Microsoft Managed Entra ID Conditional Access policies are coming to eligible tenants
In November last year, Microsoft announced the “auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage.” This means that all tenants with at least Entra ID P1 license will receive the Microsoft Managed conditional access policies with the intention to...
How to setup AWS SSO to Microsoft Entra ID (Azure AD) and use auto provisioning
Last week a customer wanted to setup single sign-on to Amazon Web Services (AWS) from their Entra ID / Azure AD environment. After reading several instructions from both Microsoft and Amazon I needed some more explanation for each step before I would activate it. So here is my manual...
Restrict Azure App Permissions to Specific mailboxes only
With Microsoft disabling basic Authentication starting October 1st 2022, I see a lot of vendors asking us IT Pro’s to create an Azure App registration with mailbox permissions to read out just a single mailbox. However, by default this Azure App grants permissions to every single mailbox in your...
Azure VM cannot connect to RDP (NLA, Manual)
Today I had to restore a virtual machine from a backup from 2 weeks ago. Once booted I received the error message that I was not able to connect because of the following error: The remote computer that you are trying to connect to requires Network Level Authentication (NLA),...
CSP: Granular Delegated Admin Privileges (GDAP) explained
Microsoft has been working on improving security. In the last few years every CSP customer has had the request to grant Delegated Admin Privileges (DAP) at least once. Without it is hard for the CSP Partner to grant and assign licenses, however not impossible. Of course it is convenient...
Azure AD Connect Export and Import configuration
Today I had to fix an AD Connect server that stopped working over the weekend. Unfortunately there was now way of fixing AD Connect sync and we had to reinstall AD Connect. However I didn’t want to lose the configuration that was made in the past. Since the end...
Automatically assign license(s) to groups in Office 365 (Manual)
When you want to align license assignments in Office 365 it might be helpful to automatically assign licenses to users by adding them to groups. This way you can make sure that everybody gets the right license and avoid mistakes. The problem with medium or large companies is that...
How to setup Azure Priviliged Identity Management (PIM) – Manual
Privileged Identity Management is a service in Azure that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Microsoft 365 or Microsoft Intune. Why should you use it? Organizations want to minimize the number of people who...
Setup a good password policy in Azure AD
A good password policy is the first step on securing your environment and company data. Without a password policy in place you can be sure that a lot of users will take a password that can be easily guessed and/or brute forced in less than 5 minutes. Default Azure...
Continuous Access Evaluation (CAE) in Azure AD (GA)
Microsoft has just announced (January 2022) the General Availability of Continuous Access Evaluation as part of the Azure AD Zero Trust management portfolio. What is Continuous Access Evaluation? In short: continuous access evaluation allows for a quicker response by forcing an access token refresh in case of a certain...
Change Office 365 & SharePoint default domain name (Manual)
When a company changes it name, it would be nice if the SharePoint url can be changed to reflect the new company name. When you first signed up for Microsoft 365 you created an onmicrosoft.com domain. Even if you add custom domains, this domain will be used for SharePoint...
Azure Administrative Unit, what is it? And how to use it!
Remember the good old days with Active Directory Organizational Units? We where missing this in Azure AD, but it has finally arrived in Azure AD. Especially in bigger organizations you want to divide the organization in different units. Within each administrative unit you can delegate permissions to administrators of...
How to re-enable inactive mailbox from litigation hold in exchange online using Power Shell(Manual)
When users leave the company you might want to retain the email for a longer period than the default 30 days. By enabling litigation hold you can retain mailboxes longer than 30 days, before you disable a user you can set the litigation hold to any value you would...
Retrieve hybrid Azure Active Directory join status
With the modern workplace getting more and more into the businesses, you might want to verify if your devices have been joined to both your local on-premises AD and Azure AD. Just one simple command is all you need to verify the status. On the (hybrid) domain joined device...
Setup Azure File Share with AD authentication (Manual)
With the traditional file server coming to a end, it is time to move along with Azure File Share and AD authentication. Pre-requisites: Office 365 Tenant with an Office 365 Admin account Active Directory on-premise environment AD Connect PowerShell AzFilesHybrid: https://github.com/Azure-Samples/azure-files-samples/releases STEP 1: First, let’s create a new storage...
How to automatically assign Office 365 licenses to users based on groups
If you have a large on premise environment, you might want to automate the assignment of Office 365 licenses by using (dynamic) security groups in Azure AD. With this simple manual you should be able to setup automatic license assignment based on a security group....
Lock down Microsoft Team creation (Manual)
By default everyone may create a new team in Microsoft Teams. As an organisation admin you might want to control this, or release it a some point. With this manual you should be able to lock down team creation to users that are member of a Azure AD Security...
Change default email address Office 365 group (Manual)
Office 365 Groups are easy to create. However, changing the primary domain name when creating the group might not be that easy from the GUI. However, with Power Shell you can change this easily. First we will need to open a Power Shell Window, and connect with Exchange Online....
Convert AD domain users to Azure AD users (Manual)
With the move to the cloud there might be a time where you would like to remove the Active Directory link (AD Connect) and go for a cloud only strategy. With a few simple steps you can disconnect the AD connect sync from Azure AD. When you look in...
Azure Risk based conditional access explained and how to set it up!
With the Azure AD Premium P2 license you are entitled for Azure AD Identity Protection. You will get the option in Conditional Access to assign risk level based options to your policies. Azure AD Identity Protection can detect six different types of suspicious sign-in activities with 3 different levels...