azure/Entra… The post Ent...
Read Article →Script: Sentinel Data Lake Table Management
Microsoft Sentinel’s data lake story is quietly powerful: you get fast, 90-day Analytics (Shortterm) for hunting and detections, plus scalable, ......
Read Article →Azure Governance: Managing decommissioned Azure Subscriptions with a dedicated Management Group
In this blog post, you’ll learn how to use a dedicated Management Group to store any decommissioned Azure subscriptions inContinue Reading
Read Article →Conditional Access Essentials: Introduction, use cases, the art of possible
Discover how Microsoft Conditional Access protects your Microsoft 365, Entra, and Azure environments. Learn the essentials, explore real-world use ...
Read Article →Maintaining a Microsoft 365 Retention Policy with PowerShell
The Connect-IPPSSession cmdlet is needed to connect to the Security and Compliance endpoint to update a Microsoft 365 retention policy. Unhappily, ...
Read Article →How to Enforce Macro Security by running only Excel macros signed with your own public-CA–issued code-signing certificate – stored in Azure Keyvault (HSM)
It may be tempting to click “Enable Macros” when you open a spreadsheet, but macros are executable programs. Without a ... Read more
Read Article →Microsoft Entra Connect: Migration to Application Based Authentication (ABA)
With the introduction of Application Based Authentication (ABA), Microsoft introduces modern authentication mechanisms to Microsoft Entra Connect. ...
Read Article →PIMActivation: The Ultimate Tool for Microsoft Entra PIM Bulk Role Activation
Getting annoyed or impatient when activating eligible roles in PIM — especially multiple roles at once? You’re not alone. Today, I’m...
Read Article →Azure Arc: Troubleshoot Azure Connected Machine agent connectivity issues
In this blog post, I’ll walk you through troubleshooting connectivity issues with the Azure Connected Machine agent and highlight someContinue Reading
Read Article →Important Changes to Conditional Access Policies for Azure DevOps Sign-ins
Learn how to update your Conditional Access policies to protect your environment in preparation for updates to the Azure DevOps service. The post I...
Read Article →Microsoft Sentinel Data Lake - FAQ
Answering some common questions people might have - Data lake is here, rejoice. It also brings up a bunch of questions, like do I still need Micros...
Read Article →Azure Update Manager: Register all required resource providers with a PowerShell script
This blog post will show you how to use an Azure PowerShell script to register all required Azure Update ManagerContinue Reading
Read Article →Hunting Through APIs - Logic App Edition
Logic Apps allow organizations to easily automate processes, in the last blog the APIs to run KQL are discussed. This blog builds upon the knowledg...
Read Article →Copying Group Membership with the Microsoft Graph PowerShell SDK
Sometimes tenants need to copy group membership from one user to another. Often PowerShell is used, but with the demise of the Azure AD module you ...
Read Article →Workload identities; from Attack to Defense with Microsoft Security
Workload identities in Microsoft Entra are non-human identities assigned to a software workload (e.g. application, service or script) to authentica...
Read Article →Transition from Microsoft Sentinel to Defender XDR - Practical challenges
Introduction Microsoft announced on the 1st of July 2025 that the Microsoft Sentinel Azure Portal UI will be deprecated at the 1st of July 2026, an...
Read Article →Azure Arc: Uninstall the Connected Machine agent and clean up related resources on Windows using a PowerShell script
In this blog post, I’ll walk you through removing the Azure Arc Connected Machine agent from a Windows machine and cleaning up all related folders,...
Read Article →Microsoft 365 PowerShell Modules Need Better Testing
Recent problems with Microsoft 365 PowerShell modules afflicted the ability of Azure Automation runbooks to execute cmdlets Microsoft Graph PowerSh...
Read Article →Introducing Azure DevOps Backup Tool 1.2.0.0: Update with new features and bug fixes!
Last Updated on June 21, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introducing Az...
Read Article →Microsoft Pushes European Sovereign Solutions
On June 16, Microsoft announced European sovereign solutions, including a new offering called Microsoft 365 Local that has nothing to do with Micro...
Read Article →Azure Update Manager: Failed to update a dynamic scope for resources on a newly added subscription
In this blog post, you’ll learn how to resolve the error that occurs when updating or creating dynamic scopes forContinue Reading
Read Article →Hunting Through APIs
In today’s blog, we’re diving into the world of hunting through APIs. In the blog, the advantages, limitations, and scopes of the Graph...
Read Article →How to register all required Azure Compute resource providers with Azure PowerShell on a new subscription
In this blog post, you’ll learn how to use an Azure PowerShell script to automatically register all the necessary AzureContinue Reading
Read Article →Microsoft Launches Agent Management in the Entra Admin Center
The prospect of agents running amok in Microsoft 365 tenants lessened a tad with the introduction of Entra Agent ID. Tenants will be able to manage...
Read Article →Securing Microsoft Business Premium Part 05: Efficient Identity Management for External Users with Microsoft Entra
Managing external users is one of the most tedious—but also critical—challenges in a Microsoft Business Premium environment. With...
Read Article →Tutorial: Integrate AI into your Powershell scripts
I have been playing around with integrating AI into my favorite scripting tool: Powershell. This blog serves as a quick-guide ... Read more
Read Article →Azure Arc – Introducing AACMAToolkit: A New Azure Arc Management Tool
Last Updated on May 23, 2025 by Michael Morten Sonne Introduction Managing Azure Arc Connected Machine Agents just… The post Azure Arc – Intr...
Read Article →Azure Arc: Keep your Azure Connected Machine agent up-to-date on a Windows Server
In this blog post, you’ll learn how to keep the Azure Connected Machine agent up-to-date on Azure Arc-enabled Windows servers,Continue Reading
Read Article →Time for a new lab enviroment – Part 1
Last Updated on May 4, 2025 by Michael Morten Sonne Introduction 🧑💻 I’m excited to share that I’m… The post Time for a new lab envirom...
Read Article →Creating a CCP connector: Part 4
Hi there! Welcome (back) to my blog series about building a connector using Microsoft’s Sentinel Codeless Connector Platform (CCP). In the previous...
Read Article →Go With the Flow: Mastering Microsoft Entra User Flows—Self-Service Sign-Up in a Workforce tenant
Managing new guest accounts can be a daunting task—especially when you’re dealing with high turnover, distributed teams, or unknown user...
Read Article →Microsoft Attempts to Fix Microsoft Graph PowerShell SDK Problem with Azure Automation
V2.26 and V2.26.1 of the Microsoft Graph PowerShell SDK were low-quality, buggy disasters. Microsoft aims to fix the problem in the next version to...
Read Article →Using Azure Arc only for Defender for Servers or Azure monitoring Agent? Lock it down!
Intro While reviewing Defender for Servers and AMA agent implementations across various customers, I noticed that not all of them are following bes...
Read Article →Microsoft Azure – Secure your Code with Trusted Signing: A Practical Guide
Last Updated on March 25, 2025 by Michael Morten Sonne Intoduction 🥳 Exciting News! Trusted Signing has launched… The post Microsoft Azure – ...
Read Article →Proactive Exposure hunting: OAuth Applications and Azure permissions
Intro Microsoft recently announced that OAuth applications are now integrated into the attack path experience within Exposure Management. This...
Read Article →Creating a CCP connector: Part 3
Hey there, glad to see you’re still with me on this journey! If this is your starting point, you might want to considered reading the previous part...
Read Article →Defender for Cloud: AI Posture Management & AI Workload Protection
Artificial intelligence (AI) tools and Large Language Models (LLM) behind those tools have become a talking point and for some, the new Google sear...
Read Article →Creating a CCP connector: Part 2
Hey there, welcome back! In this blog series I’ll show you how you can make your own Sentinel Codeless Connector Platform (CCP) connector. If you h...
Read Article →Securing Azure PaaS Resources With Network Security Perimeter
Have you seen Azure environments with resources that have public access allowed or just some limitations to the IP addresses in place? Well, I have...
Read Article →Securing Microsoft Business Premium Part 03: Authorization Best Practices from Zero Trust to Complete Access Control
In Part 02 , we explored authentication , the process of verifying user identities—ensuring users are who they claim to be. Today we’ll...
Read Article →Securing Azure Identities: The “New” Perimeter in Cybersecurity
As cloud computing becomes more integrated into our daily operations, the importance of securing identities in Azure can’t be overstated. Gone are ...
Read Article →Creating a CCP connector: Part 1
Hey there! In this blog series I’ll be going to walk you through a step by step guide on how to build your own Codeless Connector Platform (CCP) da...
Read Article →Future-Proofing Microsoft Entra Logs: Practical Azure Storage
Copyright © 2025 Microsoft Security - All Rights Reserved.
Read Article →Signtool GUI – v. 1.4.0.0 is out!
Last Updated on March 17, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Signtool GUI ...
Read Article →How to Send Outlook Newsletters with Email Communication Services
Outlook Newsletters are intended for internal communications, at least for the preview. It's possible to take the HTML for a newsletter and send it...
