Security

Use Registration campaign to promote Microsoft Authenticator App

With all the new improvements to the Microsoft Authenticator App, this seems a good time to highlight a new capability in Azure AD: Registration Campain, also known as the nudge feature. Also, organizations should move away from phone transports for authentication. If your users use text (SMS) for second-factor authentication, they have very little context, and therefore might be confusing. On top of that, attackers use SIM jacking techniques to bypass those phone methods. By far the most secure way… 

Read More »Use Registration campaign to promote Microsoft Authenticator App

Enable Location Information and Code Match for Azure MFA

Update 26-11-2021 As this feature is now in public preview, you can also manage those settings via the Azure portal now. You can find the new settings under Azure Active Directory -> Security -> Authentication methods -> Authenticator App. By default, both settings are managed by Microsoft. You can either enable or disable the feature. Learn more from the Microsoft docs: Use number matching in multifactor authentication (MFA) notifications (Preview) – Azure Active Directory | Microsoft DocsUse additional context in… 

Read More »Enable Location Information and Code Match for Azure MFA

Create Role Assignable Groups based on existing groups

Today’s post is about Role Assignable Groups. Are you new to this? Please check out this post first. If you are already familiar with Role Assignable Groups, you might know, these types of groups have an immutable property ” isAssignableToRole” that cannot be changed. Therefore, you cannot convert existing groups into Role Assignable Groups and vice versa. Role Assignable Groups do not support group nesting, and the group cannot be dynamic as well. So you have two options: Start from… 

Read More »Create Role Assignable Groups based on existing groups

Customize the MFA registration policy in Azure AD Identity Protection

Disclaimer: this is a proof of concept, not something that is supported or recommended by me or Microsoft. Needless to say, don’t do this in your, or your customers’ (production) environment. This article points to internal API’s, and those are most likely be changed over time. With that out of the way: on with the show! What are we looking at? As discussed before, there are a lot (and counting) ways to enroll for multi-factor authentication in Azure AD. Two… 

Read More »Customize the MFA registration policy in Azure AD Identity Protection

Role Assignable Groups and Privileged Identity Management.

I have used this feature from the very beginning, but now that it reached GA (General Availability) in August 2021, it seemed like a good moment to talk about Role Assignable groups, and how they can help on our Zero Trust adventure. Before this feature existed, Azure AD roles could only be assigned to individual user accounts. Since only Global- and Privileged Role Administrators can assign roles, this is a very cumbersome process. Especially when you are working with larger… 

Read More »Role Assignable Groups and Privileged Identity Management.

This might be the FIDO2 key for you! Authentrend ATKey.Pro

  • Security
  • 5 min read

In the past few years, I tried different types of FIDO2 keys, from different vendors. And picking your FIDO2 key might seem simple, but I think it’s like picking a new phone: some many options! They come in all sizes and colors, with or without biometrics, and even as wearables like rings or bracelets. What is FIDO2? Let’s go one step back first. Why do we need them? FIDO2 security keys are one of the options to liberate us from… 

Read More »This might be the FIDO2 key for you! Authentrend ATKey.Pro

How to build a PowerApp – Temporary Access Pass Manager – Part 1

Part 1 – Introduction and overview When I learned about Graph API, and how to use it together with Power Apps and Power Automate, a whole new world of possibilities opened up. Being able to pull data out of Graph API and use this data within PowerApps is the key to creative solutions built around and on top of Microsoft 365. The gap between a developer and a technical or functional M365 consultant becomes closer, as a lot of automation… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 1

How to build a PowerApp – Temporary Access Pass Manager – Part 2

Part 2: App registration and Graph API permissions This part of the series is around laying the base for your custom connector that we are going to build later on. Before we can do that, we need to create an app registration in Azure Active Directory. This app registration will hold the permissions and the secret. Before creating an app registration, let’s focus on the permissions. How do we know what permission we need? The quickest way to find that… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 2

How to build a PowerApp – Temporary Access Pass Manager – Part 3

Part 3: Graph API and Graph Explorer If you are new to Graph API, Graph Explorer is a great tool to learn the first steps into the Microsoft Graph. Next to that, it will also help you to shape your custom connector in the next part. Before diving into that, we’ll need to understand how Graph API works, and how Graph Explorer can help you with that. First, let’s bookmark the Graph Explorer for future use. Graph Explorer comes with… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 3

How to build a PowerApp – Temporary Access Pass Manager – Part 4

Part 4: Build a custom connector based on the Graph API Now that we know the basics, as discussed in previous parts, it’s time to build the custom connector. This custom connector is going to use the Graph API. Before we start building, make sure you have these things at hand: The appliation ID and secret of the app registration (part 2) The Graph Explorer, and the sample queries (part 3) A test user in Azure Active Directory A license… 

Read More »How to build a PowerApp – Temporary Access Pass Manager – Part 4