If, like me, you regularly lose track of what features exist where in the plethora of Microsoft cloud portals, hopefully this list will help you find your way. Or at least give you a URL as a starting point. I’ll attempt to keep this up-to-date, so if you see something missing please leave a comment… Read More »
One of my customers is using Password Hash Synchronisation (PHS) as their Azure Active Directory authentication method for users synced from on-premises AD. Not having had much experience with PHS, I was a little surprised to learn recently that PHS users have cloud passwords that do not conform to the default AAD 90 day expiry.… Read More »
For some organisations, encryption of data at rest is considered an important security control, especially in the context of cloud solutions. With core Office 365 services (SharePoint Online and Exchange Online) you have the option of controlling your own keys through the method known as Customer Key. But is there anything built-in that provides encryption… Read More »
One of the hardest things to deal with when working with Microsoft’s cloud services is the avalanche of information published daily. What’s relevant and interesting compared to the chaff that is not meaningful for you? Microsoft employees refer to it as “drinking from the firehose”. Well, one of the most helpful sources I’ve come across… Read More »
Earlier this week, I had a need to produce a list of Guest users in an Azure AD tenant who had not yet redeemed invitations that had been sent to them. It took me a little while to figure out the Powershell query for this, so I thought I would share it here. The state… Read More »
The other day I tried (and failed) to find an easy way to query which applications were assigned to a specific Azure AD Application Proxy Connector Group. Of course if you only have a few applications, you can simply grind through each application in the Azure Portal and view the assignment (see screenshot below). If,… Read More »
If you’re working as part of a team in Azure AD Identity Protection and want to know who dismissed a risk event (e.g. a risky sign-in), it’s not obvious where to find the information. This article explains how to do it. Let’s take an example. You go into the Azure AD Identity Protection blade of… Read More »
Last week I spent a fair amount of time trying to integrate the Trend Micro Deep Security as a Service product with Azure AD using SAML. Unlike most of the SAML work I’ve done with Azure AD this one was not entirely straightforward. At the time of writing Trend Micro had no documentation specific to… Read More »
OK, the title has a whole bunch of acronyms which may not be entirely familiar. Actually…if we’re being really picky I should probably say a whole bunch of initialisms, but that would digress into a whole different article when a perfectly good Wikipedia article already exists for that. 🙂 Anyway, PTA is the accepted short form… Read More »
Configurable token lifetimes for Azure Active Directory (AAD) have been available for while now, although the feature is still in public preview. This article provides details of how to create an access token lifetime policy and how to apply it to an application federated with AAD using SAML 2.0. Before we get started with this, we need to ensure… Read More »