conditional access

Use Power Automate as your Conditional Access Police Department

Last week, I was working on a new blog for the Secure Score Series regarding global admin and break glass accounts. I came to the point where I was thinking of possible scenarios that could go wrong with these accounts. What if someone accidentally added these users to a certain group? What if that group would be triggered in some policy or maintenance tasks? A lot of these actions can be discovered using Microsoft Cloud App Security and Azure Monitor.… 

SharePoint Online, Authentication Tags and Conditional Access. What’s not to like?

I should start with a warning. The feature we are going to talk about is new. Brand new. Please start by reading the limitations that come with this feature, and I strongly suggest to only apply this in test or demo environments. That being said, I want to point out how psyched I am about this new functionality. Despite the limitations, this is something you should start to look in to. In the meantime, I’ll keep updating this post with… 

Microsoft Secure Score Series – 06 – Enable policy to block legacy authentication

Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols. In this blog post, we take a look at legacy authentication and how to block it on your tenant. Legacy protocols are not… 

Require trusted location for MFA and SSPR registration

This article shows how you can block MFA and SSPR registrations from untrusted locations using Azure AD Conditional Acces. When you want to enable MultiFactor Authentication and Self Service Password Reset for your users, they need to register their security settings first. Since the combined portal arrived, users can do this easily in just one place. Using this combined portal is also a requirement in order to make this possible. Although this portal is still in preview, it has great…