Azure MFA authentication method analysis. Share the results with Power Automate!

You might have seen the sample script, created by the Microsoft community, to run some analysis on your Azure MFA authentication methods. This script can be used to make recommendations on how to improve each user’s MFA configuration. You can run the script against your tenant, and the results can be exported to a CSV file. Wouldn’t it be cool to share those results with your users straight away? With the use of Power Automate (Flow), we can easily send… 

Read More »Azure MFA authentication method analysis. Share the results with Power Automate!

Microsoft Secure Score Series – 15 – Do not expire passwords

Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in 60 days as it is today. It is Microsoft’s official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy… 

Read More »Microsoft Secure Score Series – 15 – Do not expire passwords

Control access from unmanaged devices with Cloud App Security

When COVID-19 hit the world, most people had to work from home. I can imagine that a lot of organizations were not ready for this. So they might have ended up letting their employees working from their personal devices. In some way, this is what we always preached: anywhere, anytime, and on any device. But when you enable Bring Your Own Devices for Microsoft 365 services, there is a lot to think of. Amongst others, the main challenge is to… 

Read More »Control access from unmanaged devices with Cloud App Security

Use Microsoft Graph Security for end-user notifications

In this short blog post, I want to show how you can use the Microsoft Graph Security to send alerts and notifications to your end-users. I also want to show you that it is super easy to set up. All you need is: Power Automate or Logic Apps Microsoft Graph Security Connector (premium) Microsoft Teams or Email connector to send the messages One of the (Microsoft) security products to work with like Cloud App Security or Identity Protection Microsoft Graph… 

Read More »Use Microsoft Graph Security for end-user notifications

Bulk dismiss risky users with Power Automate or Logic Apps

Update 08-10-2020: Microsoft released an official connector for Azure AD Identity Protection. This would be much easier to use, since you don’t have to create a service principal to authenticate the custom connector. However, at the time of writing the official connector does not have the action to get all the risky users. Will keep an eye on things. This blog was inspired by an Azure AD Mailbag blog about Azure AD Identity Protection. In the article, Microsoft provided a… 

Read More »Bulk dismiss risky users with Power Automate or Logic Apps

Prepopulate phone methods using a Custom Connector in Power Automate

Part 2 – Automation In the previous blog post of this series, I’ve shown you the use of the Graph API and how you could manually populate the phone methods for your users. Today, we are going to take it a step further. We’re going to add some automation with Power Automate by using a custom connector. What are we building? Today we are going to add a phone method for all your users using Power Automate and a custom… 

Read More »Prepopulate phone methods using a Custom Connector in Power Automate

Prepopulate phone methods for MFA and SSPR using Graph API

Part 1 – Graph API What is the number one task if we want to protect our identity? Right. Turn on MFA.What is the number one task our helpdesk is busy with all day (and night)? Right. Password Resets.What is the number one struggle when we want to implement security? Right. User experience.So, what are you gonna get by reading this blog post? Some light at the end of the tunnel. Buckle up! What’s the case here? I start at… 

Read More »Prepopulate phone methods for MFA and SSPR using Graph API

Use Power Automate as your Conditional Access Police Department

Last week, I was working on a new blog for the Secure Score Series regarding global admin and break glass accounts. I came to the point where I was thinking of possible scenarios that could go wrong with these accounts. What if someone accidentally added these users to a certain group? What if that group would be triggered in some policy or maintenance tasks? A lot of these actions can be discovered using Microsoft Cloud App Security and Azure Monitor.… 

Read More »Use Power Automate as your Conditional Access Police Department

Microsoft Secure Score Series – 14 – Designate more than one global admin

Designate more than one global admin Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It’s important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach. Having too many global admins is no good. But having only one global admin is even worse. Let’s talk about global… 

Read More »Microsoft Secure Score Series – 14 – Designate more than one global admin