Azure AD

Azure Active Directory Temporary Access Pass

This blog post is all about the new Temporary Access Pass in Azure Active Directory. At the time of writing, this feature is not officially announced, but the policy, settings, and API are now available. Time to dive in for some first experiences. What is a Temporary Access Pass? As the documentation states, a Temporary Access Pass (TAP) is a time-limited passcode that serves as a strong credential and allows the onboarding of passwordless credentials. This is a big step… 

Read More »Azure Active Directory Temporary Access Pass

Privileged Identity Management Discovery and insights

Privileged Identity Management (PIM) in Azure Active Directory is getting more and more popular. But how do you get started? Like any successful project, it all starts with a good inventory of the current situation. You need to identify the problem before it can be resolved. The problem we are talking about is standing access to high privilege roles. If you are not familiar with PIM, please check out this blog post first. Discovery and insights, formerly known as Security… 

Read More »Privileged Identity Management Discovery and insights

Number matching with Microsoft Authenticator App in Azure MFA

Number matching and passwordless phone sign-in. I was used to it for a couple of months already because this feature was previously launched for personal Microsoft accounts like Outlook or Hotmail. It’s now available (preview) in Azure AD to use with your work or school account. When this feature is enabled, users are asked to match the number in the sign-in screen with the number in the Authenticator app. After that, the user needs to authenticate through PIN or biometric… 

Read More »Number matching with Microsoft Authenticator App in Azure MFA

Self Service in Microsoft 365

One of the great things about Azure Active Directory is the capability of self-service. Maintaining security groups can be a laborious and cumbersome task to do. The same applies to resetting passwords, handing out licenses, permissions, applications, and privileged roles. What if I told you that you can delegate most of these tasks to your end-users, their managers, or product-and application owners? In this blog post, I will show you the built-in capabilities of self-service in Azure Active Directory, which… 

Read More »Self Service in Microsoft 365

Enrich Microsoft 365 profile card with extensions and custom attributes

Microsoft 365 is equipped with a very nice, but underestimated feature: Profile cards. I’m sure you know Microsoft Delve, and how it can enrich your Office 365 profile with relevant information such as hobbies, working hours, skills, and your birthday. Next to that, you can find information about recent projects, and the people that you worked with. All this information and insights are getting more and more integrated with the profile card feature. You can find the profile card in… 

Read More »Enrich Microsoft 365 profile card with extensions and custom attributes

Azure Active Directory Identity Governance – Azure AD Entitlement Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Read More »Azure Active Directory Identity Governance – Azure AD Entitlement Management

Azure Active Directory Identity Governance – Privileged Identity Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Read More »Azure Active Directory Identity Governance – Privileged Identity Management

Azure Active Directory Identity Governance – Access Reviews

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) (This blog post) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your… 

Read More »Azure Active Directory Identity Governance – Access Reviews

License on-demand with Power Automate and Azure AD

Most organizations are using group-based licensing in Azure Active Directory. This is often integrated with the onboarding process of the users. But there are some use cases where you have some non-standard licenses attached to your tenant that you hand out on demand. You could still use group-based licensing, but users are added manually to the group. Thinking about that scenario, I came up with a pretty easy method to automate this flow. In short: a user can request a… 

Read More »License on-demand with Power Automate and Azure AD

Block outdated operating systems with Cloud App Security

It is not unlikely that some of your users still use Windows 7 on their home computers. Or any other outdated operating system (heaven forbid). Despite the warnings, news articles, and endless coffee chit chats about this subject, they still have the – “if it ain’t broke, don’t fix it” – mindset, and will eventually use it to access work resources as well. With the use of Conditional Access you can block specific operating systems, but you cannot specify a… 

Read More »Block outdated operating systems with Cloud App Security