Microsoft recently introduced the public preview of External Authentication Methods in Microsoft Entra ID. I am very excited about External Authentication Methods as they finally allow third-party MFA providers like Cisco Duo to integrate better with Microsoft Entra ID (formerly Microsoft Azure AD). Microsoft has supported third-party MFA providers for years. The original method for…
Microsoft 365’s Stay signed in option is designed for user convenience but can increase security risks when used on public or non-corporately owned devices. The risk is due to the potential for unauthorized access to the user’s account and the resources they have access to. The stay signed in option, also known as KMSI (Keep…
A custom-themed Microsoft 365 sign-in page can augment the user experience by making it easier to tell if it is a phishing sign-in page, as it will help users recognize whether the login page is legitimate or not. It also adds a nice custom tweak to your Microsoft 365 tenant. In this post, I will…
Cloudflare Access is a wonderful tool that can add MFA (Multi-Factor Authentication) to applications that don’t support it. I’ve previously covered Setting Up Cloudflare Access using email OTP (One-time PIN). What I didn’t cover in that post was how to set up Cloudflare Access with an IdP (Identity Provider). In this post, I will show…
Controlling who can and can’t create Microsoft 365 groups can be a very powerful tool. In this post, I will detail step-by-step how to prevent users from creating Microsoft 365 groups unless they are members of a specific security group. Prerequisites The Process The beginning of the script should look something like this.
Microsoft has been warning about the deprecation of the MS Online and Azure AD PowerShell cmdlets for a while now; the end date is fast approaching, and some of the commands have stopped working. You can read the Microsoft post about the deprecation here. Microsoft Graph is becoming a day-to-day reality and a tool we’ll…
Intune aka Microsoft Endpoint Manager can be extremely powerful but as it always goes with great power comes great responsibility. To make sure I’m only targeting the devices I want, I like to make a few dynamic device groups that I’ll use for various Intune policy targeting. The dynamic device groups I create are: By…
I recently ran into an issue where an install of Azure AD Connect failed to start. It seems like the root cause was due to the SQLLocalDB Model database becoming corrupt, which caused it to fail at upgrading itself. This is a known issue in versions older than 2.1.1.0 of Azure AD Connect. While looking…
