Skip to content

Azure AD

Step-up authentication with Defender for Cloud Apps and Authentication Context

In this post, I will show you how you can integrate Azure AD’s Authentication Context with Defender for Cloud Apps to require step-up authentication for specific scenarios. Step-up authentication allows you to re-evaluate Azure AD Conditional Access policies when users take sensitive actions during a session. To demonstrate this feature, we need to do the following steps: 1. Create Authentication Context (tag) First, we’ll need to define the Authentication Context̀. This will be used to ‘tag’ resources or actions. Go… 

Read More »Step-up authentication with Defender for Cloud Apps and Authentication Context

Send an email on a new Azure MFA method registration

I’ve done quite some Azure MFA projects over time (and counting), and as we mainly focus on the technical side, there are also practical sides to consider. Every project has its own approach and challenges, and more importantly: the user is impacted more or less, and that asks for some guidance. Now, this solution comes in handy if you want to act on new registrations for Azure MFA methods. That can be an action of any kind. To give you… 

Read More »Send an email on a new Azure MFA method registration

Report Suspicious Activity & Fraud Alert for Azure MFA

A new feature popped up in Azure AD. Well, not entirely new, I must say. Reading from the docs, Report Suspicious Activity is an enhancement of the Fraud Alert feature that has existed for quite some time. Until now, administrators could enable Fraud Alert for Azure MFA so that users could report when suspicious MFA prompts are received. Users who reported fraud could be automatically blocked so they could no longer sign in. As this is a good feature, it… 

Read More »Report Suspicious Activity & Fraud Alert for Azure MFA

Authenticator Lite – Approve Azure MFA prompts with the Outlook app

Microsoft released a new feature where the Outlook mobile app now has some of the Microsoft Authenticator App features onboard. Users can now enroll for Azure MFA using just their Outlook mobile app. No additional installation of the Microsoft Authenticator app is needed. This preview brings both push notifications and TOTP to the Outlook mobile app. Users are prompted for enrollment or can manually register their app to work with a Microsoft 365 account once this feature is enabled. What… 

Read More »Authenticator Lite – Approve Azure MFA prompts with the Outlook app

System-preferred multifactor authentication in Azure AD. Don’t settle for less.

A new feature has popped up in Azure AD: System-preferred multifactor authentication (MFA). This will allow administrators to enforce the most secure method for Azure MFA. For example, if a user has multiple methods registered, the most secure method will be prompted first. How do I know what method is the strongest, you may ask? Here is the current order from most to least secure methods, currently supported in Azure Active Directory: This list is dynamic and may change as… 

Read More »System-preferred multifactor authentication in Azure AD. Don’t settle for less.

Duplicate Azure Active Directory Conditional Access policies

In this post, we look at managing Conditional Access policies and, in particular, duplicating existing policies. This can be super handy when you: This can be done in various ways, but today we use two different methods: Duplicate a policy using the Conditional Access UI Now in public preview, Microsoft refreshed the interface and enhanced the user experience with an updated design and a few new improvements. One of them is the ability to duplicate existing policies. Find your “source”… 

Read More »Duplicate Azure Active Directory Conditional Access policies

Break glass accounts and Azure AD Security Defaults

Security Defaults is the best thing since sliced bread. I mean, come on! It will enforce MFA for everybody, will block that dirty legacy authentication, and even gives you features that you normally would pay big money for (Azure AD Identity Security). Good enough for a lot of (smaller) organizations out there. Today’s post is about that feature and the use of break-glass accounts. For a lot of folks, this post might be obvious, as this is their daily job… 

Read More »Break glass accounts and Azure AD Security Defaults

Goodbye legacy SSPR and MFA settings. Hello Authentication Methods Policies!

I’ve got some exciting news to share today. Microsoft has launched a public preview called “Authentication Methods Policy Convergence.” I was part of the private preview program, and I’m very happy to see this feature going public. In this post, I will give you a brief introduction to this new feature and explain why this is such a big deal. Current situation A while back, I wrote this post where I explained that the SSPR and MFA settings are very… 

Read More »Goodbye legacy SSPR and MFA settings. Hello Authentication Methods Policies!

Synchronize attributes for Lifecycle workflows – Azure AD Connect Sync

Azure AD Lifecycle Workflows can be used to automate the Joiner-Mover-Leaver process for your users. Previously, I wrote about a use case where you can use LCW to automate the issuing of a Temporary Access Pass for new joiners. Automate issuing Temporary Access Pass for joiners with LifeCycle Workflows – JanBakker.tech There are still a lot of organizations that use hybrid identities, so today, we will talk about the prerequisites for using LCW in a hybrid environment using Azure AD… 

Read More »Synchronize attributes for Lifecycle workflows – Azure AD Connect Sync

How to keep track of changes on Microsoft Docs & Learn?

When working with cloud services like Microsoft 365 or Azure Active Directory in particular, it’s very important to stay on top of new features and/or product changes. As you might know, the documentation for these services is stored on GitHub. This is where those changes will often reflect. I was inspired by the post of Albert-Jan Schot (Get notified for PnP updates from GitHub · CloudAppie), where he explained how to use the GitHub REST API to keep track of… 

Read More »How to keep track of changes on Microsoft Docs & Learn?