There are a few ways to grant external access to an internal application without doing any port forwarding. The way to do this in Microsoft’s world is through an Entra Application Proxy. The name is a bit of a mess, as Microsoft renamed the Microsoft Entra application proxy program to Microsoft Entra private network connector.…
The way I manage my email might seem a bit strange. Due to working in IT, I get lots of emails. Some emails need action, some are regular emails, and some are notifications I want to know about as soon as they happen. I feel like a normal person would make an Outlook rule to…
Microsoft recently introduced the public preview of External Authentication Methods in Microsoft Entra ID. I am very excited about External Authentication Methods as they finally allow third-party MFA providers like Cisco Duo to integrate better with Microsoft Entra ID (formerly Microsoft Azure AD). Microsoft has supported third-party MFA providers for years. The original method for…
Microsoft 365’s Stay signed in option is designed for user convenience but can increase security risks when used on public or non-corporately owned devices. The risk is due to the potential for unauthorized access to the user’s account and the resources they have access to. The stay signed in option, also known as KMSI (Keep…
A custom-themed Microsoft 365 sign-in page can augment the user experience by making it easier to tell if it is a phishing sign-in page, as it will help users recognize whether the login page is legitimate or not. It also adds a nice custom tweak to your Microsoft 365 tenant. In this post, I will…
Cloudflare Access is a wonderful tool that can add MFA (Multi-Factor Authentication) to applications that don’t support it. I’ve previously covered Setting Up Cloudflare Access using email OTP (One-time PIN). What I didn’t cover in that post was how to set up Cloudflare Access with an IdP (Identity Provider). In this post, I will show…
Controlling who can and can’t create Microsoft 365 groups can be a very powerful tool. In this post, I will detail step-by-step how to prevent users from creating Microsoft 365 groups unless they are members of a specific security group. Prerequisites The Process The beginning of the script should look something like this.
Microsoft has been warning about the deprecation of the MS Online and Azure AD PowerShell cmdlets for a while now; the end date is fast approaching, and some of the commands have stopped working. You can read the Microsoft post about the deprecation here. Microsoft Graph is becoming a day-to-day reality and a tool we’ll…
