Azure Active Directory Identity Governance – Azure AD Entitlement Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Azure Active Directory Identity Governance – Privileged Identity Management

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your resources with just-in-time… 

Azure Active Directory Identity Governance – Access Reviews

In this series, we take a look at Azure Active Directory Identity Governance. This premium feature provides you with all the tools that you need to take and keep control over your (external) identities and access to roles, resources, applications, and groups. In short, Identity Governance gives you three ways to do this: Azure AD Access Reviews (review membership of groups and access to applications) (This blog post) Azure AD Privileged Identity Management (manage time-based and approval-based role activation to protect your… 

Protect files on download using Cloud App Security and Azure Information Protection

If you have read my blog about Bring Your Own Devices, on how important it is to protect your Office 365 files, you might find value in this one too. Today, we take a look at Cloud App Security again. We are going to use the integration with Azure Information Protection. Our goal today: Protect our files in Office 365 when they are downloaded to unmanaged devices. This will prevent unauthorized access to the files when the file is shared… 

License on-demand with Power Automate and Azure AD

Most organizations are using group-based licensing in Azure Active Directory. This is often integrated with the onboarding process of the users. But there are some use cases where you have some non-standard licenses attached to your tenant that you hand out on demand. You could still use group-based licensing, but users are added manually to the group. Thinking about that scenario, I came up with a pretty easy method to automate this flow. In short: a user can request a… 

Food for thought – Bring Your Own Disaster.

Today a slightly different blog post. It’s a common discussion that I face almost daily. Clients that embrace the “anywhere, anytime, any device” approach, and want to take control over their data. And that’s not as easy as it sounds. The problem One of the most common challenges that organizations face when embracing the modern workplace, is the one with Bring Your Own Devices. Personal devices. Devices in all flavors and sizes. Devices from different hardware vendors, with different operating… 

Block outdated operating systems with Cloud App Security

It is not unlikely that some of your users still use Windows 7 on their home computers. Or any other outdated operating system (heaven forbid). Despite the warnings, news articles, and endless coffee chit chats about this subject, they still have the – “if it ain’t broke, don’t fix it” – mindset, and will eventually use it to access work resources as well. With the use of Conditional Access you can block specific operating systems, but you cannot specify a… 

Azure MFA authentication method analysis. Share the results with Power Automate!

You might have seen the sample script, created by the Microsoft community, to run some analysis on your Azure MFA authentication methods. This script can be used to make recommendations on how to improve each user’s MFA configuration. You can run the script against your tenant, and the results can be exported to a CSV file. Wouldn’t it be cool to share those results with your users straight away? With the use of Power Automate (Flow), we can easily send… 

Microsoft Secure Score Series – 15 – Do not expire passwords

Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in 60 days as it is today. It is Microsoft’s official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy… 

Control access from unmanaged devices with Cloud App Security

When COVID-19 hit the world, most people had to work from home. I can imagine that a lot of organizations were not ready for this. So they might have ended up letting their employees working from their personal devices. In some way, this is what we always preached: anywhere, anytime, and on any device. But when you enable Bring Your Own Devices for Microsoft 365 services, there is a lot to think of. Amongst others, the main challenge is to…