How to setup Azure AD Enterprise app with password sign-on

Some web applications do not support single sign-on authentication. For these applications Microsoft has created an option to save the password in Azure AD. In this manual I am going to explain how to set it up. STEP 1: Create app From within the Azure Portal (https://portal.azure.com) go to...

Deploy Azure Virtual WAN with Virtual HUB (Manual)

This is the first blog post about Azure Virtual WAN. In the coming series I will be showing how to deploy en setup Azure Virtual WAN and setup VPN connections (S2S and P2S). In this blog post we start with the first step: Manual 1: Deploy Azure Virtual WAN...

Azure VM cannot connect to RDP (NLA, Manual)

Today I had to restore a virtual machine from a backup from 2 weeks ago. Once booted I received the error message that I was not able to connect because of the following error: The remote computer that you are trying to connect to requires Network Level Authentication (NLA),...

CSP: Granular Delegated Admin Privileges (GDAP) explained

Microsoft has been working on improving security. In the last few years every CSP customer has had the request to grant Delegated Admin Privileges (DAP) at least once. Without it is hard for the CSP Partner to grant and assign licenses, however not impossible. Of course it is convenient...

Bring your own IP (BYOIP) to Azure with Custom IP Prefix

When you want to move to Azure, but you want to retain your current public IP addresses, because of IP whitelisting, or te preserve your established IP reputation, you can now move your Public IPv4 Addresses to Azure. Once onboarded, these IPs can be associated with Azure resources, interact...

Azure AD Connect Export and Import configuration

Today I had to fix an AD Connect server that stopped working over the weekend. Unfortunately there was now way of fixing AD Connect sync and we had to reinstall AD Connect. However I didn’t want to lose the configuration that was made in the past. Since the end...

Automatically assign license(s) to groups in Office 365 (Manual)

When you want to align license assignments in Office 365 it might be helpful to automatically assign licenses to users by adding them to groups. This way you can make sure that everybody gets the right license and avoid mistakes. The problem with medium or large companies is that...

How to setup Azure Priviliged Identity Management (PIM) – Manual

Privileged Identity Management is a service in Azure that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Microsoft 365 or Microsoft Intune. Why should you use it? Organizations want to minimize the number of people who...

Setup a good password policy in Azure AD

A good password policy is the first step on securing your environment and company data. Without a password policy in place you can be sure that a lot of users will take a password that can be easily guessed and/or brute forced in less than 5 minutes. Default Azure...

Continuous Access Evaluation (CAE) in Azure AD (GA)

Microsoft has just announced (January 2022) the General Availability of Continuous Access Evaluation as part of the Azure AD Zero Trust management portfolio. What is Continuous Access Evaluation? In short: continuous access evaluation allows for a quicker response by forcing an access token refresh in case of a certain...

Change Office 365 & SharePoint default domain name (Manual)

When a company changes it name, it would be nice if the SharePoint url can be changed to reflect the new company name. When you first signed up for Microsoft 365 you created an onmicrosoft.com domain. Even if you add custom domains, this domain will be used for SharePoint...

Azure Administrative Unit, what is it? And how to use it!

Remember the good old days with Active Directory Organizational Units? We where missing this in Azure AD, but it has finally arrived in Azure AD. Especially in bigger organizations you want to divide the organization in different units. Within each administrative unit you can delegate permissions to administrators of...

Exchange Online, Basic Authentication end is near…

Microsoft is proactively working on securing their Exchange Online environment. Making your and indirectly other customers environments safer. For now Microsoft is going over all tenants and they will start disabling Basic Authentication. This will include all of the following services: Exchange Web Services (EWS), Exchange ActiveSync (EAS), POP,...

Office 365 implement Safe Links Policy (Manual)

Safe links is part of Defender for Office 365 that scans and rewrites URL’s in inbound email messages, Teams and other locations. Safe Links is an additional security layer on top of anti-spam and anti-malware protection. Safe Links scanning can help protect your organization from malicious links that are...

Anti-Spoofing Exchange Online rule (Manual)

Fraudulent emails are becoming a common cyber threat. Anti-spoofing mail rules set up in Office 365 can help. In these phishing schemes, scammers research internal company names and send emails that look like they are coming from the CEO or someone else in the company. Typically the scam emails...

Exchange Server fix logon error

In Exchange 2013 and 2016 after an upgrade you might get the following error after logging in. The URL with the error will look like this: owa/auth/errorFE.aspx?httpCode=500 Cause This issue occurs if the Exchange Server Open Authentication (OAuth) certificate is expired, not present, or not configured correctly....

Azure OMI Vulnerability

Microsoft has released multiple security updates in last Patch Tuesday. One off them fixes a high risk vulnerability (CVE-2021-38647) Also know as OMIGOD. This vulnerability can be used remotely, so exploitation is expected soon. This flaw doesn’t directly affect Windows at all, because it’s a bug in Microsoft’s open...

Renewed my Azure Solutions Architect Expert certification

Today I had to renew my Azure Solutions Expert certification. This was a first time I had to do that. By going to your certification profile you can do a online exam with just 26 questions with numerous things that have been changed in the past year. I have...