INFO: This feature relies on the App Access Policies, which are in the process of being replaced by Role-Based Access Control (RBAC) for applications. More information will be shared in an upcoming post about RBAC for Exchange applications. This is provided for your awareness, so please review and manage it
This week Microsoft is kicking off 2026 strong with a much-anticipated feature releasing into preview: Tenant Configuration Management (TCM) APIs. Traditionally administrators have to make configuration changes either in the portals one at a time or in through Graph API using, for example, PowerShell. However, what if another administrator comes
Microsoft Entra ID Privileged Identity Management (PIM) for Groups allows organizations to control and audit elevated group memberships through just-in-time access. Managing elevated permissions in Microsoft Entra ID can sometimes be tricky, especially when it comes to Privileged Identity Management (PIM) for Groups. While the Entra portal allows users to
In March 2026, Entra ID will stop supporting service principal-less authentication behavior. This may affect certain applications currently running in your tenant. Service principal-less apps may already be frozen since April 2025 if they weren’t actively used, but those apps that were, have remained uninterrupted until March next year. Microsoft
Back in September Microsoft has recently teaset App Management Policies in Microsoft Entra ID UI, which let you set tenant-wide restrictions on how applications and service principals can be configured from the UI – for example restricting certificate lifetimes, blocking new passwords/secrets, enforcing valid URI formats, etc. (as it looks like for now
Today we secure our tenants using conditional access or security defaults, but in the old days many tenants were configured to use Legacy per-user Multi-Factor Authentication (MFA). It is recommended that per-user Microsoft Entra multifactor authentication should not be enabled or enforced when Conditional Access policies are in use. Convert
What is Azure Arc Azure Arc is a Microsoft service that extends your Azure management and governance capabilities to your resources outside of Azure, and this can include on-premises servers, virtual machines, and other cloud environments. With Azure Arc, you can centrally manage, secure, and automate workloads across hybrid and
Managing permissions for Managed Identities in Azure/Entra ID has been a long-standing challenge. Microsoft has yet not provided a built-in interface for this, leaving administrators reliant on PowerShell to handle permissions – even if the “same” exists for App Registrations and Enterprise Applications. To bridge this gap, I developed this
Recently we ran into a fun experience when adjusting the Cross-Cloud meetings within the Teams Admin Center which caused Entra ID Cross-Tenant Access Settings to be changed. This behavior didn’t seem to be documented anywhere and did cause some head-scratching before we figured out why B2B invitations weren’t automatically being
Introduction You may think that setting up a language in Microsoft 365 [admin.microsoft.com] portals may be straightforward. However, it may not be as obvious as it seems at first, and there are many factors which can play a role in that. The Basics The interface language of Azure [portal.azure.com] and
Introduction In case you missed the update about the new announcement Microsoft is tightening security around Azure and Microsoft admin portals, by enforcing multifactor authentication (MFA) for all interactive sign-ins. This change has sparked a lot of questions across social medias, and in this post, I aim to address these
Microsoft in recent months has made leaps and bounds to support Multitenant organizations utilizing Cross-tenant Synchronization to attempt to build a seamless end-user experience. Have they succeeded? Almost! Let’s take a look in this last blogpost of the year. Why even have multiple tenants? In a perfect world, every organization
It’s been almost a year since I published my original post about how to migrate BitLocker Recovery Key(s) to Azure AD (Microsoft Entra ID) using a remediation script. It didn’t take long before several companies started using it, and since then, I’ve received a few inquiries about support for multiple
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & security specialist with focus on Microsoft 365.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