Read Article →Microsoft Graph PowerShell SDK V2.26.1 Remains Flawed
The developers rushed out Version 2.26.1 of the Microsoft Graph PowerShell SDK to fix some obvious issues. Alas, problems persist in PowerShell SDK...
Read Article →God Mode with a Timer: Using Logic Apps to Restrict Elevated Access in Entra
In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are...
Read Article →Azure Spring Clean - Maestering Azure Tenant Security
A look into how we can utilize Maester to secure our Azure Tenant with a sprinkle of AI on top - Welcome back! This time, I’m writing a contributio...
Read Article →Microsoft Graph PowerShell SDK Runs into Choppy Waters
A bunch of problems with V2.26 of the Microsoft Graph PowerShell SDK V2.26 make the software unusable. Not only did Microsoft do a horrible job of ...
Read Article →Unleash the power of Enterprise Exposure Graph: Create a Managed Identities Permissions Overview
Intro Lately, I’ve been exploring Microsoft Exposure Management, particularly the data available in the Enterprise Exposure Graph. One intere...
Read Article →Unlocking Microsoft Entra’s Elevated Access Logs: Better Security, Better Insights
Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned...
Read Article →How to protect against Device Code Flow abuse (Storm-2372 attacks) and block the authentication flow
Since August 2024 there has been a sophisticated phishing campaign actively leveraging the device code authorization flow. Currently, there is a wi...
Read Article →How to Index and Search SharePoint Online Custom Columns
SharePoint Online is basically a big Azure SQL application. Custom columns for sites and libraries enhance metadata and are even better if they're ...
Read Article →Primer: Using Exchange Online PowerShell in Azure Automation Runbooks
In this primer, we cover how to create and execute Azure Automation Exchange Online runbooks (scripts) using cmdlets from the Exchange Online manag...
Read Article →🚀 Managed Identity Permission Manager v1.1.0.0 is here! 🚀
Last Updated on February 6, 2025 by Michael Morten Sonne Introduction I’m beyond excited to announce that the… The post 🚀 Managed Ident...
Read Article →Microsoft Azure – Elevate Access to Resources with Entra ID Audit Logs – Now Available!
Last Updated on January 31, 2025 by Michael Morten Sonne Introduction During my time in IT, I’ve occasionally… The post Microsoft Azure – Ele...
Read Article →Primer: Using Exchange High Volume Email with Azure Automation
This article covers how to use HVE with Azure Automation to send email. HVE is Exchange Online's High Volume Email solution for internal communicat...
Read Article →Primer: Running Audit Searches and Sending Email from Azure Automation
This article describes how to use Azure Automation for audit searches. The runbook runs an audit search to find events for specific operations, ref...
Read Article →Securing Microsoft Business Premium Part 01: The First Step to an Unbreakable Defense
Today kicks off a comprehensive blog series where I’ll delve into the security features of the Business Premium license SKU, offering...
Read Article →Super Advanced Auditing
This solution provides automation that ensures all available auditable events are enabled for all users in a tenant. By default, not all events are...
Read Article →Managed Identity Permission Manager – v. 1.0.0.4 is out!
Last Updated on January 24, 2025 by Michael Morten Sonne Introduction I´m thrilled to announce the release of… The post Managed Identity Perm...
Read Article →Primer: How to Schedule Azure Automation Runbooks to Process Microsoft 365 Data
After creating a runbook to process Microsoft 365 data, registering the runbook with an automation schedule means that the runbook will execute on ...
Read Article →Primer: Output Data Generated with an Azure Automation Runbook to a SharePoint List
The second part of the Azure Automation runbook primer brings us to output, specifically how to create items generated by a runbook in a SharePoint...
Read Article →Primer: How to Use Azure Automation to Run Microsoft Graph PowerShell SDK Scripts
A reader asked why it seems so difficult to use Azure Automation runbooks to process Microsoft 365 data. In fact, it's not so hard, and here's a pr...
Read Article →Mastering Plus Addressing in Microsoft: Simplify Email Management
Managing emails for unlicensed admin accounts? Juggling a shared mailbox flooded with notifications from services and clients? Today’s...
Read Article →Final Days for the MSOnline and AzureAD PowerShell Modules
After many twists and turns since August 2021, the MSOnline module retirement will happen in April 2025. The AzureAD module will then retire in the...
Read Article →Parsing CEF messages without Azure Monitor Agent
Introduction During my time as SOC Engineer, I do a lot of third-party data source ingestion projects for clients into their Microsoft Sentinel ins...
Read Article →Mastering Microsoft Azure RBAC & Entra ID Roles: Automated Role Assignment Reporting Across Your Tenant
As the season for audits approaches (though, let’s be honest, auditing should be an all-year-round endeavor), I’m excited to share a...
Read Article →KQL Sources - 2025 Update
What started as a single blog is now becoming a yearly trend. More and more KQL related repositories are created, not only with a focus on security...
Read Article →How to use Managed Identities for multi-tenant app authentication
Learn how to use Managed Identities for multi-tenant app authentication when using Microsoft Graph PowerShell in Azure Automation. The post How to ...
Read Article →MC2MC Live - Forward to the Past
At MC2MC Live: Forward to the past I was able to give a session on how to manage Azure Bicep templates at scale and automatically. Very happy to ha...
Read Article →Announcing the Netskope CCP connector!
Over the past couple of weeks I’ve been working in close collaboration with the Netskope team to build and design a new Sentinel data connector for...
Read Article →MSEM | OT Security Initiative
From global tensions on nation-state level to cybercriminals and script-kiddies, cybersecurity for OT (Operational Technology) becomes more and mor...
Read Article →UAL = Unaligned Activity Logs
The unified audit log is a centralized repository for M365 user and admin activities. The activities originate from different applications, such as...
Read Article →Entra ID Private Access with private integrated storage accounts
Introduction In the past couple of weeks, I worked on a project where I needed to provide access to a securely private integrated Azure Storage Acc...
Read Article →Managed Identity Permission Manager – v. 1.0.0.2 is out!
Last Updated on November 2, 2024 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Managed Ide...
Read Article →Introducing Azure DevOps Backup Tool 1.1.2.0: Security update!
Last Updated on January 21, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introducing...
Read Article →Improving automated Sentinel detection validation.
IntroductionMicrosoft Sentinel offers a lot of features, one being the ability to manage your analytic rules (detection rules) as infrastructure as...
Read Article →Conditional Access Policy Design Patterns for Zero Trust
Explore advanced design patterns for implementing Conditional Access policies in Microsoft Entra ID as part of a Zero Trust security strategy. Cove...
Read Article →Managed Identity Permission Manager – A new tool is out to test – v. 1
Last Updated on October 25, 2024 by Michael Morten Sonne Introduction Introducing a new PowerShell tool for Managing… The post Managed Identi...
Read Article →Securing Workload Identities in Microsoft Entra ID
Best practices for securing workload identities including service principals and managed identities in Microsoft Entra ID. Discusses credential man...
Read Article →How to Force Users to Sign in Weekly
A recent question asked how to force users to reauthenticate at 7AM every Monday. The solution seems to revoke access for user accounts. This artic...
Read Article →Advanced Privileged Identity Management in Entra ID
Deep dive into Microsoft Entra Privileged Identity Management (PIM) covering just-in-time access, approval workflows, access reviews, and integrati...
Read Article →Azure RBAC Security Best Practices and Common Misconfigurations
Detailed analysis of Azure Role-Based Access Control (RBAC) security considerations, including custom role design, least privilege principles, scop...
Read Article →Hardening Entra ID
This is an update to a previous article I wrote on hardening Azure Active Directory. The idea of this update is to provide a table of default setti...
Read Article →Azug @ Noest
At a recent community event, I presented a deep dive into various authentication flows in Entra Id, showcasing how to retrieve an ARC server from a...
Read Article →Introducing Azure DevOps Backup Tool 1.1.1.0: Update with new features and bug fixes!
Last Updated on June 21, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introducing Az...
Read Article →Windows Service Monitoring at Scale using Cloud Native Azure Components
Recently, I was challenged to build a scalable, cloud native solution that should be used for monitoring of critical Windows ... Read more
Read Article →Optimize Costs using Auxiliary Logs for Verbose Logging
Today, we use logging for many purposes including security hunting with SIEM (Sentinel), troubleshooting, performance telemetry, compliance reporti...
Read Article →Troubleshooting & Monitoring of Log Ingestion with Data Collection Rules
As I have outlined in the series of blogs, Azure Logging is based on Data Collection Rules (DCRs) and Azure ... Read more
Read Article →Configure File Integrity Monitoring (FIM) using Defender for Endpoint
Previously the File Integrity Monitoring (FIM) feature in Defender for Server P2 was based on the MMA and/or Azure Monitor Agent. Since the MMA age...
Read Article →Exploring the Microsoft Sentinel Codeless Connector Platform (CCP)
There are many different ways of getting your security data into Microsoft Sentinel: You can use agent based software, play around with Diagnostic ...
