Using Azure KeyVault to Secure Graph API Automation Scripts

I previously published a post on how we can use Certificates to securely connect to the Microsoft Graph API. This is a great way to secure automation with Graph. Taking this idea and going a step further, by using Azure KeyVault to store our certificate, it can be used with Azure Functions or Azure Automation …

Continue reading Using Azure KeyVault to Secure Graph API Automation Scripts

Performing a Staged Rollout of Cloud Authentication in Office 365 from Federated

With features such as Pass Through Authentication (PTA) available in AD Connect, there are really very few use cases for ADFS federation any more. I encourage anyone still using ADFS for Office 365 / Azure AD to review if they still need to maintain (a minimum) of four ADFS servers and a number of firewall …

Continue reading Performing a Staged Rollout of Cloud Authentication in Office 365 from Federated

Dealing with Teams Guest Users During Tenant to Tenant Migrations

During Microsoft 365 tenant to tenant migrations, the question of Guest Accounts often comes up. How they are dealt with is critical as they are not internal users who can rely on our helpdesk for support. Because of this, a lot of organizations will choose to ignore Guest accounts and inform end users to re-invite …

Continue reading Dealing with Teams Guest Users During Tenant to Tenant Migrations

Enable the Conditional Access Insights and Reporting Workbook

Conditional Access is a vital component of any Azure AD / Microsoft 365 tenancy. It is an extremely flexible and effective tool to help shape and enforce authentication criteria such as MFA and device compliance. While creating Conditional Access Policies can be very straightforward, as they grow, they can become quite complex and it can …

Continue reading Enable the Conditional Access Insights and Reporting Workbook

Updated: Conditional Access Documentation Script Now Supports Translation to Friendly Names

A while ago I uploaded a quick script to document Conditional Access Policies out to JSON files. This has been really useful for me to export out policies but one issue I had with it was that the users and applications were represented as Object IDs and this wasn't very user friendly when passing on …

Continue reading Updated: Conditional Access Documentation Script Now Supports Translation to Friendly Names

Azure AD Conditional Access Continuous Access Evaluation Becoming Default

Conditional Access is one of the most powerful tools you can use to protect your Office 365 / Azure AD tenant. From enforcing device compliance to requiring MFA from untrusted locations, the flexibility it offers provides administrators with an extremely flexible and effective identity and access management solution. While Conditional Access has been around a …

Continue reading Azure AD Conditional Access Continuous Access Evaluation Becoming Default

Google Federation for Azure AD B2B Guest Users with Gmail

With Azure AD B2B, When we want to collaborate with another Microsoft 365 tenant, or even a personal Microsoft account, everything just works out of the box. In this scenario the federation is already in place and the guest user account is provisioned and redeemed without issue. That's great for a lot of businesses we …

Continue reading Google Federation for Azure AD B2B Guest Users with Gmail

Study Guide Series: Exam MS-500 – Implement and Manage Device and Application Protection (Part 1)

This post is part of the overall MS-500 Exam Study Guide. Links to each topic as they are posted can be found here. This post will cover the following exam topics listed under the “Implement and Manage Device and Application Protection” section: Plan for device and application protectionConfigure and manage Microsoft Defender Application GuardConfigure and manage …

Continue reading Study Guide Series: Exam MS-500 – Implement and Manage Device and Application Protection (Part 1)

Study Guide Series: Exam MS-500 – Implement an Enterprise Hybrid Threat Protection Solution

This post is part of the overall MS-500 Exam Study Guide. Links to each topic as they are posted can be found here. Note: Azure Advanced Threat Protection has recently been renamed Microsoft Defender for Identity. This post will refer to it using the new name but the exam may contain references to the older name. …

Continue reading Study Guide Series: Exam MS-500 – Implement an Enterprise Hybrid Threat Protection Solution