Enforce (Azure) MFA with Conditional Access policies
Multi Factor Authentication (MFA) is an added security feature from Azure which I believe that should be enabled by default for everybody in Office 365 and Azure. There for this manual how to enforce (Azure) MFA for all users using Azure Multi Factor Authentication MFA can prevent unauthorized access...
How to solve Failed to sync the ArchiveGuid in Office 365 (Manual)
Last few weeks I’ve been struggling with an very difficult Office 365 / Exchange Online case, that got escalated to multiple Microsoft departments to be fixed. I already found one part of the solution, but Microsoft found the second part. Today I would like to take you through all...
How to block non-modern authentication to Office 365 services. (Manual)
With Azure Conditional access you get more control over your data, get better security and visibility! To use this feature you will need to buy and assign Azure AD Premium or EM+S E3/E5 licenses to your users. This manual can be used to enforce the use of the Outlook...
Create a drive mapping using Intune on Azure AD joined devices (Manual)
With the transition to Azure AD, you might want to connect your AAD joined devices to the traditional file server as explained in this article: Go Azure AD Joined with on-prem DC and fileserver The next step is to map some network drives with Intune! Step 1: The first...
Azure SQL configure Azure AD user authentication (Manual)
When moving your applications to the cloud, it makes sense to start using Azure Services to get the best service, highest availability (SLA) and worry free maintenance provided by Azure. The next step is to use Azure AD identities with Azure SQL Database. Within a few steps you will...
Set up Office 365 ATP anti-phishing policies
We all know that phishing is going on all the time. But how to defend your organization against these criminals that want to get your login information! The answer is simple, Office 365 Advanced Threat Protection, or short: ATP. So lets get started and start implementing anti-phishing policies. First...
How to setup Azure Lighthouse (Manual)
Microsoft released Lighthouse last weekend, and since this is a great feature, I wanted to implement it as soon as possible, but the Microsoft docs might be a bit confusing, so I wanted to simplify the manual, so here it is! We will be using PowerShell, as this makes...
Convert federated domain to managed domain
If you have a ADFS server for your user authentication in Office 365 / Azure AD, and you want to use Pass Through Authentication and/or password Hash Synchronization we will need to change a few things and run a few Powershell commands. So before we can change the domain...
AD Connect Force synchronization
If you have an AD Connect server, you sometimes require a faster sync than the default 30 minutes. This can be done very easily by entering one Powershell command. Open a Powershell window, and load the AD Connect Sync Powershell module: Import-Module ADSync Once imported, you have 2 options....
Go Azure AD joined with on-prem DC and fileserver!
Wouldn’t be cool to migrate all your laptops and desktops to Azure AD, but still have your on-premise file server for the people that can’t say goodbye to their network drives? Now it is possible! Azure is supporting out of the box, Azure AD domain joined devices to connect...
Let’s go password less, because passwords are bad! Part 2
Last week we talked about why passwords are bad. Today we will continue with part 2, how to get the passwords gone, and we will zoom in on Windows Hello for Business! So what is Windows Hello? Windows Hello is a modern way of authenticating users on their laptop,...
How to ad Azure AD user to local admin group on workstation
If you want to add a user to the local admin group on a Azure AD joined device, you will simply have to run the following command: net localgroup "administrators" /add AZUREAD\username credits: Mark Luiten...
Let’s go password less, because passwords are bad! Part 1
Quite a statement, passwords are bad? Today I’d like to explain why you should work on better security by using other authentication methods than just 1 password. Why passwords are bad Password are problematic, very often you see that passwords fall in the hands of unpleasant people. Here are...
Reset Azure AD User password with a predefined password
In the Azure portal you can reset the password of a user, but this is always a temporary password. But PowerShell to the resque again, lets set the password in Azure AD with PowerShell with a predefined password! On your Windows device open a PowerShell prompt and connect to...
How to deploy Microsoft Entra Domain Services (Azure AD Domain Services / MEDS)
Today we will learn how to deploy Microsoft Entra Domain services. So let’s go to the Azure portal and let’s get you started! Step 1: Go to Microsoft Entra Domain Services and create a new Microsoft Entra Domain services! Step 2: Now we can start te setup of MEDS,...
Office 365 MFA is free of charge!
Where Azure MFA is only included in the paid Azure Active Directory Premium subscriptions (P1/P2 and EM+S suites), there is a free version for the Office 365 apps. It is always a good idea to enable multi factor authentication, in case your credentials get stolen, the thief will not...
What is Microsoft Enterprise Mobility + Security (EM+S)?
Enterprise Mobility + Security is a Microsoft solution specially developed for management and securing users, company data and applications. This gives you and your users always secured access to your company information without ever worrying about security! With EM+S we are moving from a managed device to data management...
Sync existing office 365 tenant with local active directory
Recently we created an AAD tenant that has no on-premises AD domain counterpart. Now we are facing an issue where we want to be able to use the identities in this tenant to log into some servers. It would appear that we would need to domain join these servers,...
Azure MFA NPS extension replacing MFA Server
Within Azure there are multiple ways to setup MFA. Where you would install MFA server in the past, there is a new extension. Microsoft is going to leave the MFA server behind in the near future (security updates will remain being published for now). Besides the NPS extension and...
Microsoft Entra (Azure AD) Domain Services an option or not?
Frequently I get the question, how are we going to manage our legacy Azure IaaS servers? Should we deploy domain controllers? or should we setup a VPN connection with our on-premise environment? Before we can start answering these questions we will need to learn more about ME DS. Microsoft...