Read Article →“No Internet access” on Azure VM in new VNET Subnet
Struggling to get internet access from a newly deployed VM in Azure on a new subnet, then check if VM ... Read more
Read Article →Detect Impact MFA Enforcement
You may have noticed that Microsoft will enforce MFA requirement per October 15, 2024 for Azure/Entra/Intune. If this is new ... Read more
Read Article →Mandatory MFA Requirement for Access to Azure Sites and Tools
Microsoft's project to impose a mandatory MFA requirement for access to Azure management tools and sites will start enforcement on or after October...
Read Article →All you need to know about the mandatory multifactor authentication for Azure and other administration portals
Check out this article via web browser: All you need to know about the mandatory multifactor authentication for Azure and other administration port...
Read Article →Comparing Microsoft Cloud Email Services
HVE and ECS are two competing Microsoft Cloud Email Services. At least, they seem to compete. In reality, HVE and ECS serve different target audien...
Read Article →Demystifying New Azure Monitor Auxiliary Logs Plan
Copyright © 2025 Microsoft Security - All Rights Reserved.
Read Article →Introducing Azure DevOps Backup Tool 1.1.0.0: Major update with new features, bug fixes and enhanced security!
Last Updated on September 24, 2024 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introduci...
Read Article →Identify and prevent abuse of Managed Identities with Federated Credentials from unauthorized entities
In this article, I would like to point out options to identify, monitor and avoid persistent access on Managed Identities privileges by adding fede...
Read Article →CrowdStrike issue: Workarounds
From X/Twitter. Thx to @r3srch3r for summarization. Physical machine physical server VM on Hyper-V VM on AWS VM on Azure ... Read more
Read Article →Microsoft IT/OT convergence in Defender XDR (New) and Sentinel
Disclaimer there is no change for existing Microsoft Defender for IoT (Azure) deployments.OT (Operational Technology) is (often old) technology (ha...
Read Article →Azure Arc – Windows Admin Center – Cant connect with error: Couldn´t get server data, ajax error
Last Updated on January 21, 2025 by Michael Morten Sonne Introduction If you’re encountering this error message in… The post Azure Arc ...
Read Article →The Right Way to Replace the Remove-SPOExternalUser Cmdlet
Microsoft says they will remove the Remove-SPOExternalUser cmdlet starting July 29. They recommend using Remove-AzureADUser as a replacement. It's ...
Read Article →Introducing Azure DevOps Backup Tool 1.0.5.9: Enhanced security, optimization and bug fixes!
Last Updated on July 10, 2024 by Michael Morten Sonne Intoduction I’m thrilled to announce the latest release… The post Introducing Azu...
Read Article →5 Years On - The Microsoft Sentinel Experience
Around 5 years ago, Microsoft announced the general availability of Azure Sentinel. This post aims to assess how far we along we have come - the go...
Read Article →How to assess the impact of MFA enforcement in Azure
Learn how to assess how the impact of MFA enforcement on Azure service will impact your users. The post How to assess the impact of MFA enforcement...
Read Article →Azure Monitor alerting with Azure Resource Graph data – using Azure LogAnalytics integration
If you need to get an Azure Monitor alert using Azure Resource Graph data, this can easily be accomplished using ... Read more
Read Article →Microsoft Causes Fuss Around Azure MFA Announcement
On May 14, Microsoft announced that they will require Azure MFA for connections to services starting in July 2024. No details about the implementat...
Read Article →Defender for Cloud – Reset to free tier via PowerShell
Last Updated on May 2, 2024 by Michael Morten Sonne Intoduction Resetting Microsoft Defender for Cloud Configuration Are… The post Defender f...
Read Article →Microsoft Cloud Exceeds 50% of Microsoft Total Revenues
The Microsoft FY24 Q3 results didn't contain any new user numbers for Office 365 or Teams. However, we did learn that Copilot and Azure are popular...
Read Article →Authenticate to Azure DevOps using Managed Identity and REST API
How to add a managed identity to Azure DevOps and get access tokens for Azure Devops - This one is very short and sweet - how to authenticate to Az...
Read Article →Download Azure DevOps Repositories using a Managed Identity and REST API
Everything you need to know to download Azure DevOps repositories using a Managed Identity and REST API - In this post, we will go over how to down...
Read Article →Introducing Azure DevOps Backup Tool 1.0.5.8: Enhanced security, optimization and bug fixes!
Last Updated on July 10, 2024 by Michael Morten Sonne Intoduction I’m thrilled to announce the latest release… The post Introducing Azu...
Read Article →Automated Microsoft 365 Security Posture Monitoring with Maester
Configure an automation Microsoft 365 Security Poster Monitoring solution using the Maester tool using Azure Automation. The post Automated Microso...
Read Article →Upgrade Classic Azure Administrator Roles by August 2024
A recent note from Microsoft advised that if your tenant uses classic Azure administrative role, you need to switch to Azure RBAC roles by 31 Augus...
Read Article →Re-onboard LogAnalytics to Sentinel, if SecurityInsights solution is deleted by mistake
Critical features will break or stop working, if you delete too much in Legacy solutions like SecurityInsights, SQLAdvancedThreatProtection or SQLV...
Read Article →Azure – Automating Management Group Removal in Azure with PowerShell
Last Updated on March 23, 2024 by Michael Morten Sonne Intoduction Are you tired of spending valuable time… The post Azure – Automating Manag...
Read Article →Understanding How Much Microsoft 365 Backup Charges to Protect Data
Microsoft 365 Backup costs are charged on a PAYG basis against an Azure subscription. You pay a flat fee of $0.15 per month per gigabyte of protect...
Read Article →Autopilot: Escape the Administrator
Did you ever run into an issue in which the user was still in the local administrator group after the device was enrolled with Windows Autopilot (a...
Read Article →Protect your users from Device Code Flow abuse
Device Code Flow is a great feature. You are signed in on a machine that does not have any UI but need to connect to an Azure or Microsoft 365 reso...
Read Article →Speaking at the February 2024 Azure APE Meetup
Today (Tuesday February 27th) I have the pleasure to speak at the February 2024 Azure APE Meetup organized by the Azure Platform Engineering (APE) ...
Read Article →[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS
Finally, it’s time for a refresh. It’s been a while! Due to personal circumstances, I haven’t been able to keep the U...
Read Article →Logging Into the Future: Smart Strategies for Storing Microsoft Entra Logs in Azure
Explore storing Microsoft Entra logs via Azure Monitor, Storage Accounts, and Event Hubs, each offering unique benefits for IT security.
Read Article →Connect to Microsoft Graph PowerShell Using Certificates with Azure Automation
Learn how to Connect to Microsoft Graph PowerShell using certificate based authentication in Microsoft Entra. The post Connect to Microsoft Graph P...
Read Article →Microsoft Entra Workload ID - Incident Response with Microsoft Sentinel Playbooks and Conditional Access
In the recent parts of the blog post series, we have gone through the various capabilities to detect threats and fine-tune incident enrichment of W...
Read Article →From hybrid / fully joined devices to Entra ID
Introduction Adversaries are more and more interested in the data and infrastructure that lives in Cloud environments like Azure and Microsoft 365 ...
Read Article →Microsoft Entra Workload ID - Advanced Detections and Enrichment in Microsoft Sentinel
Collecting details of all workload identities in Microsoft Entra ID allows to build correlation and provide enrichment data for Security Operation ...
Read Article →What is this Microsoft SSE solution that everyone is talking about?
On July 11th, Microsoft announced that Azure AD would be renamed to Microsoft Entra ID. Microsoft also announced two new security offerings called ...
Read Article →Microsoft Entra Workload ID - Threat detection with Microsoft Defender XDR and Sentinel
Attack techniques has shown that service principals will be used for initial and persistent access to create a backdoor in Microsoft Entra ID. This...
Read Article →Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series
Entra ID’s P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader identity gove...
Read Article →Protect Microsoft 365 Break Glass Accounts with Azure Automation
Learn how to protect your Microsoft 365 Break Glass accounts and never get locked out of your organisations tenant with Azure Automation. The post ...
Read Article →[issue] Connect-AzAccount : Method not found: System.Threading.Tasks.Task
Error Connect-AzAccount : Method not found: ‘System.Threading.Tasks.Task`1 Azure.Identity.InteractiveBrowserCredential.AuthenticateAsync(Azur...
Read Article →Sentinel & SOAR: Part 4 - Error handling
IntroductionHello there, welcome back to part 4 of my Sentinel & SOAR series! If you’re new to this series you might want to check out any earl...
Read Article →Close Encounters of the Microsoft Azure Attestation
This blog will be about my first and second encounters with Microsoft Azure Attestation(MAA) and how this new kind of attestation will be dropped d...
Read Article →How to use Automatic Attack Disruption in Microsoft 365 Defender (BEC, AiTM & HumOR)
Last year Microsoft announced a new feature called; Automatic attack disruption which uses correlated insights from the Microsoft 365 ecosystem and...
Read Article →Microsoft Entra Workload ID - Lifecycle Management and Operational Monitoring
Workload identities should be covered by lifecycle management and processes to avoid identity risks such as over-privileged permissions but also in...
