Self Service in Microsoft 365

One of the great things about Azure Active Directory is the capability of self-service. Maintaining security groups can be a laborious and cumbersome task to do. The same applies to resetting passwords, handing out licenses, permissions, applications, and privileged roles. What if I told you that you can delegate most of these tasks to your end-users, their managers, or product-and application owners? In this blog post, I will show you the built-in capabilities of self-service in Azure Active Directory, which… 

Enrich Microsoft 365 profile card with extensions and custom attributes

Microsoft 365 is equipped with a very nice, but underestimated feature: Profile cards. I’m sure you know Microsoft Delve, and how it can enrich your Office 365 profile with relevant information such as hobbies, working hours, skills, and your birthday. Next to that, you can find information about recent projects, and the people that you worked with. All this information and insights are getting more and more integrated with the profile card feature. You can find the profile card in… 

Azure Active Directory Identity Governance – Azure AD Entitlement Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Azure Active Directory Identity Governance – Privileged Identity Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Azure Active Directory Identity Governance – Access Reviews

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) (This blog post) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your… 

Protect files on download using Cloud App Security and Azure Information Protection

If you have read my blog about Bring Your Own Devices, on how important it is to protect your Office 365 files, you might find value in this one too. Today, we take a look at Cloud App Security again. We are going to use the integration with Azure Information Protection. Our goal today: Protect our files in Office 365 when they are downloaded to unmanaged devices. This will prevent unauthorized access to the files when the file is shared… 

License on-demand with Power Automate and Azure AD

Most organizations are using group-based licensing in Azure Active Directory. This is often integrated with the onboarding process of the users. But there are some use cases where you have some non-standard licenses attached to your tenant that you hand out on demand. You could still use group-based licensing, but users are added manually to the group. Thinking about that scenario, I came up with a pretty easy method to automate this flow. In short: a user can request a… 

Food for thought – Bring Your Own Disaster.

Today a slightly different blog post. It’s a common discussion that I face almost daily. Clients that embrace the “anywhere, anytime, any device” approach, and want to take control over their data. And that’s not as easy as it sounds. The problem One of the most common challenges that organizations face when embracing the modern workplace, is the one with Bring Your Own Devices. Personal devices. Devices in all flavors and sizes. Devices from different hardware vendors, with different operating… 

Block outdated operating systems with Cloud App Security

It is not unlikely that some of your users still use Windows 7 on their home computers. Or any other outdated operating system (heaven forbid). Despite the warnings, news articles, and endless coffee chit chats about this subject, they still have the – “if it ain’t broke, don’t fix it” – mindset, and will eventually use it to access work resources as well. With the use of Conditional Access you can block specific operating systems, but you cannot specify a… 

Azure MFA authentication method analysis. Share the results with Power Automate!

You might have seen the sample script, created by the Microsoft community, to run some analysis on your Azure MFA authentication methods. This script can be used to make recommendations on how to improve each user’s MFA configuration. You can run the script against your tenant, and the results can be exported to a CSV file. Wouldn’t it be cool to share those results with your users straight away? With the use of Power Automate (Flow), we can easily send…