Password policy for hybrid identity

When setting up Azure AD Connect and synchronize identities to Azure AD we have two different password policy’s to take care of. In local Active Directory we have a policy for local accounts but if we have an user synchronize to Azure AD they still use the local password policy as default. In Azure AD […]

Block external e-mail forward in Power Automate (Flow)

I have a case where a company had issues with users started to forward e-mail with power automate even that external forwarding is blocked in Exchange. This issue can occur even if the user do not have a power automate license since they anyway can initiate the service themselves. To make this more usable we […]

Connect Azure Automation Runbook script with service principal for AzureAD

We are all working to get rid of service account without MFA. One step forward is to use service principal with permissions and then connect. In this article I will guide you how to setup this solution to connect with AzureAD PowerShell. Start PowerShell as administrator on your computer. Update the password (“pwd” in the […]

Prohibit upload sensitive data in Microsoft 365

I got many questions from customer that they want to block upload of confidential data in Microsoft 365. Is it possible to block that? The answer is yes if you have access to both (CA) Conditional Access and (MCAS) Microsoft Cloud App Security. In CA you need to enabled the “Use Conditional Access App Control” […]

Login to Teams webclient is blocked

I had an issue where it was not possible to login to Teams web client. It just generated a error that referred to contact your administrator. AADSTS7000112: Application ‘id’ (Microsoft Teams Web Client) is disabled To fix this issue we can go to and sign-in. Select Azure Active Directory -> Enterprise Apps and do […]

Remove AD Forest from AD Connect

I was going to remove an AD Forest from AD Connect and took for granted that this would be an easy operation to do from within the AD Connect wizard. I realized that it is just possible to add AD Forests. I than thought that miisclient would be the place to do this. There is […]

Enable Azure ATP and integrate to Microsoft Cloud App Security

Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. With all this signals integrated in Cloud App Security it’s possible to create alerts and actions on all this signals. If […]

Export Azure AD last logon with PowerShell Graph API

In local Active Directory we have the possibility to export last logon for each user but in Azure AD we don´t had that attribute before. From now it´s available in Microsoft Graph beta. There are still limitation in graph queries to filter the data so the best recommendations is to export the data with PowerShell […]

Administrative Units get graphical interface

Finally we have a interface for Administrative Units. I have been in private preview for a time now and test this interface with customers. There are always things I will see to be better but a very good start. If you hope that you can release PowerShell for now, then the answer is no. We […]

FIDO2 security keys (passwordless) in hybrid enviroment

Everyone know that password is weak today and passwordless is around the corner for every enterprise company’s. Together with FIDO2 it is now possible to sign-in to an Windows 10 hybrid join device. We don´t need any MFA or a complex password anymore. Just a key that you bring with you. FIDO2 is based on […]

Configure Hybrid Azure AD joined with AD Connect

This method is suitable for hybrid organizations with existing on-premises AD infrastructure. This is also a requirement for other solutions like Co-Management, Passwordless sign-in etc. Start the AD Connect Configuration Wizard. Select Configure device options. Select Configure Hybrid Azure AD join. Choose Windows 10 or later if you only have that. All Windows down-level require […]

Configure SSO with Office 365

In Azure there are a lot of Single Sign-On (SSO) options. Many early adopters in cloud use ADFS based on that SSO was not a part of AD Connect at the beginning. Today we have more than one solution to choose between. Active Directory Federation Services (ADFS)This is an on-premies solution that is important if […]

When to use Security Defaults or Conditional Access?

Azure AD Security Defaults is a protection that is enabled in all new tenants. This is created to raise the security in Microsoft 365 to a better level. When security defaults is enabled you are not able to use Conditional Access. If to want better control and choose the rule by your self, the Conditional […]

Azure Automation Credentials, auto-rollover

In this blog I will describe an easy way to rollover credentials in you Azure Automation Credential key vault. This example we use a Global Admin account. When you setup service accounts you should always use “least privilege permissions”. This can be combined with Administrative Units or even a model where you use a secured […]

Update Exchange Online connection in Azure Automation to support Modern Authentication

Update your Automation runbooks running exchange online to Modern Authentication The final date for running basic authentication on Exchange Online is coming fast. Have you updated all your runbooks against Exchange Online from not using Basic authentication? If not it’s highly recommended to start the work ASAP. In this blog I will describe how easy […]

Get started with Azure AD Identity Protection

A first look at a customer can be like the picture below. A lot of risky users to take care of. Before you activate Microsoft Azure AD Identity Protection there is some necessary step that need to be configured. What settings can you configure in Identity Protection? User risk policy Sign-in risk policy MFA registration […]

Use Azure AD dynamic groups based on ServicePlanId

Azure AD Dynamic Groups is not something new. We have this in Exchange for long time but we are also able to use them even in Azure Active Directory with the Azure AD Premium 1 license. Why should we use dynamic groups instead of static groups? In this post I will give you some example […]

Look for Teams with Guests

When rolling out classifications on Teams in an existing environment it can be good to know how many Teams that already have Guest Users invited. To gather this information I put together an easy PowerShell script. Running this script requires that you install the Microsoft Teams PowerShell module. Hope this will help you in your […]

Follow My Blog

Get new content delivered directly to your inbox.