Recently, I’ve assisted a customer with uplifting their security around Enterprise Applications. This is an area we see many of our customers struggle with as by default, Microsoft lets users register apps all by themselves. This leads to a sprawl of registered apps that may or may not still be
Microsoft Entra ID Privileged Identity Management (PIM) for Groups allows organizations to control and audit elevated group memberships through just-in-time access. Managing elevated permissions in Microsoft Entra ID can sometimes be tricky, especially when it comes to Privileged Identity Management (PIM) for Groups. While the Entra portal allows users to
In this final blogpost on onboarding, I want to cover a way to automate some common post-deployment configuration tasks. When a machine is Arc onboarded, by default, it won’t really have much installed and it’s not particularly useful until you start deploying extensions. Azure Arc VM Onboarding blog mini-series overview:
From my last blogpost, I showcased how to setup Microsoft Connected Cache (MCC) for Enterprise on both Windows and Linux. There I suggested folks go with the Linux solution and that’s the assumption I’ve made for this blogpost. So why bother with the complexity of configuring HTTPS? There’re three strong
Something that flew under my radar this summer was the release of Microsoft Connected Cache for Enterprise and Education. Originally, Configuration Manager (SCCM) had a Connected Cache functionality through its Distribution Points. This is something I’ve successfully deployed before and actually works great by caching content on-premises so clients can
With the recent generally available Entra ID functionality into Bicep while I was on vacation, I couldn’t wait to get back and try it out. Specifically, I wanted to see if using this functionality would allow for some level of Infrastructure as code (IaC) to good ol’ Active Directory when
What is Azure Arc Azure Arc is a Microsoft service that extends your Azure management and governance capabilities to your resources outside of Azure, and this can include on-premises servers, virtual machines, and other cloud environments. With Azure Arc, you can centrally manage, secure, and automate workloads across hybrid and
Managing permissions for Managed Identities in Azure/Entra ID has been a long-standing challenge. Microsoft has yet not provided a built-in interface for this, leaving administrators reliant on PowerShell to handle permissions – even if the “same” exists for App Registrations and Enterprise Applications. To bridge this gap, I developed this
Managing server configurations in hybrid or on-premises environments can be challenging, with outdated tools and manual processes leading to errors and inefficiencies. This post explores how to simplify configuration management with Desired State Configuration (DSC) and Azure Automanage Machine Configuration. Ever noticed this Machine Configuration option under VMs and wondered
Introduction You may think that setting up a language in Microsoft 365 [admin.microsoft.com] portals may be straightforward. However, it may not be as obvious as it seems at first, and there are many factors which can play a role in that. The Basics The interface language of Azure [portal.azure.com] and
Introduction In case you missed the update about the new announcement Microsoft is tightening security around Azure and Microsoft admin portals, by enforcing multifactor authentication (MFA) for all interactive sign-ins. This change has sparked a lot of questions across social medias, and in this post, I aim to address these
Today, Tuesday, October 10th, 2023 marks the end of service for Server 2012 (R2). Are you prepared and ready to go with Extended Security Updates? If not, read this post to get up to speed with the details of ESU’s. This blog post serves as a follow up to my
What’s Happening? Windows Server 2012 (R2) is approaching its end of support (EOS) date. Microsoft has officially set the clock, marking October 10, 2023, as the day when support for this trusted operating system will come to an end. This means no more security updates, patches, bug fixes, technical support,
In configuring a lab environment I found myself setting up Azure Cloud Sync on an on-premise DC for testing purposes and found myself stuck on a seemingly simple error that I could not seem to get past: “Please provide the Azure AD credentials of a global administrator or a Hybrid
Part 1 – Using a hybrid connection in Azure App Service Introduction In this new series we will cover how to safely and securely execute code remotely on physical devices, from the cloud.! Even though most organizations are talking about cloud adoption and transformation, the reality is, that most organizations
Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that enables organizations to collect, analyze, and respond to security events across their enterprise (for an introduction please see the first post in this series). Data ingestion is a critical component of the Sentinel platform, as it allows
Welcome to Part 4 in this new Windows 365 End-User Experience blog series. This series will be an educational journey exploring several features that can potentially help improve the end-user experience. Below you’ll find all parts of this blog series. In this part, I‘ll cover the following topics. The Windows
Welcome to Part 2 in this new Windows 365 End-User Experience blog series. This series will be an educational journey exploring several features that can potentially help improve the end-user experience. Below you’ll find all parts of this blog series. In this part, I’ll cover the following topics. Microsoft Teams
Welcome to Part 1 in this new Windows 365 End-User Experience blog series. This series will be an educational journey exploring several features that can potentially help improve the end-user experience. Below you’ll find all parts of this blog series. In this part, I’ll cover the following topics. Introduction What
Enable Change tracking and inventory from Azure ARC Introduction To be able to see inventory and change tracking information when we have added our non-Azure machines to Azure ARC, we must enable the change tracking and inventory solution on our Log Analytics workspace. This will give us an insight into
Sorry new guy in the class, didn’t read the memo, so my first blog post is in Danish. 🙂 Jeg arbejdede fornyeligt for en kunde hvor der skulle bruges Hardware tokens i Azure AD. I “gamle” dage før vi alle fik en mobil telefon, var det jo den mest almindelige
In this blog post I will describe how you easily can help yourself and your management to know if someone changed configurations or apps in your Microsoft Intune environment.Many of my customers do have more than one administrator. With a modern way of working “Hybrid work” we sit at different
Cost optimization has become increasingly important with the increased use of cloud services. Cost optimization is a complex, timeconsuming task – nevertheless the task has never been more important. Microsoft does provide companies with many different utilities/tools to monitor/control the cost of your overall Azure consumption. From our experience the
Identity theft is a major concern for most companies. Complex Conditional Access rules/setups may unintentionally leave accounts without multifactor authenticaton. Another aspect of this “not following up” on the technical security features that is set up, is that every day tasks tends to take precedence over tasks that has an
Introduction To use Machine Groups in our Automation Account inventory we must first create a group by saving a kql query as a function. Requirements – Azure Subscription – if you do not already have a subscription, you can get a free trial here. – Log Analytics workspace configured
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & security specialist with focus on Microsoft 365.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
