Tag: Azure AD

How to deploy Entra ID Application Proxy (Manual)

Entra ID Application Proxy is a service that enables remote access to applications from any device with a web browser without the need for a VPN. It provides secure access to on-premises applications by proxying requests through the Azure cloud. One of the other features is that Entra secures...

Restrict Azure App Permissions to Specific mailboxes only

With Microsoft disabling basic Authentication starting October 1st 2022, I see a lot of vendors asking us IT Pro’s to create an Azure App registration with mailbox permissions to read out just a single mailbox. However, by default this Azure App grants permissions to every single mailbox in your...

CSP: Granular Delegated Admin Privileges (GDAP) explained

Microsoft has been working on improving security. In the last few years every CSP customer has had the request to grant Delegated Admin Privileges (DAP) at least once. Without it is hard for the CSP Partner to grant and assign licenses, however not impossible. Of course it is convenient...

Automatically assign license(s) to groups in Office 365 (Manual)

When you want to align license assignments in Office 365 it might be helpful to automatically assign licenses to users by adding them to groups. This way you can make sure that everybody gets the right license and avoid mistakes. The problem with medium or large companies is that...

How to setup Azure Priviliged Identity Management (PIM) – Manual

Privileged Identity Management is a service in Azure that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Microsoft 365 or Microsoft Intune. Why should you use it? Organizations want to minimize the number of people who...

Setup a good password policy in Azure AD

A good password policy is the first step on securing your environment and company data. Without a password policy in place you can be sure that a lot of users will take a password that can be easily guessed and/or brute forced in less than 5 minutes. Default Azure...

Continuous Access Evaluation (CAE) in Azure AD (GA)

Microsoft has just announced (January 2022) the General Availability of Continuous Access Evaluation as part of the Azure AD Zero Trust management portfolio. What is Continuous Access Evaluation? In short: continuous access evaluation allows for a quicker response by forcing an access token refresh in case of a certain...

Change Office 365 & SharePoint default domain name (Manual)

When a company changes it name, it would be nice if the SharePoint url can be changed to reflect the new company name. When you first signed up for Microsoft 365 you created an onmicrosoft.com domain. Even if you add custom domains, this domain will be used for SharePoint...

Azure Administrative Unit, what is it? And how to use it!

Remember the good old days with Active Directory Organizational Units? We where missing this in Azure AD, but it has finally arrived in Azure AD. Especially in bigger organizations you want to divide the organization in different units. Within each administrative unit you can delegate permissions to administrators of...

Retrieve hybrid Azure Active Directory join status

With the modern workplace getting more and more into the businesses, you might want to verify if your devices have been joined to both your local on-premises AD and Azure AD. Just one simple command is all you need to verify the status. On the (hybrid) domain joined device...

Setup Azure File Share with AD authentication (Manual)

With the traditional file server coming to a end, it is time to move along with Azure File Share and AD authentication. Pre-requisites: Office 365 Tenant with an Office 365 Admin account Active Directory on-premise environment AD Connect PowerShell AzFilesHybrid: https://github.com/Azure-Samples/azure-files-samples/releases STEP 1: First, let’s create a new storage...

Azure Risk based conditional access explained and how to set it up!

With the Azure AD Premium P2 license you are entitled for Azure AD Identity Protection. You will get the option in Conditional Access to assign risk level based options to your policies. Azure AD Identity Protection can detect six different types of suspicious sign-in activities with 3 different levels...

Enforce (Azure) MFA with Conditional Access policies

Multi Factor Authentication (MFA) is an added security feature from Azure which I believe that should be enabled by default for everybody in Office 365 and Azure. There for this manual how to enforce (Azure) MFA for all users using Azure Multi Factor Authentication MFA can prevent unauthorized access...

Create a drive mapping using Intune on Azure AD joined devices (Manual)

With the transition to Azure AD, you might want to connect your AAD joined devices to the traditional file server as explained in this article: Go Azure AD Joined with on-prem DC and fileserver The next step is to map some network drives with Intune! Step 1: The first...

Azure SQL configure Azure AD user authentication (Manual)

When moving your applications to the cloud, it makes sense to start using Azure Services to get the best service, highest availability (SLA) and worry free maintenance provided by Azure. The next step is to use Azure AD identities with Azure SQL Database. Within a few steps you will...

Go Azure AD joined with on-prem DC and fileserver!

Wouldn’t be cool to migrate all your laptops and desktops to Azure AD, but still have your on-premise file server for the people that can’t say goodbye to their network drives? Now it is possible! Azure is supporting out of the box, Azure AD domain joined devices to connect...

Reset Azure AD User password with a predefined password

In the Azure portal you can reset the password of a user, but this is always a temporary password. But PowerShell to the resque again, lets set the password in Azure AD with PowerShell with a predefined password! On your Windows device open a PowerShell prompt and connect to...

Microsoft Entra (Azure AD) Domain Services an option or not?

Frequently I get the question, how are we going to manage our legacy Azure IaaS servers? Should we deploy domain controllers? or should we setup a VPN connection with our on-premise environment? Before we can start answering these questions we will need to learn more about ME DS. Microsoft...