Azure AD

Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?

I’ve done quite some Azure MFA implementations over the past few years, and none of them were the same. But one thing that was often the same is the way Azure MFA (or SSPR) was implemented: in two steps. First, you want to get your users enrolled ASAP. Once everybody (or at least the vast majority) is enrolled, you can enforce Azure MFA, so that your identities are better protected against phishing. It is pretty straightforward. Registration methods There are… 

Read More »Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?

Change billing model for Azure AD guest users

Back in 2020, Microsoft announced a change in the pricing model for External Identities. The change is mentioned in this blog post, but it did not get that much attention if you ask me. So, to make you all aware, let’s see whats this change is all about, and how your organization can benefit from this. What’s the case here? The “old” pricing model is based on a 1:5 ratio, meaning that you could serve 5 guest users for every… 

Read More »Change billing model for Azure AD guest users

Require MFA for Azure AD domain join and Device Registration

Today we take a look at a new feature in Azure Active Directory that brings more granularity to the MFA requirement for device registration and Azure AD domain join. Up until now this was a tenant-wide setting and could be either set on or off. Because this setting was having some caveats and causing some inconvenience for end-users, this setting was mostly disabled, despite the fact that this is not the recommended option. It is recommended to enforce MFA before… 

Read More »Require MFA for Azure AD domain join and Device Registration

Azure Active Directory Connect – Cloud Sync

When organizations want to extend Active Directory to Azure Active Directory, AD Connect sync is the way to go. AD Connect sync is your go-to feature for all your hybrid workloads, such as identity, domain join, and Exchange. But as we all know, AD Connect sync is running on a SQL (express) database and is not high-available. For bigger companies with complex requirements, AD Connect sync is the best solution. But there are also companies that don’t need AD Connect… 

Read More »Azure Active Directory Connect – Cloud Sync

Review guest access across Microsoft 365 groups (teams)

In a previous blog post I wrote about Azure AD Access Reviews, and how they can help you in various use-cases. One of them is taking control over your guest accounts in Azure AD. You can select Microsoft 365 groups (or teams if you will) to review the current guest users. Microsoft released a new feature within Access Reviews to select all Microsoft 365 groups with guest users. Using this method, you don’t have to create an access review for… 

Read More »Review guest access across Microsoft 365 groups (teams)

Azure Active Directory Temporary Access Pass

This blog post is all about the new Temporary Access Pass in Azure Active Directory. At the time of writing, this feature is not officially announced, but the policy, settings, and API are now available. Time to dive in for some first experiences. What is a Temporary Access Pass? As the documentation states, a Temporary Access Pass (TAP) is a time-limited passcode that serves as a strong credential and allows the onboarding of passwordless credentials. This is a big step… 

Read More »Azure Active Directory Temporary Access Pass

Privileged Identity Management Discovery and insights

Privileged Identity Management (PIM) in Azure Active Directory is getting more and more popular. But how do you get started? Like any successful project, it all starts with a good inventory of the current situation. You need to identify the problem before it can be resolved. The problem we are talking about is standing access to high privilege roles. If you are not familiar with PIM, please check out this blog post first. Discovery and insights, formerly known as Security… 

Read More »Privileged Identity Management Discovery and insights

Number matching with Microsoft Authenticator App in Azure MFA

Number matching and passwordless phone sign-in. I was used to it for a couple of months already because this feature was previously launched for personal Microsoft accounts like Outlook or Hotmail. It’s now available (preview) in Azure AD to use with your work or school account. When this feature is enabled, users are asked to match the number in the sign-in screen with the number in the Authenticator app. After that, the user needs to authenticate through PIN or biometric… 

Read More »Number matching with Microsoft Authenticator App in Azure MFA

Self Service in Microsoft 365

One of the great things about Azure Active Directory is the capability of self-service. Maintaining security groups can be a laborious and cumbersome task to do. The same applies to resetting passwords, handing out licenses, permissions, applications, and privileged roles. What if I told you that you can delegate most of these tasks to your end-users, their managers, or product-and application owners? In this blog post, I will show you the built-in capabilities of self-service in Azure Active Directory, which… 

Read More »Self Service in Microsoft 365

Enrich Microsoft 365 profile card with extensions and custom attributes

Microsoft 365 is equipped with a very nice, but underestimated feature: Profile cards. I’m sure you know Microsoft Delve, and how it can enrich your Office 365 profile with relevant information such as hobbies, working hours, skills, and your birthday. Next to that, you can find information about recent projects, and the people that you worked with. All this information and insights are getting more and more integrated with the profile card feature. You can find the profile card in… 

Read More »Enrich Microsoft 365 profile card with extensions and custom attributes