Read Article →[issue] Connect-MgGraph : Method not found: ‘System.Action`1 Azure.Identity.IMsalPublicClientInitializerOptions.get_BeforeBuildClient()’.
Cause Old version of Az.Accounts v2.9.1 was being installed on the computer as part of Az.Portal installation, even though newer ... Read more
Read Article →Collecting DNS events using Azure Monitor Agent
This blog will give you insight on how to setup collection of DNS Events from Windows devices using Azure Monitor ... Read more
Read Article →Turn off Directory synchronization with Microsoft Graph PowerShell
Learn how to turn off directory synchronisation (Azure AD Connect) using Microsoft Graph PowerShell to disable on-premise synchronisation. The post...
Read Article →Microsoft Entra Workload ID - Introduction and Delegated Permissions
Workload identities will be used by applications, services or cloud resources for authentication and accessing other services and resources. Especi...
Read Article →ERROR: Could not load type ‘Microsoft.Graph.Authentication.AzureIdentityAccessTokenProvider’ from assembly ‘Microsoft.Graph.Core
After upgrading Microsoft Graph, I noticed an issue when trying to run cmdlet Get-MgGroup or Get-MgUser. I could connect to ... Read more
Read Article →Azure Backup: Do I have resources NOT protected by backup?
This blog will show you how you can automate an overview using Kusto queries against Azure Resource Graph (ARG) to ... Read more
Read Article →0x80072f8f : A BitLocker Odyssey
This time, a simple blog about a BitLocker escrow error (0x80072f8f )that started happening (all of a sudden) on multiple devices when you were try...
Read Article →How is it now you get a refund for Microsoft 365 and Azure downtime and see service status?
Last Updated on September 24, 2024 by Michael Morten Sonne This may be split up in 2 parts..… The post How is it now you get a refund for Mic...
Read Article →How to Monitor for Application Admin Permission Consent in Microsoft Entra
Learn how to monitor for application admin permission consents in Azure AD using PowerShell and Azure Automation. The post How to Monitor for Appli...
Read Article →How to protect Azure storage accounts (Blob) using Defender for Storage
Defender for Storage is the Azure-native layer of security intelligence that detects potentially harmful attempts to access or malicious activity. ...
Read Article →Azure AD – Why use Cloud-Only Administrative/normal accounts and how to protect them in Azure AD from on-premises attacks
Last Updated on June 2, 2025 by Michael Morten Sonne Intoduction Frist – sorry for the size og… The post Azure AD – Why use Cloud-Only ...
Read Article →Secure your Azure Management portal
Last Updated on June 25, 2023 by Michael Morten Sonne How secure your Azure Management Portal?. By default,… The post Secure your Azure Manag...
Read Article →Company branding and custom CSS in Azure Active Directory
Check out this article via web browser: Company branding and custom CSS in Azure Active Directory Company branding in Azure AD is a nice feature th...
Read Article →Azure AD Application Activity Report Analysis
In the today’s digital age and use all over the world, maintaining the security of an organization has… The post Azure AD Application Activit...
Read Article →Sending email with Azure Automation and Managed Identity
Using Azure Automation Accounts to send scheduled emails, ditch those scheduled tasks and insecure scripts!
Read Article →What is Customer lockbox in Azure, and how to use it?
Last Updated on March 14, 2024 by Michael Morten Sonne Customer Lockbox is a security feature in Microsoft… The post What is Customer lockbox...
Read Article →LogAnalytics table migration from Classic (v1) to Data Collector Rule-based (v2) video’s – to replace HTTP Data Collector API (v1) with Log Ingestion API (v2)
Check out my latest 2 videos, which will cover both migration scenarios using my AzLogDcrIngestPS PS-module: Side-by-Side Migration (new table, ......
Read Article →Protection of privileged users and groups by Azure AD Restricted Management Administrative Units
Restricted Management Administrative Unit (RMAU) allows to protect objects from modification by Azure AD role members on directory-level scope. Man...
Read Article →Step-up authentication with Defender for Cloud Apps and Authentication Context
Check out this article via web browser: Step-up authentication with Defender for Cloud Apps and Authentication Context In this post, I will show yo...
Read Article →Direct on board your non-Azure servers to defender for cloud WITHOUT Azure Arc
Intro Up until now, onboarding non-Azure servers to Defender for Servers required Azure Arc as a mandatory pre-requisite. With this new release, Mi...
Read Article →Onboard Defender for Endpoint without Azure Arc via Direct onboarding
Previously, onboarding hybrid servers to Defender for Servers with MDE required Azure Arc as a pre-requisite for the deployment. Since the standalo...
Read Article →Send an email on a new Azure MFA method registration
Check out this article via web browser: Send an email on a new Azure MFA method registration I’ve done quite some Azure MFA projects over tim...
Read Article →Microsoft icons
Check out this article via web browser: Microsoft icons That’s the post for today. Just a bunch of sources with icons from Microsoft 365, Azu...
Read Article →Azure DevOps – Use Azure Key Vauls for secrets in your Pipelines
Last Updated on June 19, 2023 by Michael Morten Sonne Intoduction What is Azure DevOps Azure DevOps is… The post Azure DevOps – Use Azure Key...
Read Article →Azure AD Admin and use of PIM Email forwarding for your admin accounts notifications
Last Updated on June 19, 2023 by Michael Morten Sonne Intoduction Seperate accounts in Azure AD for Administrative… The post Azure AD Admin a...
Read Article →Azure DevOps – Get a local backup of your code repositories
Last Updated on February 18, 2024 by Michael Morten Sonne Introduction This tool offers a user-friendly interface and… The post Azure DevOps ...
Read Article →How to work around the Azure Security Agent extension not deploying by default on the latest VM windows images, a currently know limitation…
Intro This blog will be about an issue I bumped into when deploying one of the enhanced protection features in defender for cloud. The enhanced fea...
Read Article →Report Suspicious Activity & Fraud Alert for Azure MFA
Check out this article via web browser: Report Suspicious Activity & Fraud Alert for Azure MFA A new feature popped up in Azure AD. Well, not ...
Read Article →Azure Automation - Device Cleanup v2
Note This article was last updated on 01/30/2025 for readability and updated URLs. We no longer need to manually load modules as shown, and this ar...
Read Article →Securing your Azure/Microsoft 365 environment with Principle of Least Privilege and Azure PIM
Last Updated on July 9, 2023 by Michael Morten Sonne Secure your Azure environment with the power of… The post Securing your Azure/Microsoft ...
Read Article →Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur in Azure AD Connect
Why is this needed? Admins who are using Azure AD Connect are currently receiving email notifications when there… The post Configure Azure AD...
Read Article →AzLogDcrIngestPS – how to do data manipulation before sending data via Azure Pipeline, Log ingestion API & Azure Data Collection Rules into Azure LogAnalytics ?
If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will ... Read more
Read Article →AzLogDcrIngestPS – tips & tricks sending data via Azure Pipeline, Azure Log Ingestion API, Azure Data Collections into Azure LogAnalytics
If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will ... Read more
Read Article →Deploy Microsoft Teams on Azure Virtual Desktop using Intune
Deploy Microsoft Teams to Azure Virtual Desktop using Intune.
Read Article →“AnyConnector” AzLogDcrIngestPS – your helper to send data via Azure Pipeline, Azure Log Ingestion API & Azure Data Collection Rules into Azure LogAnalytics table
If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will ... Read more
Read Article →ClientInspector – a cool showcase to demonstrate Log ingestion API, Azure Log Ingestion Pipeline, Azure Data Collection Rules and my new Powershell module AzLogDcrIngestPS
Are you in control? – or are some of your core infrastructure processes like patching, antivirus, bitlocker enablement driftin...
Read Article →Collecting CEF Syslogs using Azure Monitor Agent
This blog will give you insight on how to setup collection of syslogs (CEF) using Linux forwader server using Azure ... Read more
Read Article →Collecting IIS logs using Azure Monitor Agent
This blog will give you insight on how to setup collection of IIS logs from Windows devices using Azure Monitor ... Read more
Read Article →Collecting Performance data using Azure Monitor Agent, VMInsights and ServiceMap
This blog will give you insight on how to setup collection of Performance and ServiceMap information from Linux and Windows ... Read more
Read Article →Collecting Security events using Azure Monitor Agent
This blog will give you insight on how to setup collection of Security Events (eventlog) from Windows devices using Azure ... Read more
Read Article →Collecting Syslogs using Azure Monitor Agent
This blog will give you insight on how to setup collection of syslogs using Linux forwader server using Azure Monitor ... Read more
Read Article →Collecting System & Application events using Azure Monitor Agent
This blog will give you insight on how to setup collection of System & Application Events (eventlog) from Windows devices ... Read more
Read Article →Collecting text logs using Azure Monitor Agent
This blog will give you insight on how to setup collection of text logs from Linux and Windows devices using ... Read more
Read Article →How to do data transformation using Workspace transformation for legacy upload methods
This blog will demonstrate how you can do workspace transformation to support legacy data transformation where data is being uploaded ... Read more
Read Article →Master Azure Logging in depth
I am really passioned about the logging capabilities in M365 Defender and Azure with the power to bring data back from cli...
