B2B Collaboration in the Microsoft Cloud is an extremely powerful feature allowing access to data and applications for almost any identity. There are multiple scenarios where a Guest invitation can be sent to external users and depending on their specific setup, the invitation is handled in a variety of ways. The below flow from Microsoft …
As an MSP, CSP, general IT Service Provider or even a regular IT department, we generate a huge number of login credentials for different systems to keep everything running. While it is best practice to maintain a single source of identity using LDAP integrations, ADFS and delegation, sometimes the systems we work with don't support …
I recently posted about how we can use Delegated Access Permissions via a partner relationship to connect to an Exchange Online organization through PowerShell. This is a fantastic piece of functionality for MSPs and CSPs to manage multiple tenancies securely without having managing a set of admin identities for all of their customers. To expand …
Azure AD Group Role Assignment is a great new preview feature that provides a lot of flexibility and governance to assigning admin roles in Azure AD / Office 365. When combined with Privileged Identity Managements new Privileged Access Groups (Preview) feature, we can begin to set up a really slick permission eligibility structure that is …
Continue reading Azure AD Group Role Assignment – Exchange Online Access Denied
The built in controls in Azure AD for Guest User invitations are great for most cases. You can lock down guest invitations to specific users or groups and even specific recipient domains. When we look at more highly secure tenancies however, we often see requirements for approval flows or custom workflows to be associated with …
Continue reading Send Azure AD Guest User Invitations via Graph API
Conditional Access is one of the first steps any organization should take when protecting user identities in Azure AD. The flexibility available through Conditional Access policies is fantastic for meeting sign-in requirements and depending on licensing, can even do some proactive mitigation of breaches using risk and sign-in policies. Office 365 relies heavily on Azure …
Continue reading Conditional Access for Office 365 Apps Goes GA
I often end up in one of two conversations around Microsoft Teams governance with customers, the "Users can manage them themselves so we don't need to worry" group, and the "Nobody gets a Team unless we follow this 20 step approval process and our service desk needs to set them up and lock them down" …
Continue reading Protecting Office 365 Groups and Microsoft Teams with Sensitivity Labels (Preview)
Microsoft have recently announced the availability of Azure Log analytics for Azure AD sign-in and audit logging. This is a really cool feature, especially for large organizations where there will be a lot of traffic to audit. In this post I will go through the basic setup. Prerequisites: Azure AD Global Admin Azure Subscription Log …
Continue reading Send Azure AD Audit and Sign-In Logs to Azure Log analytics
Sean McAvinue 