Security

Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?

I’ve done quite some Azure MFA implementations over the past few years, and none of them were the same. But one thing that was often the same is the way Azure MFA (or SSPR) was implemented: in two steps. First, you want to get your users enrolled ASAP. Once everybody (or at least the vast majority) is enrolled, you can enforce Azure MFA, so that your identities are better protected against phishing. It is pretty straightforward. Registration methods There are… 

Read More »Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?

Require MFA for Azure AD domain join and Device Registration

Today we take a look at a new feature in Azure Active Directory that brings more granularity to the MFA requirement for device registration and Azure AD domain join. Up until now this was a tenant-wide setting and could be either set on or off. Because this setting was having some caveats and causing some inconvenience for end-users, this setting was mostly disabled, despite the fact that this is not the recommended option. It is recommended to enforce MFA before… 

Read More »Require MFA for Azure AD domain join and Device Registration

Azure Active Directory Temporary Access Pass

This blog post is all about the new Temporary Access Pass in Azure Active Directory. At the time of writing, this feature is not officially announced, but the policy, settings, and API are now available. Time to dive in for some first experiences. What is a Temporary Access Pass? As the documentation states, a Temporary Access Pass (TAP) is a time-limited passcode that serves as a strong credential and allows the onboarding of passwordless credentials. This is a big step… 

Read More »Azure Active Directory Temporary Access Pass

Privileged Identity Management Discovery and insights

Privileged Identity Management (PIM) in Azure Active Directory is getting more and more popular. But how do you get started? Like any successful project, it all starts with a good inventory of the current situation. You need to identify the problem before it can be resolved. The problem we are talking about is standing access to high privilege roles. If you are not familiar with PIM, please check out this blog post first. Discovery and insights, formerly known as Security… 

Read More »Privileged Identity Management Discovery and insights

Number matching with Microsoft Authenticator App in Azure MFA

Number matching and passwordless phone sign-in. I was used to it for a couple of months already because this feature was previously launched for personal Microsoft accounts like Outlook or Hotmail. It’s now available (preview) in Azure AD to use with your work or school account. When this feature is enabled, users are asked to match the number in the sign-in screen with the number in the Authenticator app. After that, the user needs to authenticate through PIN or biometric… 

Read More »Number matching with Microsoft Authenticator App in Azure MFA

Azure Active Directory Identity Governance – Azure AD Entitlement Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Read More »Azure Active Directory Identity Governance – Azure AD Entitlement Management

Azure Active Directory Identity Governance – Privileged Identity Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Read More »Azure Active Directory Identity Governance – Privileged Identity Management

Azure Active Directory Identity Governance – Access Reviews

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) (This blog post) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your… 

Read More »Azure Active Directory Identity Governance – Access Reviews

Protect files on download using Cloud App Security and Azure Information Protection

If you have read my blog about Bring Your Own Devices, on how important it is to protect your Office 365 files, you might find value in this one too. Today, we take a look at Cloud App Security again. We are going to use the integration with Azure Information Protection. Our goal today: Protect our files in Office 365 when they are downloaded to unmanaged devices. This will prevent unauthorized access to the files when the file is shared… 

Read More »Protect files on download using Cloud App Security and Azure Information Protection

Food for thought – Bring Your Own Disaster.

Today a slightly different blog post. It’s a common discussion that I face almost daily. Clients that embrace the “anywhere, anytime, any device” approach, and want to take control over their data. And that’s not as easy as it sounds. The problem One of the most common challenges that organizations face when embracing the modern workplace, is the one with Bring Your Own Devices. Personal devices. Devices in all flavors and sizes. Devices from different hardware vendors, with different operating… 

Read More »Food for thought – Bring Your Own Disaster.