Skip to content

Azure AD

How to build a PowerApp – Temporary Access Pass Manager – Part 2

Part 2: App registration and Graph API permissions This part of the series is around laying the base for your custom connector that we are going to build later on. Before we can do that, we need to create an app registration in Azure Active Directory. This app registration will hold the permissions and the secret. Before creating an app registration, let’s focus on the permissions. How do we know what permission we need? The quickest way to find that… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 2

How to build a PowerApp – Temporary Access Pass Manager – Part 3

Part 3: Graph API and Graph Explorer If you are new to Graph API, Graph Explorer is a great tool to learn the first steps into the Microsoft Graph. Next to that, it will also help you to shape your custom connector in the next part. Before diving into that, we’ll need to understand how Graph API works, and how Graph Explorer can help you with that. First, let’s bookmark the Graph Explorer for future use. Graph Explorer comes with… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 3

How to build a PowerApp – Temporary Access Pass Manager – Part 4

Part 4: Build a custom connector based on the Graph API Now that we know the basics, as discussed in previous parts, it’s time to build the custom connector. This custom connector is going to use the Graph API. Before we start building, make sure you have these things at hand: The appliation ID and secret of the app registration (part 2) The Graph Explorer, and the sample queries (part 3) A test user in Azure Active Directory A license… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 4

How to build a PowerApp – Temporary Access Pass Manager – Part 5

Part 5: Create an app in PowerApps using a custom connector This is the part where everything comes together. In this final part of the series, we are going to build a PowerApp based on the custom connector that we created. There is some stuff that you have to figure out on your own, like how to edit text on a button, or how to change color, icon type, and borders for example. Most of the stuff is just drag-and-drop.… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 5

(Bonus) How to build a PowerApp – Temporary Access Pass Manager – Part 6

(Bonus) Part 6: Integrate with Power Automate This is the last part of this series where we are going to add one more feature to our PowerApp. The app is already capable of creating, listing, and deleting a Temporary Access Pass for a user. In this episode, we create a button that will send the Temporary Access Pass to the mobile phone number of the user. In the previous parts, we used a custom connector straight from the PowerApp, but… 

Read More »(Bonus) How to build a PowerApp – Temporary Access Pass Manager – Part 6

Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?

I’ve done quite some Azure MFA implementations over the past few years, and none of them were the same. But one thing that was often the same is the way Azure MFA (or SSPR) was implemented: in two steps. First, you want to get your users enrolled ASAP. Once everybody (or at least the vast majority) is enrolled, you can enforce Azure MFA, so that your identities are better protected against phishing. It is pretty straightforward. Registration methods There are… 

Read More »Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?

Change billing model for Azure AD guest users

Back in 2020, Microsoft announced a change in the pricing model for External Identities. The change is mentioned in this blog post, but it did not get that much attention if you ask me. So, to make you all aware, let’s see whats this change is all about, and how your organization can benefit from this. What’s the case here? The “old” pricing model is based on a 1:5 ratio, meaning that you could serve 5 guest users for every… 

Read More »Change billing model for Azure AD guest users

Require MFA for Azure AD domain join and Device Registration

Today we take a look at a new feature in Azure Active Directory that brings more granularity to the MFA requirement for device registration and Azure AD domain join. Up until now this was a tenant-wide setting and could be either set on or off. Because this setting was having some caveats and causing some inconvenience for end-users, this setting was mostly disabled, despite the fact that this is not the recommended option. It is recommended to enforce MFA before… 

Read More »Require MFA for Azure AD domain join and Device Registration

Azure Active Directory Connect – Cloud Sync

When organizations want to extend Active Directory to Azure Active Directory, AD Connect sync is the way to go. AD Connect sync is your go-to feature for all your hybrid workloads, such as identity, domain join, and Exchange. But as we all know, AD Connect sync is running on a SQL (express) database and is not high-available. For bigger companies with complex requirements, AD Connect sync is the best solution. But there are also companies that don’t need AD Connect… 

Read More »Azure Active Directory Connect – Cloud Sync

Review guest access across Microsoft 365 groups (teams)

In a previous blog post I wrote about Azure AD Access Reviews, and how they can help you in various use-cases. One of them is taking control over your guest accounts in Azure AD. You can select Microsoft 365 groups (or teams if you will) to review the current guest users. Microsoft released a new feature within Access Reviews to select all Microsoft 365 groups with guest users. Using this method, you don’t have to create an access review for… 

Read More »Review guest access across Microsoft 365 groups (teams)