Read Article →Tutorial – How to make data transformations using Data Collection Rules?
This section will show you the steps for setting up data transformations – and how you can do the transformation ... Read more
Read Article →Understanding Azure Data Collection Endpoint
Azure Data Collection Endpoint (DCE) provide a connection for certain data sources of Azure Monitor. This article gives you an ... Read more
Read Article →Understanding Azure logging capabilities in depth
Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) ... Re...
Read Article →Understanding the fundamentals of log-collection with Azure Monitor Agent & Azure Data Collection Rules
This blog will take you “under the hood” of extensions, Azure Monitor Agent (AMA) and Azure Data Collection Rules for ... Read more
Read Article →AWS - Integrating PIM with Azure AD SSO for AWS Single-Account Access
Note This article was last updated on 01/30/2025 for readability and updated URLs
Read Article →AWS - Integrating PIM with Azure AD SSO for AWS IAM Identity Center
Note This article was last updated on 01/30/2025 for readability and updated URLs
Read Article →Tutorial: Change the workspace destination of your already provisioned Data Collection Rule used by the Azure Monitoring Agent
Intro This post is inspired on different setups I saw while working with my clients. More and more clients are leveraging the Azure Monitoring Agen...
Read Article →Authenticator Lite – Approve Azure MFA prompts with the Outlook app
Check out this article via web browser: Authenticator Lite – Approve Azure MFA prompts with the Outlook app Microsoft released a new feature ...
Read Article →Azure - Securing Subscriptions
Note This article was last updated on 01/30/2025 for readability and updated URLs
Read Article →System-preferred multifactor authentication in Azure AD. Don’t settle for less.
Check out this article via web browser: System-preferred multifactor authentication in Azure AD. Don’t settle for less. A new feature has pop...
Read Article →Azure AD Conditional Access authentication context now also available for Azure AD Privileged Identity Management
Microsoft has extended the capabilities of Azure AD authentication context to Azure AD Privileged Identity Management (PIM). By doing this we can t...
Read Article →Duplicate Azure Active Directory Conditional Access policies
Check out this article via web browser: Duplicate Azure Active Directory Conditional Access policies In this post, we look at managing Conditional ...
Read Article →[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS
Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrat...
Read Article →Azure Arc - Onboarding Servers with Group Policy
Note This article was last updated on 01/30/2025 for readability and updated URLs
Read Article →The Importance Of Identity In Microsoft Certifications
The Importance Of Identity In Microsoft Certifications As I’ve taken Microsoft certification exams, or the exam renewals, I’ve noticed that Azure A...
Read Article →Don't Let DNS Be Your Azure AD Recovery Downfall
Don't Let DNS Be Your Azure AD Recovery Downfall In September of 2022, Joey Verlinden (@jvldn1) published an excellent article on his experience wi...
Read Article →Orphaned Azure Security Principals Clean-up & Azure Policy Managed Identity Role Assignment Automation
This blog covers 2 topics : (1) how you can automate clean-up of any orphaned security principal role assignments – ... Read more
Read Article →Getting started with Azure AD cross-tenant synchronisation
Cross tenant sync is a feature I've been waiting to see for a while and with the announcement of cross tenant access settings, I knew it...
Read Article →Automate Reporting of Defender for Cloud recommendations & Role Assignments with 35 different views
Background Recently, I was asked to build a simple reporting-script, which integrates data from Microsoft Defender for Cloud and Azure ... Read more
Read Article →Azure AD 101: Azure Subscription Relationship
Azure AD 101: Azure Subscription Relationship Whether you are dipping your toe or diving headfirst into Azure, one of the points of confusion is th...
Read Article →Azure Automation - Advanced Auditing
Note This article was last updated on 01/27/2025 for readability and updated URLs, and the content itself will be updated in the near future :)
Read Article →Ghost blogging on Azure Container Apps
Introduction Hosting a blog these days can easily be done without having to cost anything. There are a lot of solutions in the likes of Medium, Wee...
Read Article →How to save $$$ by storing your Syslog and Defender for Endpoint long-term logs in Azure Data Explorer cluster using Azure Data Factory and Azure Storage Account export – while keeping Kusto query functionalities ?
This blog is about keeping long-term Sentinel logs, giving you insight to the options today – with great opportunities to ... Read more
Read Article →Sentinel Alert Rules Management with Add / Update / Remove & Alert Rule Action automation
Do you want to automate alert rules including creating new alert rules and update existing – with checks every x ... Read more
Read Article →Real example with 43% cost savings on Sentinel log-costs: How to exclude Syslog log-events from banned IPs using AbuseIPDB-service with integration to firewalls
This is a real-life example of how I helped reduce the log-cost by 43% for LogAnalytics & Sentinel combined for ... Read more
Read Article →How to run custom scripts on thousands of servers within a few minutes using Azure Custom Scripts extension and multithreaded jobs – and have them re-run daily?
Have you ever had a need to collect vital configuration status (inventory) from thousands of servers – with a defined ... Read more
Read Article →How to migrate from Qualys and enable Microsoft Defender Vulnerability Management (MdeTvm) in Microsoft Defender for Cloud?
Microsoft’s Defender Vulnerability Management is a built-in module in Microsoft Defender for Endpoint that can: If you’ve enabled ...
Read Article →How to detect File Deletions using Audit-data (SecurityEvent) & Azure LogAnalytics ?
Recently I was asked to provide a solution to detect file deletions on a file server in a sensitive folder ... Read more
Read Article →How to do data transformation with Azure LogAnalytics – to enrich information, optimize cost, remove sensitive data?
One of the cool features in Azure LogAnalytics is the capability to do data-transformation before the data enters your LogAnalytics ... Read more
Read Article →Break glass accounts and Azure AD Security Defaults
Check out this article via web browser: Break glass accounts and Azure AD Security Defaults Security Defaults is the best thing since sliced bread....
Read Article →Securing privileged user access with Azure AD Conditional Access and Identity Governance
Conditional Access and Entitlement Management plays an essential role to apply Zero Trust principles of “Verify explicitly“ and “Use least-privileg...
Read Article →SpAML: Spoofing Users In Azure AD With SAML Claims Transformations
SpAML: Spoofing Users In Azure AD With SAML Claims Transformations For those that believe SAML is dead, they should take a look at the Azure AD App...
Read Article →Conditional Access public preview functionality reviewed (22H2) – Part 3: Granular control for external user types
In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public pr...
Read Article →Conditional Access public preview functionality reviewed (22H2) – Part 2: Conditional Access filters for Apps and Workload Identities
In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public pr...
Read Article →Conditional Access public preview functionality reviewed (22H2) – Part 1: Authentication Strength
In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public pr...
Read Article →Automated Lifecycle Workflows for Privileged Identities with Azure AD Identity Governance
Microsoft has been released a feature to automate on- and off-boarding tasks for Azure AD accounts. Lifecycle workflows offers built-in workflow te...
Read Article →Synchronize attributes for Lifecycle workflows – Azure AD Connect Sync
Check out this article via web browser: Synchronize attributes for Lifecycle workflows – Azure AD Connect Sync Azure AD Lifecycle Workflows c...
Read Article →CISA SCuBA: Diving Into The Azure AD Baseline
CISA SCuBA: Diving Into The Azure AD Baseline CISA recently released baseline guidance for cloud application security, dubbed SCuBA, or Secure Clou...
Read Article →VM Contributor To Domain Admin In 60 Seconds
VM Contributor To Domain Admin In 60 Seconds When Microsoft revamped the privileged access model in the late fall of 2020, it was received with mix...
Read Article →How to keep track of changes on Microsoft Docs & Learn?
Check out this article via web browser: How to keep track of changes on Microsoft Docs & Learn? When working with cloud services like Microsof...
Read Article →Setting up Azure MFA for VPN and Remote Desktop Gateway
This article will go into detail on how to configure Azure MFA for access to on-premises VPN and RD Gateway.
Read Article →Azure AD: New Controls For Authentication Strength
Azure AD: New Controls For Authentication Strength Microsoft has released a much asked for setting, which also aligns to the Whitehouse memorandum,...
Read Article →How to implement Defender for Identity and configure all prerequisites
Microsoft Defender for Identity MDI (previously called Azure Advanced Threat Protection or Azure ATP) is a Microsoft security solution that capture...
Read Article →Microsoft Defender for Endpoint series – Onboard using Configuration Manager/ GPO – Part3D
It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) ...
Read Article →How to mitigate MFA fatigue and learn from the Uber breach for additional protection
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. With the rise of mo...
Read Article →Take control of your guests with the External Identities Policy
Check out this article via web browser: Take control of your guests with the External Identities Policy Today we take a look at the brand new Exter...
Read Article →Microsoft Defender for Endpoint series – Onboard using Azure Arc or Direct onboarding – Part3C
It is time for part 3C of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3B (Onboard Defender for Endpoint using Defender fo...
