Azure Active Directory

Azure AD Connect – Potential vulnerability in version 1.3.20.0

A vulnerability in Azure Active Directory Connect (Azure AD Connect), the directory synchronization tool for Office 365/Azure AD, version 1.3.20.0 (the latest one released last late April) has been found. This vulnerability may lead to an elevation of privileges, under specific conditions, allowing an attacker to execute 2 PowerShell cmdlets in the context of a …

Azure AD Connect – Potential vulnerability in version 1.3.20.0 Read More »

Azure AD – You can now writeback from Azure AD to Workday

As you may know, Microsoft and Workday have been working pretty hard to make Workday integration with Azure Active Directory (AAD) as seamless as possible. This integration now goes one step further as you can writeback from Azure AD to Workday. This means if an attribute is updated on Azure AD, you can get the …

Azure AD – You can now writeback from Azure AD to Workday Read More »

Office 365 – Office 365 Groups/Teams naming policy is now manageable from Azure AD portal

You may already know that you can define naming policy for your Office 365 Groups, which also applies to Microsoft Teams. Until now, this was done by connection with PowerShell. Now, you can manage (create/update) your naming policy as well as the blocked words list from your Azure AD portal. Connect to your Azure (https://portal.azure.com) …

Office 365 – Office 365 Groups/Teams naming policy is now manageable from Azure AD portal Read More »

Azure AD – You can now secure SSPR and MFA registration using conditional access

You may already know this is a best practice to get your users registered for Azure Multi Factor Authentication (MFA) and Self Service Password Reset (SSPR). That said, the registration requires your end-user to provide sensitive information (phone number, external email address…) to help the system to properly identify them during the registration process – …

Azure AD – You can now secure SSPR and MFA registration using conditional access Read More »

Office 365 / Azure AD – The limitation of the 16-characters password is now removed

Until today, when you were setting up a cloud password on Office 365 or Azure Active Directory (AAD), you were not able to use more than 16 characters. NOTE this limitation did apply to synchronized password. Now, this limitation has been removed; you can set your password by using up to 256 characters, with a …

Office 365 / Azure AD – The limitation of the 16-characters password is now removed Read More »

Azure AD – You can easily and automatically manage access to groups, applications and SharePoint sites for your users (internal and external)

As part of the identity and access control management on Azure AD, you can now use Azure AD Entitlement (also known as Azure AD Identity Governance) (in preview) to easily and automatically manage access to your groups or applications by your users, both internal (corporate) or external (guest). By using Azure AD Entitlement, you can …

Azure AD – You can easily and automatically manage access to groups, applications and SharePoint sites for your users (internal and external) Read More »

Azure AD – You can now use group claims in SAML and OIDC/Oauth token

When publishing application using Active Directory Federation Services (AD FS) or other identity provider, you often use group membership as claim is a user’s token. Until now, this was not possible to use group membership as claim in Azure AD Application; now you can To start using group membership claim for your Azure AD Application, …

Azure AD – You can now use group claims in SAML and OIDC/Oauth token Read More »

Azure AD – You can now use Directory Roles when configuring Conditional Access

As you know, Azure AD Conditional Access allows you to define conditions to allow or block access to Azure/Office 365 resource (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview). When configuring such conditional access, you define to which set of users/groups this apply (or not – aka exclude). Now, you can apply the conditional access policy by using the Directory Roles to …

Azure AD – You can now use Directory Roles when configuring Conditional Access Read More »

Office 365 / Azure AD – New administration roles available

As Office 365 and Azure AD are evolving, the need for more granular administration role is more and more important. 2 new administration roles have been introduced to reduce the need for more elevated privileges: Information Protection Administrator: to grant all Azure Information Protection (AIP) administration aspects without granting global administrator permission. This covers Azure …

Office 365 / Azure AD – New administration roles available Read More »