Sparrowtech

Julian Sperling's Personal Blog

Adding Entra External ID to WordPress
Adding Entra External ID to WordPress

After realising that I should really enable comments in my last post, I set out to do so in a way that fits my personal requirements. At the outset, the most obvious solution was adding Entra External ID Authentication and user management (as one does ๐Ÿ˜‰). Entra External ID is a version of Entra ID... » read more

Windows 365 (and Azure Virtual Desktop) Conditional Access Deep-Dive
Windows 365 (and Azure Virtual Desktop) Conditional Access Deep-Dive

Windows 365 (and Azure Virtual Desktop) Conditional Access Deep-Dive Recently, I had the pleasure of troubleshooting Windows 365 Single Sign-On (SSO) โ€“ the issue was quite odd. When you open the Windows 365 website (windows365.microsoft.com) or the "Windows App", authentication is requested as expected. However, when establishing a session with one of the virtual desktops,... » read more

Troubleshooting Entra ID Tenant Switching Issues
Troubleshooting Entra ID Tenant Switching Issues

So – you have started testing “Require authentication strength”, as requested by Microsoft. But have you been receiving issue reports from partner organizations or guests who cannot switch to your tenant? Or maybe you are a Teams administrator that has been seeing reports that your users cannot Collaborate with a specific Organisation? From the other... » read more

Blocking M365 Data exfiltration: Conditional Access
Blocking M365 Data exfiltration: Conditional Access

From time to time, customers have the Ask to allow access to Microsoft 365 on devices not managed by their Organisation. Whether it is because of a bring-your-own-device (BYOD) strategy, the desire to access work files on the go, collaborating with guests, or a multitude of other reasons. Specifically for VDI: Allow use of the... » read more

Microsoft Build Notes With AI
Microsoft Build Notes With AI

There is no better indicator of how important AI has become to Microsoft than the frequency with which "Copilot" and "AI" are mentioned in the Book of News. And to be honest, it was so noticeable that I got interested in the trendline โ€“ the two other keywords are of course completely random ๐Ÿ˜‰: Approach:... » read more

My AI-Free Notes for the “Microsoft Build” Event
My AI-Free Notes for the “Microsoft Build” Event

The Microsoft Build event is one of the most important events for developers and IT professionals worldwide. Each year, new innovations and technologies from the Microsoft ecosystem are presented. Although the focus is on developers, in the Microsoft Cloud world, practically all areas now seamlessly merge. Therefore, it is wrong to expect topics exclusively relevant... » read more

All Roads to Entra ID SSO
All Roads to Entra ID SSO

When I started learning Entra ID (then still Azure AD), my biggest challenge โ€” aside from the seemingly endless products renamings in M365/Azure โ€” was that "SSO" (= Single Sign-On) has almost become a buzzword. If you are currently looking for ways to standardize ldentities and less frequently interrupt a users work for logins, you... » read more

Going Loopy rotating Entra ID App Certificates with PowerShell
Going Loopy rotating Entra ID App Certificates with PowerShell

While working on my appeal against Application.ReadWrite.All, I stumbled upon a potential way to rotate an application’s authentication certificate without Graph API permissions. After some experimentation, I was unable to get it running in PowerShell, so I set it aside for the time being to finish the article. However, the topic continued to intrigue me,... » read more

You (probably) don’t need Application.ReadWrite.All
You (probably) don’t need Application.ReadWrite.All

When Microsoft first disclosed the January Midnight Blizzard attack and posted their subsequent deeper analysis I followed the resulting content with great interest – risks posed by Enterprise Applications are a topic near and dear to me. I will try to keep this article standalone, but it might be a good idea to skim the... » read more

Connect-MgGraph with Username and Password
Connect-MgGraph with Username and Password

In my work on the practical implementation of Password Rotation without Privileged Authentication Administrator, I stumbled upon a somewhat extensive challenge. When trying to use PowerShell to sign in to the Graph API using username + password, I couldn’t find a combination in the PowerShell SDK. The only method would be ClientID + Secret –... » read more