Read Article →Choosing a FIDO2 Security Key
Choosing a FIDO2 Security Key As I’ve been keeping up with my FIDO2 Security Key roundup, which you can find here, Azure AD: FIDO2 Security Key Rou...
Read Article →Tips for preventing against new modern identity attacks (AiTM, MFA Fatigue, PRT, OAuth)
Identity attacks are currently changing and focussing on new techniques. In the past years, many organizations protected accounts with MFA/ FIDO2 a...
Read Article →Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022]
This is the updated “matrix” of OS supported for the almost 80 features, services, and important components that make up Microsoft Defe...
Read Article →Use the Azure Monitor Agent (AMA) for Defender for Cloud and migrate from MMA agent
Defender for Cloud was since the release based on the Microsoft Monitoring Agent (MMA). Since august 2022 it is possible to auto-deploy the Azure M...
Read Article →Protect against AiTM/ MFA phishing attacks using Microsoft technology
In the last couple of weeks, many researchers warns of a new large-scale phishing campaign that is using the adversary-in-the-middle (AiTM) techniq...
Read Article →How to deal with orphaned objects in Azure AD (Connect)
Check out this article via web browser: How to deal with orphaned objects in Azure AD (Connect) We have done hybrid identity for a couple of years ...
Read Article →Night of the Autopilot of the Dawn of the Temporary Access Pass of the MFA of the Return of the RebootRequired of the WUFB of the Attack of the Evil, Mutant, Hellbound, Flesh-Eating SSO Zombified Living Conditional Access, Part 2: In Azure 2-D
After a nice talk with Yannick Van Landeghem, who made me aware of a “possible” security gap when using a Temporary Access Pass (TAP), I decided to...
Read Article →Use a FIDO2 security key as Azure MFA verification method
Check out this article via web browser: Use a FIDO2 security key as Azure MFA verification method This news seems to be kept under the radar a litt...
Read Article →Get alerts on Azure resource assignments made outside PIM
Check out this article via web browser: Get alerts on Azure resource assignments made outside PIM Microsoft released a new public preview where adm...
Read Article →Get started with Azure AD B2B direct connect
Check out this article via web browser: Get started with Azure AD B2B direct connect We all love seamless collaboration, right? Well, here’s ...
Read Article →Azure AD - Integrating Azure AD logs with Azure Monitor
Note This article was last updated on 01/26/2025 for readability and updated URLs
Read Article →Multi-stage approval for privileged roles using Azure AD Identity Governance
Check out this article via web browser: Multi-stage approval for privileged roles using Azure AD Identity Governance Privileged Identity Management...
Read Article →KB – mobile phone number not in sync Azure AD Connect
Check out this article via web browser: KB – mobile phone number not in sync Azure AD Connect This is a knowledgebase item. Hope it helps you...
Read Article →MFA prompt spamming/ MFA fatigue – What can you do to prevent/ detect attacks?
MFA prompt spamming/ MFA fatigue is a quite new term and seeing more after the LAPSUS$ attack. Currently there are many MFA options including SMS, ...
Read Article →What happens without RDP protection after 24+ hours in Microsoft Sentinel & Microsoft security products
For many years, abuse of Remote Desktop Protection (RDP) has been the most common root cause of all ransomware events. At the moment one of the mos...
Read Article →Get started with multi-stage access reviews in Azure AD
Check out this article via web browser: Get started with multi-stage access reviews in Azure AD Access reviews, part of the Azure AD Identity Gover...
Read Article →Apple Business Manager device import options for later use within Microsoft Endpoint Manager
This blogpost is a continuation of two earlier blogposts about integrating Apple Business Manager with Azure Active Directory and Apple Business Ma...
Read Article →Connecting Microsoft Endpoint Manager to Apple Business Manager
This article will continue where we finished in the article I wrote about setting up Apple Business Manager for use with Azure Active Directory. In...
Read Article →Access reviews for Azure AD directory roles
Check out this article via web browser: Access reviews for Azure AD directory roles This blog post is for all those organizations out there with st...
Read Article →Azure AD Connect: Escape to Proxy Addresses
This blog will be about some stuff you need to beware of when you are setting up Azure AD Connect. It’s a topic I haven’t written a lot about but [...
Read Article →Setting up Apple Business Manager for use with Azure Active Directory
Apple Business Manager is a service provided by Apple which helps to deploy Apple devices and apps in your organization. By leveraging Apple Busine...
Read Article →Protect against AzureAD OAuth Consent phishing attempts (Illicit consent attack)
In the last couple of months, there is a large increase visible in consent phishing emails (illicit consent attacks). Microsoft threat analysts are...
Read Article →Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices
Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defend...
Read Article →Act on group membership changes in Azure Active Directory
Check out this article via web browser: Act on group membership changes in Azure Active Directory Did you ever want to act on a change in group mem...
Read Article →Onboard FIDO2 keys using Temporary Access Pass in Azure AD
Check out this article via web browser: Onboard FIDO2 keys using Temporary Access Pass in Azure AD One of the requirements to use FIDO2 security ke...
Read Article →Identity Protection Risk Analysis workbook: Get more Azure AD Identity Protection insights
During Ignite ’21 Microsoft announced multiple new functionalities, renames, and new products. In the upcoming weeks, more blogs are coming w...
Read Article →Conditional Access announcements from Ignite November 2021 reviewed
During the Microsoft Ignite conference in November 2021 Microsoft made several announcements related to Azure AD conditional access. You can read t...
Read Article →Azure AD Conditional Access sign-in troubleshooting tip: Flag sign-in errors for review
If you have Conditional Access configured and active within your Azure AD environment, there might be some scenario’s where users are not abl...
Read Article →Enable Location Information and Code Match for Azure MFA
Check out this article via web browser: Enable Location Information and Code Match for Azure MFA Update 26-11-2021 As this feature is now in public...
Read Article →Control Azure AD Conditional Access policy behavior during an Azure AD outage
In December last year, Microsoft announced that per April 1, 2021 they updated their service level agreement(SLA) for Azure AD user authentication ...
Read Article →Customize the MFA registration policy in Azure AD Identity Protection
Check out this article via web browser: Customize the MFA registration policy in Azure AD Identity Protection Disclaimer: this is a proof of concep...
Read Article →Using Mozilla Firefox as a browser when using Azure AD Conditional Access on your Modern Workplace
Starting with Firefox version 91, Mozilla is now supporting Single sign-on support (SSO) and device-based Conditional Access as announced by Micros...
Read Article →Stream Azure AD Identity Protection events to Microsoft Sentinel/ Log Analytics
Microsoft recently added a new function that gives the option for stream events from Azure AD Identity Protection into Microsoft Sentinel. In this ...
Read Article →Cloud App Discovery with MCAS & MDE for Shadow IT monitoring and integration with Azure Sentinel
Cloud discovery is one of the most interesting functions available with the Cloud App Discovery product. With Cloud Discovery, organizations will g...
Read Article →OneDrive client sign-in issues due to Conditional Access policies in Azure AD tenant where you are a guest user
Today I experienced an interesting issue, for which I thought it was interesting sharing how I figured out what was going on. The issue/challenge T...
Read Article →Protecting against Lateral Movement with Defender for Identity and monitor with Azure Sentinel
Lateral movement refers to the techniques that a cyber attacker uses, after gaining initial access, to move deeper into a network in search of sens...
Read Article →Protecting against password spray attacks with Azure Sentinel and Azure AD
A Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to ...
Read Article →Security Hygiene, Azure Security Center, and Secure Score
The basics Let’s start this article with some basic cybersecurity terminology. Security hygiene, or cyber hygiene, is a general term used to ...
Read Article →Azure AD Identity Protection: User Risk and Sign-in Risk protection with automation
Azure AD Identity Protection is one of the security tools available in the Microsoft E5 license. With Azure AD Identity Protection it is possible t...
Read Article →Using the Azure Sentinel Windows Security Events Connector for getting custom events
Microsoft announced on 14th June 2021 a new version of the Windows Security Events data connector. The new feature reached currently the public pre...
Read Article →Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?
Check out this article via web browser: Getting everyone enrolled for Azure MFA and SSPR. How hard can it be? I’ve done quite some Azure MFA ...
Read Article →A first look at Azure AD Conditional Access authentication context
During Microsoft Ignite in March this year, Microsoft announced several new upcoming functionalities for Azure Active Directory. One of the announc...
Read Article →Monitor RDP Brute Force Attack with Azure Sentinel & Azure Security Center
Since the last years, there is a large increase in cybercriminals attempting to run attacks by exploiting the login credentials. With the current w...
Read Article →Review service principals with Azure AD Access Reviews and monitor with Azure Sentinel
A new feature in public preview is the Azure AD access review functionality. With the new AzureAD access reviews function it is possible to review ...
Read Article →Change billing model for Azure AD guest users
Check out this article via web browser: Change billing model for Azure AD guest users Back in 2020, Microsoft announced a change in the pricing mod...
