Recently, I’ve assisted a customer with uplifting their security around Enterprise Applications. This is an area we see many of our customers struggle with as by default, Microsoft lets users register apps all by themselves. This leads to a sprawl of registered apps that may or may not still be
In March 2026, Entra ID will stop supporting service principal-less authentication behavior. This may affect certain applications currently running in your tenant. Service principal-less apps may already be frozen since April 2025 if they weren’t actively used, but those apps that were, have remained uninterrupted until March next year. Microsoft
In this final blogpost on onboarding, I want to cover a way to automate some common post-deployment configuration tasks. When a machine is Arc onboarded, by default, it won’t really have much installed and it’s not particularly useful until you start deploying extensions. Azure Arc VM Onboarding blog mini-series overview:
While I was writing part 1, I kept digging into more details on the GPO deployment method and figured that it deserves a post by itself. Here I’ll cover some pitfalls I’ve run into and things to make life easier such as logging the deployments and having a workbook to
In my previous blogposts I’ve shown some of Azure Arc’s features, and interesting capabilities. All super cool ways to securely interact with your machines, regardless of where they are hosted. However, so far, I’ve glanced over a problem: How do you get started with onboarding machines? In Part 1 of
From my last blogpost, I showcased how to setup Microsoft Connected Cache (MCC) for Enterprise on both Windows and Linux. There I suggested folks go with the Linux solution and that’s the assumption I’ve made for this blogpost. So why bother with the complexity of configuring HTTPS? There’re three strong
Something that flew under my radar this summer was the release of Microsoft Connected Cache for Enterprise and Education. Originally, Configuration Manager (SCCM) had a Connected Cache functionality through its Distribution Points. This is something I’ve successfully deployed before and actually works great by caching content on-premises so clients can
In previous blogposts, I’ve described how we can use the OpenSSH extension through Azure Arc to gain better remote SSH and RDP sessions to machines without requiring direct network access. However, they’ve always required we login to the machine with local credentials (or domain, but that’s old school, we want
With the recent generally available Entra ID functionality into Bicep while I was on vacation, I couldn’t wait to get back and try it out. Specifically, I wanted to see if using this functionality would allow for some level of Infrastructure as code (IaC) to good ol’ Active Directory when
In this deep dive into yet another Azure Arc extension, let’s see how we can get Entra ID logins to work with Linux SSH over Azure Arc! Azure Arc blog overview: 1. Modern Server Management with Azure Arc – Remote Management Pt.1 (SSH/RDP)2. Modern Server Management with Azure Arc –
In part 1 of this series, I covered how to configure basic SSH on an Azure Arc-enabled server that allowed us to connect to any machine from anywhere in the world without needing a VPN or exposing that machine to the internet. Azure Arc blog overview: 1. Modern Server Management
In this first Azure Arc Remote Management focused blogpost, let’s cover the OpenSSH extension and how it can be used to get a remote PowerShell connection over SSH and even a Remote Desktop Session, all without any direct network connectivity. The best part: It costs absolutely nothing! Join me in
Have you ever experienced unexplainable changes to your Windows Servers system time before? We sure have! And Microsoft has recently changed their recommendation on Secure Time Seeding which seems to be the root cause for these strange behaviors as described here. Microsoft has identified potential timekeeping issues in Windows Server
After reading about cross-tenant quirks in sensitivity labels, I got curious: how are these labels stored in a .DOCX file—and can they be removed without encryption? Short answer: yes, and it’s surprisingly easy.
With the release of DCSv3, I was excited to give it a try at-scale but since it hasn’t been integrated into Azure Machine Configuration (yet…) I figured I’d try a different approach to deploying and testing it. A lesser-known feature of Azure and Arc machines are Run Commands. Typically used
Recently we ran into a fun experience when adjusting the Cross-Cloud meetings within the Teams Admin Center which caused Entra ID Cross-Tenant Access Settings to be changed. This behavior didn’t seem to be documented anywhere and did cause some head-scratching before we figured out why B2B invitations weren’t automatically being
Managing server configurations in hybrid or on-premises environments can be challenging, with outdated tools and manual processes leading to errors and inefficiencies. This post explores how to simplify configuration management with Desired State Configuration (DSC) and Azure Automanage Machine Configuration. Ever noticed this Machine Configuration option under VMs and wondered
Microsoft in recent months has made leaps and bounds to support Multitenant organizations utilizing Cross-tenant Synchronization to attempt to build a seamless end-user experience. Have they succeeded? Almost! Let’s take a look in this last blogpost of the year. Why even have multiple tenants? In a perfect world, every organization
Today, Tuesday, October 10th, 2023 marks the end of service for Server 2012 (R2). Are you prepared and ready to go with Extended Security Updates? If not, read this post to get up to speed with the details of ESU’s. This blog post serves as a follow up to my
What’s Happening? Windows Server 2012 (R2) is approaching its end of support (EOS) date. Microsoft has officially set the clock, marking October 10, 2023, as the day when support for this trusted operating system will come to an end. This means no more security updates, patches, bug fixes, technical support,
In configuring a lab environment I found myself setting up Azure Cloud Sync on an on-premise DC for testing purposes and found myself stuck on a seemingly simple error that I could not seem to get past: “Please provide the Azure AD credentials of a global administrator or a Hybrid
Microsoft Sentinel is a powerful security information and event management (SIEM) system that provides real-time threat detection and response (you can read more about Sentinel in part 1 of this series). It allows security teams to collect, analyze, and act on security data from multiple sources, including Azure, Office 365,
Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that enables organizations to collect, analyze, and respond to security events across their enterprise (for an introduction please see the first post in this series). Data ingestion is a critical component of the Sentinel platform, as it allows
Microsoft Sentinel is a cloud-native security information and event management (SIEM) system that provides real-time threat detection and response as well as Security orchestration, automation and response (SOAR). It is a powerful tool that allows security teams to collect, analyze, and act on security data from multiple sources. In this
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & security specialist with focus on Microsoft 365.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
