Introduction Enterprise State Roaming is available to any organization with an Azure AD Premium or Enterprise Mobility + Security (EMS) license. It enables users to sync user- and application settings across devices. It is an upgraded version of what you probably know as Roaming profile, but with no on-premise
Microsoft Authenticator app has been around for a long time, originally released as beta in 2016. It has served us well with easier and safer access to our resources using Microsoft accounts as well as Azure AD accounts. By using the app, we can do two-factor authentication without the need
Last updated 14.08.2020 Introduction I have written the following blog to share some of the valuable sources of information I have discovered while developing my knowledge related to the rollout of Modern Workplace clients using Microsoft365 Intune and Autopilot. Instead of a standard how to guide I have decided
For some organizations there is a concern when deploying OneDrive for Business that users will access corporate data from their personal device. I completely understand you! To address those concerns, it is possible to restrict OneDrive so that it only synchronizes files to domain-joined computers. Normally in this case a
In our original series on Windows Virtual Desktop we used a standard file server to host the FSLogix Profiles, this was the only option at the time – if used together with our on-premises Active Directory. Now it’s possible to use Azure file shares and on-premises Active Directory together (Preview
Last year we wrote about Azure AD and password-less sign-in http://blog.mindcore.dk/2019/07/azure-ad-and-password-less-sign-in.html Now we also have support (Public preview) for this in hybrid environments, so let’s try it out. We will use the same Yubico security NFC as last time. First thing we need to be aware of is that we
This is part 5 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 Part 3 – Provisioning a
This is part 4 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 Part 3 – Provisioning a
This is part 3 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 In this part we will
This is part 2 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – http://blog.mindcore.dk/2019/11/windows-virtual-desktop-part-1.html Now let’s continue and create a service principal. We will create the service principal with PowerShell, in order to do that you will
This time we will take a look at Windows Virtual Desktop in Azure. We will connect this cloud solution to our own infrastructure so that we can use on-premises services as well. In order to make this work we already have a Site-to-Site VPN gateway connection setup to connect our
In the last two post we looked at extending Azure AD with our own attributes http://blog.mindcore.dk/2019/10/azure-ad-extension-attributes.html and how to use this attribute to dynamically grant access to a Microsoft team http://blog.mindcore.dk/2019/10/access-to-teams-based-on-our-own.html. This time we will create the team and dynamic group using PowerShell instead. In order to do this we
In our last post we looked at extending Azure AD with our own attributes http://blog.mindcore.dk/2019/10/azure-ad-extension-attributes.html Now let’s try to dynamically allow access to a Microsoft team based on the attribute. First we create a Team in Microsoft teams. In teams we create a new private team called TestTeam. We will
This time we will try to extend our Azure AD directory with a new attribute, we will in a later post use this attribute for dynamic groups and team access. But let’s get started, we will in this test attach the extension attribute to users, but it can be assigned
Since we have Azure Sentinel in preview, let’s give it a test spin. Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across the enterprise. Azure Sentinel aggregates data from a lot of sources, including users,
One of the interesting solutions a lot of us has been waiting for is now in public preview – password-less sign-in with Azure Active Directory (Azure AD). We have been able to use it with personal Microsoft accounts, but now we also can start testing with Azure AD accounts. So
Intro As a security consultant I have been working for several companies over the years and have dealt with numerous issues surrounding Identity Management. One of the recurring challenges has always been granting the right amount of access for the right amount of time. Especially the latter part has been
At our last Mindcore Tech event, we took a closer look at Self-service Password reset in Azure AD. One question we did not have the time to pursue, was how to only allow entering security information from a trusted location. We have SSPR setup and users are required to setup
Back in March we wrote a post about using PowerShell to create Naming policies for Office 365 groups and teams. https://bit.ly/2W9hMlK Now this feature is available in the Azure portal. Go to Azure Active Directory and Groups: Naming Policy: Since we already added custom blocked words with PowerShell, we can
In two of the latest we tested Azure Self-service password reset and integrated the feature with Windows 10: http://blog.mindcore.dk/2019/03/azure-active-directory-azure-ad-self.html http://blog.mindcore.dk/2019/03/azure-ad-password-reset-on-login-screen.html This time let’s use the same user, and enable it to use Password-less phone sign-in with the Microsoft Authenticator app. This feature is in public preview and you need to
We now have Azure AD Password Protection generally available, this will allow us to eliminate easily guessed passwords. By using it we can lower the risk of password spray attacks. Password spraying is using a large number of usernames and loops them with a single password, this will give a
Securing cloud services against attacks requires a strong focus on identities. This is because cloud services, normally, is available from anywhere and access is often based on the login only. To address this threat, it is possible to implement extra layers to the login process, like Multi Factor Authentication. This
In one of the last posts we enabled SSPR in our hybrid environment. http://blog.mindcore.dk/2019/03/azure-active-directory-azure-ad-self.html This time let’s enable password reset on the Windows 10 clients login screen. Before we start we need to be aware of the following: Supported on Windows 10, version April 2018 Update (1803). Device must be
We can now enforce a Naming Policy for Office 365 Groups, lets give it a test drive. With the Naming Policy feature we can define prefix or suffix that can be automatically added to group names and at the same time we can define words that are blocked from use
This time let’s try out SSPR with the new MFA combined registration in a hybrid environment. Before passwords can be changed on our local AD, Azure AD Connect must be configured with password writeback. Self-Service Password Reset/Change/Unlock with on-premises writeback is a premium feature of Azure AD, so license is
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