Read Article →Monitor Azure AD break-glass accounts with Microsoft Sentinel
Conditional Access configuration for AzureAD accounts is important. With Conditional Access you can protect easy accounts, block outdated protocols...
Read Article →Three Cool Things To Do With Azure Information Protection
In my last blog, I wrote about three considerations for your Azure Information Protection deployments and commented on often overlooked potential d...
Read Article →A first look at using Filters for devices as conditions in Azure AD Conditional Access policies
Earlier this month I wrote an article about using filtering in assignments for apps, compliance policies and configuration profiles in Microsoft En...
Read Article →Announcing #WPNinjasNL Tuesdays Webinar #25, Tuesday May 25, featuring Jan Bakker
For next week, Tuesday, May 25 we are proud to announce that Jan Bakker, Microsoft 365 Consultant and Microsoft Enterprise Mobility MVP will be hos...
Read Article →Integrate Azure Sentinel with Microsoft Teams for seamlessly collaboration
Working from home became the new normal in most of the work environments. With the increase of working from home also the security impact changed. ...
Read Article →Three Considerations for Azure Information Protection Deployments
Azure Information Protection (AIP) – more accurately exposed to Microsoft 365 now as sensitivity labels – is close to the top of my fav...
Read Article →Use Azure Security Center workbooks for detailed information/ dashboards
Azure Security Center included integration with Azure Workbooks. With the new Workbooks feature is it possible to build custom reports. From Azure ...
Read Article →Automatically Hide IP Addresses When Recording Demos or Screen Sharing
The Azure Mask browser extension is a really great tool when either recording on-screen demos or sharing your screen. Available for Edge/Chrome and...
Read Article →Troubleshooting Hybrid Azure AD Intune Automatic Enrollment
As I have blogged about a lot, there are a bunch of hoops to be jumped through and prerequisites to be met for a successful hybrid Azure AD join an...
Read Article →Revoke Access to Office Files with Sensitivity Labels and Azure Information Protection
Most of us have had that “oh <blank>” moment where we have given someone access to someone only to immediately or later need to...
Read Article →Require MFA for Azure AD domain join and Device Registration
Check out this article via web browser: Require MFA for Azure AD domain join and Device Registration Today we take a look at a new feature in Azure...
Read Article →Announcing #WPNinjasNL Tuesdays Webinar #22, Tuesday March 30, featuring Dirk-jan Mollema, security researcher at Fox-IT
For next week, Tuesday, March 30 we are proud to announce that Dirk-jan Mollema, one of the core researchers of Active Directory and Azure AD at Fo...
Read Article →Azure Active Directory Connect – Cloud Sync
Check out this article via web browser: Azure Active Directory Connect – Cloud Sync When organizations want to extend Active Directory to Azu...
Read Article →Announcing #WPNinjasNL Tuesdays Webinar #21, Tuesday March 16, featuring Patrick van den Born and Rick Stijnman
For next week, Tuesday, March 16 we are proud to announce that Patrick van den Born and Rick Stijnman will be hosting a session about: Deploying Wi...
Read Article →Track the registration and usage of all authentications methods with AzureAD
As part of the new Passwordless GA announcement, Microsoft created a new activity blade in AzureAD. With the new Authentications methods Activity b...
Read Article →Review guest access across Microsoft 365 groups (teams)
Check out this article via web browser: Review guest access across Microsoft 365 groups (teams) In a previous blog post I wrote about Azure AD Acce...
Read Article →Microsoft Information Protection Sensitivity Labels – Custom User Permissions and Do Not Forward
With Microsoft Information Protection, you can apply sensitivity labels to files, emails, and containers such as SharePoint Libraries. These labels...
Read Article →Announcing #WPNinjasNL Tuesdays Webinar #20, Tuesday March 2nd, featuring Thomas Maurer
For next week, Tuesday, February 16 we are proud to announce that Thomas Maurer, Senior Cloud Advocate at Microsoft will be hosting a session about...
Read Article →Azure Active Directory Temporary Access Pass
Check out this article via web browser: Azure Active Directory Temporary Access Pass This blog post is all about the new Temporary Access Pass in A...
Read Article →My presentation about Conditional Access at the Workplace Ninja User Group Netherlands
Yesterday, on Thursday February 16, I presented at the 19th Workplace Ninja User Group Netherlands Tuesdays Webinar. My session, titled “Azur...
Read Article →February 2021 update of the Azure AD Conditional Access demystified whitepaper and workflow cheat sheet.
I’m proud to announce the February 2021 update of my Conditional Access demystified whitepaper. With this release, we have reached the third ...
Read Article →Go fully passwordless with the new Azure AD Temporary Access Pass feature
The new Azure AD Temporary Access Pass preview feature is available in the tenant. With the new preview feature, it is possible to configure ...
Read Article →Privileged Identity Management Discovery and insights
Check out this article via web browser: Privileged Identity Management Discovery and insights Privileged Identity Management (PIM) in Azure Active ...
Read Article →First look at Access Reviews for guests in all Teams and Microsoft 365 Groups
In January, Microsoft announced that they released a public preview allowing entitled customers to create Azure AD access reviews for guest users a...
Read Article →Number matching with Microsoft Authenticator App in Azure MFA
Check out this article via web browser: Number matching with Microsoft Authenticator App in Azure MFA Number matching and passwordless phone sign-i...
Read Article →Turn Existing Azure AD Devices into Windows Autopilot Devices
To provision Windows 10 PCs using Autopilot and Intune, they must first be registered as Windows Autopilot devices in the Device Directory Service,...
Read Article →Kusto Gym
Welcome to the Kusto Gym, On your road to become a Kusto Knight, there are some exercises to put the theory into action. Where do we store the data...
Read Article →Browser restrictions and configuration when using Conditional Access on your modern workplace
This article is about a subject I covered before in my blogpost titled: “Understanding and governing reauthentication settings in Azure Activ...
Read Article →Announcing #WPNinjasNL Tuesdays Webinar #1, January 19, 2021 featuring Adnan Hendricks
For Today, January 19th we are proud to announce that our own Adnan Hendricks, Microsoft Azure MVP will host a session about: Azure AD Identity Pro...
Read Article →Enable automatic Access Reviews for Guest users in Teams and Microsoft 365 Groups
Azure AD access reviews feature is now in public preview for the Teams and Microsoft 365 Groups. In this blog post an overview of the new public pr...
Read Article →Self Service in Microsoft 365
Check out this article via web browser: Self Service in Microsoft 365 One of the great things about Azure Active Directory is the capability of sel...
Read Article →Store BitLocker Recovery Keys in Azure AD for Devices Already Encrypted
As you move from on-premises or third-party infrastructure to Microsoft 365 and Azure AD, you will want to keep those BitLocker recovery keys safe....
Read Article →Azure Active Directory Identity Governance – Azure AD Entitlement Management
Check out this article via web browser: Azure Active Directory Identity Governance – Azure AD Entitlement Management In this series, we take a look...
Read Article →Azure Active Directory Identity Governance – Privileged Identity Management
Check out this article via web browser: Azure Active Directory Identity Governance – Privileged Identity Management In this series, we take a look ...
Read Article →Azure Active Directory Identity Governance – Access Reviews
Check out this article via web browser: Azure Active Directory Identity Governance – Access Reviews In this series, we take a look at Azure A...
Read Article →Get all Conditional Access Query’s with a single click using Graph API
Conditional Access is one of the available tools used by Azure Active Directory to bring different signals together. Based on different signals it ...
Read Article →Protect files on download using Cloud App Security and Azure Information Protection
Check out this article via web browser: Protect files on download using Cloud App Security and Azure Information Protection If you have read my blo...
Read Article →Fast response with Azure AD Continuous Access Evaluation (CAE) and Conditional Access
Continuous Access Evaluation (CAE) for AzureAD is one of the latest functions and is available in public preview. With this new technique, it is po...
Read Article →Understanding and governing reauthentication settings in Azure Active Directory
Governing when users receive authentication prompts when authenticating to Azure Active Directory (Azure AD) is depending on more than one setting,...
Read Article →License on-demand with Power Automate and Azure AD
Check out this article via web browser: License on-demand with Power Automate and Azure AD Most organizations are using group-based licensing in Az...
Read Article →Azure AD Continuous access evaluation (CAE), a first look
In April 2020 Alex Weinert, Director of Identity Security at Microsoft announced that Microsoft was working on moving towards real time policy and ...
Read Article →Collect Microsoft Teams activity in Azure Sentinel and start hunting
Azure Sentinel is a cloud-native security information and event management platform. (SIEM). Sentinel uses AI to analyze large volumes of data. Azu...
Read Article →Inzicht in Brute-force & Password spray attack via Azure Sentinel
Azure Sentinel is een cloud-native Security Information Event Management-oplossing, ook wel bekend als een SIEM-oplossing. Azure Sentinel is cloud-...
Read Article →Azure MFA authentication method analysis. Share the results with Power Automate!
Check out this article via web browser: Azure MFA authentication method analysis. Share the results with Power Automate! You might have seen the sa...
