A breakdown of the new Microsoft 365 E7 license, bundling E5, Copilot, Entra Suite, and the new Agent 365 control plane.
INFO: This feature relies on the App Access Policies, which are in the process of being replaced by Role-Based Access Control (RBAC) for applications. More information will be shared in an upcoming post about RBAC for Exchange applications. This is provided for your awareness, so please review and manage it
Combine the power of Entra ID Conditional Access and Defender for Cloud Apps Conditional Access policies to gain even more control over how apps in your tenant can be accessed. A common scenario would be to block access from Tor/Botnet/Anonymous Proxy networks as there’s really no use-cases for end-users to
This week Microsoft is kicking off 2026 strong with a much-anticipated feature releasing into preview: Tenant Configuration Management (TCM) APIs. Traditionally administrators have to make configuration changes either in the portals one at a time or in through Graph API using, for example, PowerShell. However, what if another administrator comes
Recently, I’ve assisted a customer with uplifting their security around Enterprise Applications. This is an area we see many of our customers struggle with as by default, Microsoft lets users register apps all by themselves. This leads to a sprawl of registered apps that may or may not still be
Microsoft Entra ID Privileged Identity Management (PIM) for Groups allows organizations to control and audit elevated group memberships through just-in-time access. Managing elevated permissions in Microsoft Entra ID can sometimes be tricky, especially when it comes to Privileged Identity Management (PIM) for Groups. While the Entra portal allows users to
Back in September Microsoft has recently teaset App Management Policies in Microsoft Entra ID UI, which let you set tenant-wide restrictions on how applications and service principals can be configured from the UI – for example restricting certificate lifetimes, blocking new passwords/secrets, enforcing valid URI formats, etc. (as it looks like for now
In my previous blogposts I’ve shown some of Azure Arc’s features, and interesting capabilities. All super cool ways to securely interact with your machines, regardless of where they are hosted. However, so far, I’ve glanced over a problem: How do you get started with onboarding machines? In Part 1 of
Today we secure our tenants using conditional access or security defaults, but in the old days many tenants were configured to use Legacy per-user Multi-Factor Authentication (MFA). It is recommended that per-user Microsoft Entra multifactor authentication should not be enabled or enforced when Conditional Access policies are in use. Convert
In previous blogposts, I’ve described how we can use the OpenSSH extension through Azure Arc to gain better remote SSH and RDP sessions to machines without requiring direct network access. However, they’ve always required we login to the machine with local credentials (or domain, but that’s old school, we want
With the recent generally available Entra ID functionality into Bicep while I was on vacation, I couldn’t wait to get back and try it out. Specifically, I wanted to see if using this functionality would allow for some level of Infrastructure as code (IaC) to good ol’ Active Directory when
In this deep dive into yet another Azure Arc extension, let’s see how we can get Entra ID logins to work with Linux SSH over Azure Arc! Azure Arc blog overview: 1. Modern Server Management with Azure Arc – Remote Management Pt.1 (SSH/RDP)2. Modern Server Management with Azure Arc –
In part 1 of this series, I covered how to configure basic SSH on an Azure Arc-enabled server that allowed us to connect to any machine from anywhere in the world without needing a VPN or exposing that machine to the internet. Azure Arc blog overview: 1. Modern Server Management
What is Azure Arc Azure Arc is a Microsoft service that extends your Azure management and governance capabilities to your resources outside of Azure, and this can include on-premises servers, virtual machines, and other cloud environments. With Azure Arc, you can centrally manage, secure, and automate workloads across hybrid and
In this post, we’ll look at suppressing single sign-on (SSO) consent prompts for Azure Virtual Desktop (AVD) and Windows 365. These consent prompts can be very disruptive as they interrupt the smooth sign-in flow. I first came across the option to suppress SSO consent prompts while testing Windows 365 Link
Managing permissions for Managed Identities in Azure/Entra ID has been a long-standing challenge. Microsoft has yet not provided a built-in interface for this, leaving administrators reliant on PowerShell to handle permissions – even if the “same” exists for App Registrations and Enterprise Applications. To bridge this gap, I developed this
This blog post is original from my own blog, re-posted here Introduction What is a Break Glass Account? Break Glass accounts are emergency access accounts that are used to access critical systems or resources when other authentication mechanisms fail or are unavailable. In Azure AD, Break Glass accounts are used to provide emergency access to
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & security specialist with focus on Microsoft 365.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
