Tag: Azure AD

CSP: Granular Delegated Admin Privileges (GDAP) explained

Microsoft has been working on improving security. In the last few years every CSP customer has had the request to grant Delegated Admin Privileges (DAP) at least once. Without it is hard for the CSP Partner to grant and assign licenses, however not impossible. Of course it is convenient...

Automatically assign license(s) to groups in Office 365 (Manual)

When you want to align license assignments in Office 365 it might be helpful to automatically assign licenses to users by adding them to groups. This way you can make sure that everybody gets the right license and avoid mistakes. The problem with medium or large companies is that...

How to setup Azure Priviliged Identity Management (PIM) – Manual

Privileged Identity Management is a service in Azure that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Microsoft 365 or Microsoft Intune. Why should you use it? Organizations want to minimize the number of people who...

Setup a good password policy in Azure AD

A good password policy is the first step on securing your environment and company data. Without a password policy in place you can be sure that a lot of users will take a password that can be easily guessed and/or brute forced in less than 5 minutes. Default Azure...

Continuous Access Evaluation (CAE) in Azure AD (GA)

Microsoft has just announced (January 2022) the General Availability of Continuous Access Evaluation as part of the Azure AD Zero Trust management portfolio. What is Continuous Access Evaluation? In short: continuous access evaluation allows for a quicker response by forcing an access token refresh in case of a certain...

Change Office 365 & SharePoint default domain name (Manual)

When a company changes it name, it would be nice if the SharePoint url can be changed to reflect the new company name. When you first signed up for Microsoft 365 you created an onmicrosoft.com domain. Even if you add custom domains, this domain will be used for SharePoint...

Azure Administrative Unit, what is it? And how to use it!

Remember the good old days with Active Directory Organizational Units? We where missing this in Azure AD, but it has finally arrived in Azure AD. Especially in bigger organizations you want to divide the organization in different units. Within each administrative unit you can delegate permissions to administrators of...

Retrieve hybrid Azure Active Directory join status

With the modern workplace getting more and more into the businesses, you might want to verify if your devices have been joined to both your local on-premises AD and Azure AD. Just one simple command is all you need to verify the status. On the (hybrid) domain joined device...

Setup Azure File Share with AD authentication (Manual)

With the traditional file server coming to a end, it is time to move along with Azure File Share and AD authentication. Pre-requisites: Office 365 Tenant with an Office 365 Admin account Active Directory on-premise environment AD Connect PowerShell AzFilesHybrid: https://github.com/Azure-Samples/azure-files-samples/releases STEP 1: First, let’s create a new storage...

Azure Risk based conditional access explained and how to set it up!

With the Azure AD Premium P2 license you are entitled for Azure AD Identity Protection. You will get the option in Conditional Access to assign risk level based options to your policies. Azure AD Identity Protection can detect six different types of suspicious sign-in activities with 3 different levels...

Enforce (Azure) MFA with Conditional Access policies

Multi Factor Authentication (MFA) is an added security feature from Azure which I believe that should be enabled by default for everybody in Office 365 and Azure. There for this manual how to enforce (Azure) MFA for all users using Azure Multi Factor Authentication MFA can prevent unauthorized access...

Create a drive mapping using Intune on Azure AD joined devices (Manual)

With the transition to Azure AD, you might want to connect your AAD joined devices to the traditional file server as explained in this article: Go Azure AD Joined with on-prem DC and fileserver The next step is to map some network drives with Intune! Step 1: The first...

Azure SQL configure Azure AD user authentication (Manual)

When moving your applications to the cloud, it makes sense to start using Azure Services to get the best service, highest availability (SLA) and worry free maintenance provided by Azure. The next step is to use Azure AD identities with Azure SQL Database. Within a few steps you will...

Go Azure AD joined with on-prem DC and fileserver!

Wouldn’t be cool to migrate all your laptops and desktops to Azure AD, but still have your on-premise file server for the people that can’t say goodbye to their network drives? Now it is possible! Azure is supporting out of the box, Azure AD domain joined devices to connect...

Reset Azure AD User password with a predefined password

In the Azure portal you can reset the password of a user, but this is always a temporary password. But PowerShell to the resque again, lets set the password in Azure AD with PowerShell with a predefined password! On your Windows device open a PowerShell prompt and connect to...

How to deploy Azure Active Directory Domain Services (AD DS)

Today we will learn how to deploy Azure AD Domain services. So let’s go to the Azure portal and let’s get you started! Step 1: Go to Azure AD Domain Services and create a new Azure AD Domain services! Step 2: Now we can start te setup of ADDS,...

Azure AD Domain Services an option or not?

Frequently I get the question, how are we going to manage our legacy Azure IaaS servers? Should we deploy domain controllers? or should we setup a VPN connection with our on-premise environment? Before we can start answering these questions we will need to learn more about AD DS. Azure...

Microsoft Advanced Threat Protecion

Microsoft bied op verschillende diensten Advanced Threat protection aan. Helaas zit er marketing technisch nog steeds hier en daar de naam Defender aan vast, waar het onder water een compleet ander product is. Het is inmiddels geen simpel antivirus pakket meer, maar een all-in-one oplossing tegen aanvallen van buitenaf...

Modernizeer je identiteits en toegangs beheer met Azure AD

Door Azure AD als je centrale Identiteit opslag te gebruiken word beheer een stuk makkelijker en veiliger. Door Azure AD te gebruiken kan je voortaan makkelijk samen werken met andere bedrijven. Door gebruikers van een andere organisatie uit te nodigen, is het niet meer noodzakelijk om deze ook nog...