Azure Active Directory - Benoit's Corner

Azure AD – You can now use Token Protection with Conditional Access (preview)

You know that you can use Azure AD Conditional Access to secure access to your resource by enforcing MFA, device compliance… Well, Azure AD Conditional Access has been updated to allow you use Token Protection. Token Protection attempts to reduce attacks using token theft by ensuring a token is usable only from the intended device. …

Azure AD – You can now use Token Protection with Conditional Access (preview) Read More »

Azure AD – New recommendations for applications (preview)

Leave a Comment / Azure Active Directory, Beta / Preview / By Benoit HAMET / March 15, 2023 March 15, 2023 / AAD, Azure Active Directory, Azure AD

About a year ago, Microsoft has introduced Azure AD recommendations to help you improve your Azure AD security posture (see https://t.co/92sR2y0bR4). Well, these recommendations have been updated to introduce recommendations for Azure AD applications. While the first recommendations apply to all Azure AD license, these new recommendations for applications require Azure AD P2. The available …

Azure AD – New recommendations for applications (preview) Read More »

Azure AD – You easily get Azure AD error code meaning

Leave a Comment / Azure Active Directory / By Benoit HAMET / March 1, 2023 March 1, 2023 / AAD, Azure Active Directory, Azure AD

Have you ever try to figure out what the error code from Azure AD is meaning? While Microsoft has been trying to provide meaningful information when the error occurs, sometime it is more complicated and not easy to find answer. Well, good new, you can use this Microsoft site https://login.microsoftonline.com/error – you will notice this …

Azure AD – You easily get Azure AD error code meaning Read More »

Azure AD – You can now enable suspicious activities reporting (preview)

Leave a Comment / Azure Active Directory, Beta / Preview / By Benoit HAMET / February 24, 2023 February 24, 2023 / AAD, Azure Active Directory, Azure AD, MFA, Multi Factor Authentication

If you have been using the on-premises Azure MFA server (which by the way is going to be fully deprecated – https://azure.microsoft.com/en-us/updates/azure-multifactor-authentication-server-will-be-deprecated-30-september-2024/) you already know that end-users were able to report suspicious activities. Well, this was a missing feature on Azure AD MFA which is now becoming available. First you need to enable it (this …

Azure AD – You can now enable suspicious activities reporting (preview) Read More »

Azure AD – You can now set an Azure AD Application Proxy app in maintenance mode

Leave a Comment / Azure Active Directory / By Benoit HAMET / January 24, 2023 January 24, 2023 / AAD, AAD App Proxy, App Proxy, Azure Active Directory, Azure Active Directory App Proxy, Azure AD, Azure AD App Proxy

If you use Microsoft Cloud services, you know that identity and access control is managed by Azure AD. Azure AD which comes with a feature called Azure AD Application Proxy to allow you publishing internal applications without configuring your firewall and can integrate with Azure AD for authentication and access control (see https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy/ to know …

Azure AD – You can now set an Azure AD Application Proxy app in maintenance mode Read More »

Intune – Enable self-service password reset on Windows login screen new option

Leave a Comment / Azure Active Directory, Endpoint Configuration Manager, Microsoft Intune / By Benoit HAMET / January 16, 2023 January 16, 2023 / AAD, Azure Active Directory, Azure AD, ECM, Endpoint Configuration Manager, Intune, Self Service Password Reset, SSPR

As you are now probably aware, Intune administrators were able to enable self-service password reset (SSPR) on the Windows login screen for quite some time This enablement required to create a custom Intune device configuration profile, as documented here https://blog.hametbenoit.info/2017/11/06/azure-ad-allow-end-users-to-reset-password-or-pin-from-the-login-screen/. Well, as Intune has been evolving quite quickly and some time you may miss updates, …

Intune – Enable self-service password reset on Windows login screen new option Read More »

Azure AD – You can now restrict tenant creation to administrators (preview)

Leave a Comment / Azure Active Directory, Beta / Preview / By Benoit HAMET / December 16, 2022 December 20, 2022 / AAD, Azure Active Directory, Azure AD

As you probably know, users may have the ability to create new tenant using the Manage tenant option from the Azure AD (https://aad.portal.azure.com/) or Entra () portal When creating a new tenant, the user becomes automatically a global administrator for this new tenant and this new tenant does not inherit your organization settings or …

Azure AD – You can now restrict tenant creation to administrators (preview) Read More »

Azure – The Azure Active Directory section on the Azure mobile application has been updated

Leave a Comment / Azure Active Directory, Microsoft Azure / By Benoit HAMET / December 9, 2022 December 9, 2022 / AAD, Azure, Azure Active Directory, Azure AD, Azure Mobile App, Azure Mobile Application, Microsoft Azure

Earlier in September, the Azure mobile application (Azure Companion application) has been updated to introduce an initial access to Azure Active Directory (Azure AD) (see https://t.co/ayBZHVODXx). Well, the application has been updated again to provide additional capabilities to manage Azure AD. You can now: Manage your users in Azure AD with access to the user …

Azure – The Azure Active Directory section on the Azure mobile application has been updated Read More »

Azure AD – Access to Azure AD from O365 administration portal going to redirect to Entra

Leave a Comment / Azure Active Directory, Microsoft Entra / By Benoit HAMET / December 6, 2022 December 6, 2022 / AAD, Azure Active Directory, Azure AD, Entra, Microsoft Entra

With the introduction earlier in July of Microsoft Entra to centralize all identity and access management capabilities, starting December 2022 access to Azure AD from the Office 365 administration portal will redirect to the Entra portal (https://entra.microsoft.com). The rollout of this redirection is expected to be completed by March 2023. Off course you can still …

Azure AD – Access to Azure AD from O365 administration portal going to redirect to Entra Read More »

Azure AD – Use Machine Learning in Azure AD Access Review (preview)

Leave a Comment / Azure Active Directory, Beta / Preview, Microsoft Entra / By Benoit HAMET / December 2, 2022 December 2, 2022 / AAD, Azure Active Directory, Azure AD, Entra, Microsoft Entra

If you have Azure AD P2 license (either standalone or bundle with an Office 365 or EMS subscription), you know you can use the Access Review feature to help you manage access to your resources to only user which still need it. Access Review involve some level of human intervention to either approve or review …

Azure AD – Use Machine Learning in Azure AD Access Review (preview) Read More »