Skip to content

Azure AD

Sure, keep me signed in! And don’t prompt for MFA!

Today a short blog about MFA prompts, session lifetime, and cookies. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Session lifetime in Azure AD is often mistaken. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. The Azure AD defaults are pretty loose. When you leave every setting to default, the user experience is pretty good.… 

Going passwordless with the FEITIAN Fingerprint card

A quick word upfront. I’m not a salesperson. I’m interested in FIDO2 because it delivers passwordless and strong authentication. That means that you should be free using any FIDO2 security key or card you want. Whether it’s Yubico, FEITIAN, Solo, or any other brand. USB-A, USB-C, NFC, Bluetooth, Lightning, with or without biometrics. This blog is not what to buy and where to buy. This blog is about security. That being said: on with the show! I’ve tested a bunch… 

Use Graph API data in Power BI using Logic Apps

Some things in the modern connected world seem so common that you just assume it’s possible by nature. Getting your Microsoft Graph API data into Microsoft Power BI for example. That must be easy peasy right? Well…. When I start looking for ways to do this, I assumed there was a builtin connector available in Power BI that I could use. Guess what? There is not (yet). There is a connector for the Microsoft Security Graph, but that one “only”… 

What admins should know about the combined registration portal for Azure MFA and Self Service Password Reset

The (long) title pretty much reveals the purpose of this blog post. This one was on my to-do list for a while now, and now the combined registration portal is General Available, the time was there. In my previous MFA related blogs, I always encouraged my readers to turn on the combined registration portal, even when it was in public preview. But if you start using this portal, there are quite some settings that can change the user experience of… 

Microsoft Secure Score Series – 08 – Use Cloud App Security to detect anomalous behavior

Cloud App Security anomaly detection policies provide User & Entity Behavior analytics (UEBA) and advanced threat detection across your cloud environment. Today we take a look at Cloud App Security. I recently wrote a blog about the new activity policies in Cloud App Security, so if your organization uses Teams, you should definitely take a look a that one. The improvement action we’re talking about has no user impact and might no increase your score right away. But if you… 

How to keep an eye on your Teams with Log Analytics and Azure Monitor?

In my previous blog post, I wrote about the new Teams activity policy templates in Cloud App Security. A great addition to easily keep an eye on your teams. Let’s take a short look a the policies before we continue. The policies will create alerts when: a team’s access level is changed from private to public an external user is added to a team a user deletes a large number of teams These templates are easy to use, and will… 

Microsoft Secure Score Series – 06 – Enable policy to block legacy authentication

Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols. In this blog post, we take a look at legacy authentication and how to block it on your tenant. Legacy protocols are not… 

Microsoft Secure Score Series – 05 – Enable self-service password reset

With self-service password reset in Azure AD, users no longer need to engage helpdesk to reset passwords. This feature works well with Azure AD dynamically banned passwords, which prevents easily guessable passwords from being used. In this blog post, we are going to take a look at Self Service Password Reset in Azure AD. Self Service Password Reset allows your users to quickly unblock their account without the help of IT staff or helpdesk. For readability, I use SSPR for… 

Microsoft Secure Score Series – 04 – Ensure all users can complete multi-factor authentication for secure access

Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised. In this blog post, we take a look at the different ways to make sure that your users can register for multi-factor authentication. Enabling Multi-Factor Authentication is a no-brainer giving the fact that your identity is your key to almost all your…