From time to time, customers have the Ask to allow access to Microsoft 365 on devices not managed by their Organisation. Whether it is because of a bring-your-own-device (BYOD) strategy, the desire to access work files on the go, collaborating with guests, or a multitude of other reasons. Specifically for VDI: Allow use of the... » read more
There is no better indicator of how important AI has become to Microsoft than the frequency with which "Copilot" and "AI" are mentioned in the Book of News. And to be honest, it was so noticeable that I got interested in the trendline – the two other keywords are of course completely random 😉: Approach:... » read more
The Microsoft Build event is one of the most important events for developers and IT professionals worldwide. Each year, new innovations and technologies from the Microsoft ecosystem are presented. Although the focus is on developers, in the Microsoft Cloud world, practically all areas now seamlessly merge. Therefore, it is wrong to expect topics exclusively relevant... » read more
When I started learning Entra ID (then still Azure AD), my biggest challenge — aside from the seemingly endless products renamings in M365/Azure — was that "SSO" (= Single Sign-On) has almost become a buzzword. If you are currently looking for ways to standardize ldentities and less frequently interrupt a users work for logins, you... » read more
At time of writing (April 2024), adding and using Enterprise Applications in Admin Units is not Supported by Microsoft yet. In fact, I am not aware of any official Previews. This Article is purely me playing around, if you use any of this in Production it’s on you. I have written quite a few Articles... » read more
While working on my appeal against Application.ReadWrite.All, I stumbled upon a potential way to rotate an application’s authentication certificate without Graph API permissions. After some experimentation, I was unable to get it running in PowerShell, so I set it aside for the time being to finish the article. However, the topic continued to intrigue me,... » read more
When Microsoft first disclosed the January Midnight Blizzard attack and posted their subsequent deeper analysis I followed the resulting content with great interest – risks posed by Enterprise Applications are a topic near and dear to me. I will try to keep this article standalone, but it might be a good idea to skim the... » read more
This article is the practical part of the Theory – for the answer to the question "What’s the purpose of all this?", please refer to that Article. To ensure I’m not seen as someone who says "someone should" and then does nothing, here follows a (by my standards) "quick" proof of concept on how password... » read more
In my work on the practical implementation of Password Rotation without Privileged Authentication Administrator, I stumbled upon a somewhat extensive challenge. When trying to use PowerShell to sign in to the Graph API using username + password, I couldn’t find a combination in the PowerShell SDK. The only method would be ClientID + Secret –... » read more
Shouldn’t there be huge demand for an alternative to passwords? The frequency of phishing attacks is constantly increasing, and even bypassing multi-factor authentication is becoming more common (Evilginx says hello). Maintaining and using password managers is also not a pleasant task – so why do we, as the first security measure, use our fingers to... » read more
Raising the Curtain There are some things that regularly bother me – for example, I often wonder how all the Entra ID API rights demanded by applications are justified. I have spent quite some time with the Privileged Access Management piece – but let’s not get ahead of ourselves, first let’s get to know our... » read more
The Original Question I came here for an Answer, not some Blog Post! Okay geez, head directly to the GitHub Repo Maybe come back though, The journey is its own reward… One of my colleagues did not understand why Dynamic Groups were not being Processed and asked for help – Assumption being, that systemLabels referred... » read more