In a previous post, I detailed the importance of controlling Azure AD OAuth Applications and consent within your environment. I also looked at how we can add approval for OAuth app requests so that each app can be vetted by an admin before consent is granted. With controls and governance in place, it's important to …
Category: Azure AD
Protecting against Malicious Azure AD Applications (Part 1: Admin Consent)
Integrating applications with Azure AD / Office 365 is a great way to extend the capability of the Microsoft Platform with a wide range of apps. This can open possibilities for productivity apps to help users get their work done quicker and more effectively. An example of this is the iOS mail app which relies …
Continue reading Protecting against Malicious Azure AD Applications (Part 1: Admin Consent)
Using Azure KeyVault to Secure Graph API Automation Scripts
I previously published a post on how we can use Certificates to securely connect to the Microsoft Graph API. This is a great way to secure automation with Graph. Taking this idea and going a step further, by using Azure KeyVault to store our certificate, it can be used with Azure Functions or Azure Automation …
Continue reading Using Azure KeyVault to Secure Graph API Automation Scripts
Performing a Staged Rollout of Cloud Authentication in Office 365 from Federated
With features such as Pass Through Authentication (PTA) available in AD Connect, there are really very few use cases for ADFS federation any more. I encourage anyone still using ADFS for Office 365 / Azure AD to review if they still need to maintain (a minimum) of four ADFS servers and a number of firewall …
Continue reading Performing a Staged Rollout of Cloud Authentication in Office 365 from Federated
Dealing with Teams Guest Users During Tenant to Tenant Migrations
During Microsoft 365 tenant to tenant migrations, the question of Guest Accounts often comes up. How they are dealt with is critical as they are not internal users who can rely on our helpdesk for support. Because of this, a lot of organizations will choose to ignore Guest accounts and inform end users to re-invite …
Continue reading Dealing with Teams Guest Users During Tenant to Tenant Migrations
Enable the Conditional Access Insights and Reporting Workbook
Conditional Access is a vital component of any Azure AD / Microsoft 365 tenancy. It is an extremely flexible and effective tool to help shape and enforce authentication criteria such as MFA and device compliance. While creating Conditional Access Policies can be very straightforward, as they grow, they can become quite complex and it can …
Continue reading Enable the Conditional Access Insights and Reporting Workbook
Updated: Conditional Access Documentation Script Now Supports Translation to Friendly Names
A while ago I uploaded a quick script to document Conditional Access Policies out to JSON files. This has been really useful for me to export out policies but one issue I had with it was that the users and applications were represented as Object IDs and this wasn't very user friendly when passing on …
Azure AD Conditional Access Continuous Access Evaluation Becoming Default
Conditional Access is one of the most powerful tools you can use to protect your Office 365 / Azure AD tenant. From enforcing device compliance to requiring MFA from untrusted locations, the flexibility it offers provides administrators with an extremely flexible and effective identity and access management solution. While Conditional Access has been around a …
Continue reading Azure AD Conditional Access Continuous Access Evaluation Becoming Default
Users Aren’t Getting MFA Prompts Every Day
I often get asked by customers about the frequency of MFA for Office 365 / Azure AD. There is an assumption that when we enabled MFA, users should get prompted when they log in every morning. By default that isn't the case - and has never really been the case. It also really shouldn't be …
Google Federation for Azure AD B2B Guest Users with Gmail
With Azure AD B2B, When we want to collaborate with another Microsoft 365 tenant, or even a personal Microsoft account, everything just works out of the box. In this scenario the federation is already in place and the guest user account is provisioned and redeemed without issue. That's great for a lot of businesses we …
Continue reading Google Federation for Azure AD B2B Guest Users with Gmail
Sean McAvinue 