What does this mean? It simply states that Privileged accounts or the accounts that can be elevated in to privileged accounts responsible for tasks in cloud systems must be created as “in-cloud” accounts rather than syncing from a local/ on-prem directory. Why you ask? The most classic example anyone can think of is Entra ID privileged roles enabled identities. This is a very important factor that most of the IT admins who are responsible of maintaining the accounts and/ or security are ignoring. If you are in a hybrid environment, just because all other accounts are synching from On-prem AD t ..read more

These are similar-looking terms that perform two different tasks and this quick nugget is to unpack what they do. Policy Refresh Intervals This is the standard way for the device to check in with the Intune service to receive the policies and settings. When the device is enrolled with Intune for the 1st time, notifications will be sent to the device to receive the policies. After that, the device will be checked in with Intune periodically to receive the config profiles and policies. If a device doesn’t check in to get the policy or profile after the first notification, Intune makes three mo ..read more

Microsoft Defender for Identity or MDI. The main purpose of this write-up is to shed some light on the fact that why you need MDI in your environment and how it can protect your traditional on-premises AD infrastructure. It’s no wonder that there are a lot of other products in the market that do similar activities as MDI, but rather than showing how easy it is to set up and configure, my goal is to give you a high-level architectural point of view which will help to think about the decision again. Best of both worlds The attack Kill Chain What can this perform? What can you protect with MDI ..read more

I’ve stumbled upon this matter recently and I’m sure you may have also gone clueless at some point and scratching your head to figure out WHY and How did it go wrong? Let’s go! I also had the same 4 phases as Sheldon from Big Bang Theory which I guess perfectly matching with this scenario. At 1st it was not that easy to unpack what Microsoft had mentioned in the document against what I saw in the portal. However, I want to simplify what I learned so you don’t have to go through the same. What I have noticed is that the licensing has been changed around Defender for Endpoint and you need to adh ..read more

I’ve stumbled upon this matter recently and I’m sure you may have also gone clueless at some point and scratching your head to figure out WHY and How did it go wrong? Let’s go! I also had the same 4 phases as Sheldon from Big Bang Theory which I guess perfectly matching with this scenario. At 1st it was not that easy to unpack what Microsoft had mentioned in the document against what I saw in the portal. However, I want to simplify what I learned so you don’t have to go through the same. What I have noticed is that the licensing has been changed around Defender for Endpoint and you need to adh ..read more

I’m excited to see the new Security Baseline version is finally available in Intune. Version 23H2 for Windows 10/11. This is a quick look at the policy and useful details on migration to the new policy. What you will see in the Security Baselines now What’s Available in Version 23H2 Some Notable Settings Migrating from an older Baseline If You Were Using An Older Profile Released Before May 2023 If You Are Using A Profile Released After May 2023 Test Before Applying! What’s Gone? Useful Links What you will see in the Security Baselines now When you go into the Baseline, you will see ..read more

Creating BIOS Configs and ingesting it during the imaging process is a tad bit old school when you think about moving to newer technologies that can do the same. Microsoft Intune recently introduced the BIOS Config Profile as a template in Intune. At this stage, DELL devices can be set up with this. At the time of writing, only Dell is available as the Hardware option to select and config the profile. So lets jump in. This is a 3 step process Creating your Config file using the Dell Client Configuration Toolkit (CCTK) Creating the Config Profile in Intune and import the CCTK file Per-d ..read more

With the latest developments in Entra ID Protection space, Conditional Access Policies got a bit of a facelift with the Authentication Flow control feature. Still, in Preview, Device Code Flow and Authentication Transfer are the features introduced with the Authentication Flows. I want to cover the Authentication Transfer process in a different article so this will be all about the Device Code Flow. This article is mainly about going through the Device Code flow controlling and simplifying the technicality behind them. Let’s jump in. Why Use Device Code Flow Device Code Flow was introduced so ..read more

“We never know what that GPO really does”, and “The person who created this GPO is not in the business anymore”. Sounds familiar? Most of the businesses that have a Microsoft ecosystem and who have been using AD/ GPO for a long time always have stories to tell about the Group Policies. This blog is not about creating another group policy, but some guidance on how to start planning to move to Intune Configuration profiles. This is one of the golden tools in Intune that can be used with the current Intune Licensing (yes, no need for the Intune Plan 2 or Inutne Suite), and can get the benefit tod ..read more

I have always been a huge advocate of Entra ID Governance and its usage. It is paramount to make sure the Identity Governance health is in a good position while applying the best practices because Identity is an attack vector, period. Once a bad actor gets hold of the identity, accessing confidential data, Azure resources, and stealing data is imminent. Privileged Identity Management is one of the key pillars in Microsoft Entra ID Governance structure and the goal of the PIM for Groups is to provide Just In Time Access. If you have the required license already or planning to add the feature se ..read more