Step-by-Step: Enabling MFA for Azure Administrative Portals via Microsoft Entra ID Conditional Access
RebelAdmin.com
by Dishan M. Francis
4M ago
Last Updated on October 19, 2023 by Dishan M. Francis As per the recent Microsoft Digital Defense Report 2023 (available at https://www.microsoft.com/en-gb/security/security-insider/microsoft-digital-defense-report-2023), it is highlighted that adhering to fundamental security practices still provides protection against approximately 99% of cyberattacks. When delving into these core security recommendations, the foremost among them is the implementation of multifactor authentication (MFA). Microsoft’s official guidance encourages the adoption of MFA for all users, with a few exceptions: Break ..read more
Visit website
Configuring Windows LAPS with Azure AD using Microsoft Intune
RebelAdmin.com
by Dishan M. Francis
8M ago
Last Updated on July 5, 2023 by Dishan M. Francis In my previous blog post, I illustrated the process of enabling Windows LAPS with Azure AD using Group policies. In that discussion, we focused on devices that are Hybrid Azure AD Joined. Another approach to configuring the Windows LAPS settings is through Microsoft Intune. If the corporate devices are already managed using Microsoft Intune, we can effortlessly create a LAPS policy to configure the LAPS settings on endpoints. In this blog post, I am going to demonstrate how we can set up LAPS policy using Microsoft Intune. Prerequisites 1. Devi ..read more
Visit website
How to configure Windows LAPS with Azure AD ?
RebelAdmin.com
by Dishan M. Francis
9M ago
Last Updated on June 21, 2023 by Dishan M. Francis As we know, every Windows machine, including domain-joined ones, comes with a built-in local administrator account. In addition to this default account, organizations often employ multiple local administrator accounts for various operational needs. Unfortunately, these local administrator accounts frequently have a shared password. While changing the password of a domain account is relatively straightforward and can be done from any domain controller, altering the password of a local account presents certain practical challenges, especially wh ..read more
Visit website
Microsoft Entra Permissions Management – Part 01 – Azure Subscription Onboarding
RebelAdmin.com
by Dishan M. Francis
11M ago
Last Updated on April 10, 2023 by Dishan M. Francis Today’s rapidly changing digital landscape creates new identity and access challenges. Microsoft Entra product family is capable of addressing these new challenges by securing identities, verifying identities, managing the life cycle of identities, enforcing least-privilege access, unified administration, and simplifying the access experience. Microsoft Entra Permissions Management is part of the Entra family and it is a cloud infrastructure entitlement management (CIEM) solution. It can discover permission risks, automatically right-size per ..read more
Visit website
Step-by-Step Guide to Azure AD PIM and Conditional Access Integration (Public Preview)
RebelAdmin.com
by Dishan M. Francis
1y ago
Last Updated on March 23, 2023 by Dishan M. Francis In privilege identity management, we can enforce MFA verification during the activation process. When this setting is in place, eligible users should have valid MFA claims to proceed with the role activation. But now we can use conditional access policies with PIM role activation. This will allow us to enforce more advanced controls than MFA on role activation. As an example, before the user activates high sensitive role, we can check if the user device is marked as complaint and if the device is Azure AD join. In this blog post, I am going t ..read more
Visit website
Microsoft Entra lifecycle workflows Part 02 – How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?
RebelAdmin.com
by Dishan M. Francis
1y ago
Last Updated on December 7, 2022 by Dishan M. Francis In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by using Microsoft Entra lifecycle workflows. You can access it using https://www.rebeladmin.com/2022/11/step-by-step-guide-automate-jmljoiners-movers-leavers-process-with-microsoft-entra-lifecycle-workflows/#more-6030 . In this article, I used employeeHireDate Azure AD attribute value to trigger the workflow. At the moment this value cannot be set using UI and can only update using MS Graph. After reading the article, a few readers came back to m ..read more
Visit website
Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows
RebelAdmin.com
by Dishan M. Francis
1y ago
Last Updated on November 7, 2022 by Dishan M. Francis JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and efficiency. When a new employee joins the organization or an existing employee change the job role, if they do not have access to relevant services/tools to start their job, it is just a waste of resource. Also when someone leaves the company, their access permission to data/services should revoke and accounts should be disabled. If not it creates a security risk. As we can see it’s quite important to make sure organizations have robust, practical ..read more
Visit website
Microsoft Defender for Identity Part 05 – MDI Sensor installation
RebelAdmin.com
by Dishan M. Francis
1y ago
Last Updated on July 3, 2022 by Dishan M. Francis MDI Sensor installation is the Part 05 of the Microsoft Defender for Identity blog series. So far we learned about following about MDI, Part 01 – MDI Overview Part 02 – Create Directory Service Account Part 03 – Collect Windows Events Part 04 – Network Requirements In this blog post, I am going to demonstrate how to enable a MDI instance and then install the first MDI sensor in the environment. Before we go into the deployment we need to make sure we have the following in place, Prerequisites 1) Global Administrator or Security Administrator ac ..read more
Visit website
Microsoft Defender for Identity Part 04 – Network Requirements
RebelAdmin.com
by Dishan M. Francis
1y ago
Last Updated on June 16, 2022 by Dishan M. Francis This is the Part 04 of the Microsoft Defender for Identity blog series and so far in this series, we learned about following, Part 01 – MDI Overview Part 02 – Create Directory Service Account Part 03 – Collect Windows Events This is the last blog post which covering about MDI prerequisites. The rest of the blog posts in the series will cover the operation side of the MDI. Microsoft Defender for Identity sensors are responsible for collecting data from devices in network and then reporting back to Microsoft Defender for Identity cloud service ..read more
Visit website
Step-by-Step guide to Azure Bastion IP-Based Connection
RebelAdmin.com
by Dishan M. Francis
1y ago
Last Updated on June 8, 2022 by Dishan M. Francis Azure Bastion is a PaaS service that provides seamless RDP/SSH connectivity to virtual machines via Azure portal. When we use Azure Bastion, virtual machines do not require public IP address to connect even if the VM is in a different VNET (same or different subscription). As long as Azure Bastion subnet can reach the remote network (via VNET peering, VPN), we can use the Azure Bastion service to connect. Azure Bastion now supports IP-Based connectivity to on-premises, Azure, and non-azure virtual machines. It means as long as Azure bastion can ..read more
Visit website

Follow RebelAdmin.com on FeedSpot

Continue with Google
Continue with Apple
OR