Blogs

Remove AD Forest from AD Connect

I was going to remove an AD Forest from AD Connect and took for granted that this would be an easy operation to do from within the AD Connect wizard. I realized that it is just possible to add AD Forests. I than thought that miisclient would be the place to do this. There is […]

Enable Azure ATP and integrate to Microsoft Cloud App Security

Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. With all this signals integrated in Cloud App Security it’s possible to create alerts and actions on all this signals. If […]

Export Azure AD last logon with PowerShell Graph API

In local Active Directory we have the possibility to export last logon for each user but in Azure AD we don´t had that attribute before. From now it´s available in Microsoft Graph beta. There are still limitation in graph queries to filter the data so the best recommendations is to export the data with PowerShell […]

Administrative Units get graphical interface

Finally we have a interface for Administrative Units. I have been in private preview for a time now and test this interface with customers. There are always things I will see to be better but a very good start. If you hope that you can release PowerShell for now, then the answer is no. We […]

FIDO2 security keys (passwordless) in hybrid enviroment

Everyone know that password is weak today and passwordless is around the corner for every enterprise company’s. Together with FIDO2 it is now possible to sign-in to an Windows 10 hybrid join device. We don´t need any MFA or a complex password anymore. Just a key that you bring with you. FIDO2 is based on […]

Configure Hybrid Azure AD joined with AD Connect

This method is suitable for hybrid organizations with existing on-premises AD infrastructure. This is also a requirement for other solutions like Co-Management, Passwordless sign-in etc. Start the AD Connect Configuration Wizard. Select Configure device options. Select Configure Hybrid Azure AD join. Choose Windows 10 or later if you only have that. All Windows down-level require […]

Configure SSO with Office 365

In Azure there are a lot of Single Sign-On (SSO) options. Many early adopters in cloud use ADFS based on that SSO was not a part of AD Connect at the beginning. Today we have more than one solution to choose between. Active Directory Federation Services (ADFS)This is an on-premies solution that is important if […]

When to use Security Defaults or Conditional Access?

Azure AD Security Defaults is a protection that is enabled in all new tenants. This is created to raise the security in Microsoft 365 to a better level. When security defaults is enabled you are not able to use Conditional Access. If to want better control and choose the rule by your self, the Conditional […]

Azure Automation Credentials, auto-rollover

In this blog I will describe an easy way to rollover credentials in you Azure Automation Credential key vault. This example we use a Global Admin account. When you setup service accounts you should always use “least privilege permissions”. This can be combined with Administrative Units or even a model where you use a secured […]

Update Exchange Online connection in Azure Automation to support Modern Authentication

Update your Automation runbooks running exchange online to Modern Authentication The final date for running basic authentication on Exchange Online is coming fast. Have you updated all your runbooks against Exchange Online from not using Basic authentication? If not it’s highly recommended to start the work ASAP. In this blog I will describe how easy […]

Get started with Azure AD Identity Protection

A first look at a customer can be like the picture below. A lot of risky users to take care of. Before you activate Microsoft Azure AD Identity Protection there is some necessary step that need to be configured. What settings can you configure in Identity Protection? User risk policy Sign-in risk policy MFA registration […]

Use Azure AD dynamic groups based on ServicePlanId

Azure AD Dynamic Groups is not something new. We have this in Exchange for long time but we are also able to use them even in Azure Active Directory with the Azure AD Premium 1 license. Why should we use dynamic groups instead of static groups? In this post I will give you some example […]

Look for Teams with Guests

When rolling out classifications on Teams in an existing environment it can be good to know how many Teams that already have Guest Users invited. To gather this information I put together an easy PowerShell script. Running this script requires that you install the Microsoft Teams PowerShell module. Hope this will help you in your […]

Part 3: Conditional Access block legacy authentication

Microsoft has announced that “End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers” is October 13th, 2020. Basic Authentication for Exchange Active Sync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (IMAP), and Remote PowerShell (RPS) in Exchange Online is affected. SMTP AUTH with basic authentication will not be affected. It´t […]

Part 2: Conditional Access Azure Monitor Log Analytics workspace

Why should we store log to an Log Analytics workspace? The answer can be more than one. I will guide you how to setup and share some benefit of the value. The picture above show the standard workbooks you can see. You can deep into each of the workbooks to investigate more information. Let´s open […]

Part 1: Conditional Access Report-only

Conditional Access is used by rules to secure users and applications against sign-ins to Azure AD. New features are released recurrent and some are still in preview. One of the feature is Report-only that is a very powerful to get started with Conditional Access in a current environment. Instead of create rules that block traffic […]

Create Azure EA Subscription with PowerShell

Create EA subscription with PowerShell First I configure Visual Studio Code to work together with Azure Cloud Shell. To begin we have 2 prerequisites. Install node.js, https://nodejs.org/en Install Visual Studio Code Azure Account extension from within application You can now type CTRL+SHIFT+P from within Visual Studio Code, this should present you with the option to […]


Follow My Blog

Get new content delivered directly to your inbox.