Read Article →Microsoft Secure Score Series – 15 – Do not expire passwords
Check out this article via web browser: Microsoft Secure Score Series – 15 – Do not expire passwords Research has found that when periodic password...
Read Article →Assigning groups to Azure AD roles and Privileged access groups, a first look!
On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature i...
Read Article →Use Microsoft Graph Security for end-user notifications
Check out this article via web browser: Use Microsoft Graph Security for end-user notifications In this short blog post, I want to show how you can...
Read Article →Getting Started with Azure AD Identity Governance – Part 3: Privileged Identity Management (PIM)
This blog is the last in a small series on Azure AD Premium P2’s Identity Governance toolkit. Part 1: Entitlement Management Part 2: Access R...
Read Article →Bulk dismiss risky users with Power Automate or Logic Apps
Check out this article via web browser: Bulk dismiss risky users with Power Automate or Logic Apps Update 08-10-2020: Microsoft released an officia...
Read Article →Getting Started with Azure AD Identity Governance – Part 2: Access Reviews
This blog is the second in a small series on Azure AD Premium P2’s Identity Governance toolkit. Part 1: Entitlement Management Part 2: Access...
Read Article →Getting Started with Azure AD Identity Governance – Part 1: Entitlement Management
This blog is the first in a small series on Azure AD Premium P2’s Identity Governance toolkit. Part 1: Entitlement Management (this post) Par...
Read Article →Close the gap. Azure AD Identity Protection & Conditional Access.
Check out this article via web browser: Close the gap. Azure AD Identity Protection & Conditional Access. This blog is about Azure AD Identity...
Read Article →Use Power Automate or Logic Apps to keep an eye on your licenses
Check out this article via web browser: Use Power Automate or Logic Apps to keep an eye on your licenses I guess we’ve all been there; you ra...
Read Article →Completed the Azure Solution Architect Expert Certification
After earning my Microsoft 365 Certified Enterprise Administrator Expert certification in May, I decided to continue my certification journey and e...
Read Article →A first look at Administrative Units and My Staff in Azure Active Directory
Check out this article via web browser: A first look at Administrative Units and My Staff in Azure Active Directory Recently, Microsoft introduced ...
Read Article →Microsoft Secure Score Series – 11 – Turn on user risk policy
Check out this article via web browser: Microsoft Secure Score Series – 11 – Turn on user risk policy With the user risk policy turned on, Azure AD...
Read Article →Controle op Azure AD machtigingen met de Admin consent workflow; zo werkt het
Tegenwoordig worden steeds meer applicaties via de cloud aangesloten en geconfigureerd. Als we naar Microsoft kijken, is het mogelijk om vele appli...
Read Article →Sign In to Azure AD Using Google with Azure AD External Identities
External Identities is a new public preview feature of Azure AD which allows external users to authenticate with a non-Microsoft account such as th...
Read Article →Hybrid Azure AD Join + Intune Enrollment – Prerequisites Checklist and Process Flow
I’m a simple person, and sometimes it just helps to have a checklist to refer to when you’re troubleshooting rather than navigating the...
Read Article →Some welcome additions to the Admin consent workflow in Azure AD
Update October 7 2020: This functionality is now GA, see Publisher verification and app consent policies are now generally available In February th...
Read Article →5 Manieren om Azure Active Directory accounts veiliger te maken
De cloud is trending en steeds meer applicaties en diensten zijn afhankelijk van de cloud. Een cloud omgeving geeft vele voordelen maar geeft ook e...
Read Article →Azure Active Directory Password Protection; hoe werkt deze extra beveiliging?
Azure AD Password Protection is een functionaliteit welke de mogelijkheid geeft om het wachtwoordbeleid te versterken op basis van informatie welke...
Read Article →Azure AD aanmelden via een FIDO2 Security Key; zo werkt het!
Een wachtwoord is als je er over nadenkt best lastig, en je vergeet hem vast wel eens. Ook heeft een gebruiker tegenwoordig meerdere accounts – en ...
Read Article →Azure AD Sign-In Risk Policy: Zo werkt deze functionaliteit
De Azure AD beveiligen is tegenwoordig van groot belang. Vanuit de Microsoft Secure Score krijg je een aantal adviezen op basis van de kennis bij M...
Read Article →Azure Sentinel: Wat kan je met de nieuwe security oplossing van Microsoft?
Azure Sentinel is een van de nieuwste security producten van Microsoft. Maar wat is nu precies het doel van Azure Sentinel binnen de Microsoft omge...
Read Article →Veilig werken met Teams en Office365, dit zijn quick wins vanuit Office365 en AzureAD
Teams is enorm populair, en is wereldwijd in een behoorlijke versnelling gekomen vanwege het vele thuiswerken. Microsoft Teams is een online samenw...
Read Article →Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO
The group policy object Register domain-joined computers as devices, or Automatically workplace join client computers in older templates, was previ...
Read Article →Connect a Work or School Account – MDM vs. MAM in Self Enrolment
A Windows 10 user can self-enrol in MDM or MAM from Settings > Accounts > Access work or school > Connect. What happens next depends on...
Read Article →What admins should know about the combined registration portal for Azure MFA and Self Service Password Reset
Check out this article via web browser: What admins should know about the combined registration portal for Azure MFA and Self Service Password Rese...
Read Article →How to keep an eye on your Teams with Log Analytics and Azure Monitor?
Check out this article via web browser: How to keep an eye on your Teams with Log Analytics and Azure Monitor? In my previous blog post, I wrote ab...
Read Article →Microsoft Secure Score Series – 07 – Turn on sign-in risk policy
Check out this article via web browser: Microsoft Secure Score Series – 07 – Turn on sign-in risk policy Turning on the sign-in risk policy ensures...
Read Article →Azure AD Identity Protection deep dive
One of the advantages of Microsoft having many customers using its services is that Microsoft can leverage data from those customers and apply some...
Read Article →Use Power Automate for your custom “dynamic” groups
Check out this article via web browser: Use Power Automate for your custom “dynamic” groups Azure AD Dynamic Groups Dynamic groups in A...
Read Article →Microsoft Secure Score Series – 05 – Enable self-service password reset
Check out this article via web browser: Microsoft Secure Score Series – 05 – Enable self-service password reset With self-service password reset in...
Read Article →Lessons learned while implementing Azure AD Privileged Identity Management (PIM)
Lessons learned while implementing Azure AD Privileged Identity Management (PIM) The post Lessons learned while implementing Azure AD Privileged Id...
Read Article →Microsoft Secure Score Series – 03 – Enable Password Hash Sync if hybrid
Check out this article via web browser: Microsoft Secure Score Series – 03 – Enable Password Hash Sync if hybrid Password hash synchronization is o...
Read Article →How to publish on-premises applications and protect them with MFA
Check out this article via web browser: How to publish on-premises applications and protect them with MFA Using Azure Application Proxy you can pub...
Read Article →Azure AD tenant branding; size does matter!
Check out this article via web browser: Azure AD tenant branding; size does matter! Earlier today, I read this article from Alex Simons about the c...
Read Article →Require trusted location for MFA and SSPR registration
Check out this article via web browser: Require trusted location for MFA and SSPR registration This article shows how you can block MFA and SSPR re...
Read Article →Secure your Azure Management portal
Check out this article via web browser: Secure your Azure Management portal Today a quick tip to secure your Azure Management Portal. By default, t...
Read Article →Challenges while managing administrative privileges on your Azure AD joined Windows 10 devices
By default, on Windows 10 devices which are Azure AD joined, the user performing the join is added to the Local Administrator group. Besides the us...
Read Article →Did you already modify your Azure AD consent defaults settings? Here is why you should
As you may know, it’s possible for your users to sign-in to SaaS based applications using their Azure AD account. By doing this, a Single Sig...
Read Article →Using Intune to Deploy the Azure Information Protection (AIP) Unified Labeling Client (Win32 MSI)
Unified labels refer to a movement whereby Azure Information Protection (AIP) labels are now being replaced by sensitivity labels. Sensitivity labe...
Read Article →Microsoft deprecates Conditional Access baseline policies in favour of Security Defaults, here is what you need to know and do
Last week, Microsoft announced that the Azure AD conditional access baseline policies will not make it out of their current preview status. The fun...
Read Article →Implementing RBAC and Scoping in Microsoft Intune
When you create an Intune tenant within your environment, you execute the creation with an account which is Global Administrator within Azure Activ...
Read Article →Report-only mode, and some more handy reporting functionality for Conditional Access and Azure AD
During its annual Microsoft Ignite 2019 conference this week, Microsoft announced a new feature for Conditional Access called Report-Only mode in p...
Read Article →Ask yourself if you still really need ADFS
In Q1 2017 Microsoft released the Pass Through Authentication (PTA) functionality as part of Azure AD connect. With the release of Azure Active Dir...
Read Article →Course: 20533C – Implementing Microsoft Azure Infrastructure Solutions–Study reference
While teaching the 20533C course to students I provide them with more information about the topics covered in the training. Perhaps they can help y...
Read Article →