Skip to content

Azure AD Identity Protection

Microsoft Secure Score Series – 15 – Do not expire passwords

Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in 60 days as it is today. It is Microsoft’s official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy… 

Use Microsoft Graph Security for end-user notifications

In this short blog post, I want to show how you can use the Microsoft Graph Security to send alerts and notifications to your end-users. I also want to show you that it is super easy to set up. All you need is: Power Automate or Logic Apps Microsoft Graph Security Connector (premium) Microsoft Teams or Email connector to send the messages One of the (Microsoft) security products to work with like Cloud App Security or Identity Protection Microsoft Graph… 

Bulk dismiss risky users with Power Automate or Logic Apps

Update 08-10-2020: Microsoft released an official connector for Azure AD Identity Protection. This would be much easier to use, since you don’t have to create a service principal to authenticate the custom connector. However, at the time of writing the official connector does not have the action to get all the risky users. Will keep an eye on things. This blog was inspired by an Azure AD Mailbag blog about Azure AD Identity Protection. In the article, Microsoft provided a…