The Microsoft Entra Conditional Access for authentication flows regulates the use of the device code flow and authentication transfer. The device code flow is used to authenticate devices that do not have a browser or whose input is restricted, such as smart TVs, IoT devices, or printers. The device code flow represents a high-risk authentication flow, which could be exploited in phishing attacks or to gain access to corporate resources on unmanaged devices. The authentication transfer is a new flow that provides a seamless way to transfer the authenticated state from one device to another. In ..read more

A Temporary Access Pass (TAP) is a time-limited passcode that can be configured for single or multiple use. The Temporary Access Pass (TAP) allows the user to securely sign in to the Microsoft Cloud within a defined time period to set up additional authentication methods. These secure authentication methods include passwordless methods such as FIDO2 security keys or the Microsoft Authenticator App. The limited time period for access authorisations makes the Temporary Access Pass (TAP) an indispensable tool for security guidelines and compliance requirements. This blog post explains how to acti ..read more

Privileged roles and permissions in Microsoft Entra ID allow you to manage all aspects of Microsoft Azure and Microsoft 365. To make phishing and other attacks more difficult, a secure password for privileged Microsoft Entra roles is no longer enough. Phishing-resistant multi-factor-authentication, such as FIDO2 protocol on a security key in combination with Microsoft Entra Privileged Identity Management (PIM), significantly increases security for the Microsoft Tenant and convenience for the user. This blog post demonstrates how to configure Microsoft Entra Privileged Identity Management (PIM ..read more

Microsoft Entra Internet Access is a cloud-delivered solution that secures access to web content. It protects users, devices, and data from internet threats. This solution is part of Microsoft’s Security Service Edge (SSE), which also includes Microsoft Entra Private Access. This solution is based on the core principles of Zero Trust Network Access (ZTNA), which aims to apply the principle of minimal rights, explicit verification and assumption of an attack. Microsoft Entra Internet Access implements adaptive access controls, simplifies network security, and enables a consistent user experienc ..read more

A Microsoft Entra Emergency Account (Break Glass Account) is a highly privileged account for emergency access to Azure resources in critical situations when traditional access paths are not available. For example, this may be a service outage, so that multi-factor authentication cannot be performed via a mobile phone. The use of emergency accounts is strictly controlled, monitored and restricted. In this post, you will learn how you can use Microsoft Entra emergency accounts and YubiKey (FIDO2) to secure access to Azure at all times and minimise risks at the same time. Prerequisites and Licens ..read more

Microsoft Entra Private Access gives users secure access to the internal network and cloud-based services from anywhere in the world. Setting up and maintaining (complex) VPN connections is now a thing of the past. Microsoft Entra Private Access is part of Microsoft Global Secure Access, which includes a range of identity and network access security products. The service is based on the SASE framework (Secure Access Service Edge), which combines WAN functions and zero-trust network access (ZTNA) in a cloud-based platform. This blog post highlights the configuration steps for Microsoft Entra Pr ..read more

An essential aspect of using cloud services is ensuring availability and performance. Outages or performance problems have a significant impact on today’s business processes and lost revenue, image damage and angry customers. Azure Service Health is a free service from Microsoft Azure. The service provides real-time information in a dashboard about the status and performance of Azure services. The service continuously monitors resources and proactively informs about service problems. Azure Service Health provides information in the following categories: Service issues Notifications about unex ..read more

SMB over QUIC is a network protocol used by Windows. It allows secure, shared use of resources such as files on the network. To use SMB (Server Message Block) without QUIC, TCP port 445 is required. Some Internet providers block TCP port 445 for security reasons. Therefore, it is not possible to connect to a file share on Azure by SMB successfully. To bypass the blocking of TCP port 445, there are several options to choose from, including the following: VPN (Virtual Private Network), e.g. AlwaysOnVPN Third party software, e.g. MyWorkDrive SMB over QUIC (Quick UDP Internet Connection) Some wa ..read more

Microsoft Azure Arc is a solution that enables resources to be centrally managed and monitored across multiple environments. Azure Arc extends the management capabilities of Azure to on-premises resources or other cloud providers such as Amazon Web Services (AWS) or Google Cloud Platform (GCP). Resources integrated into Azure Arc are administered via the unified Azure Portal. Regardless of where they are physically or geographically located. Overall, Azure Arc provides consistent, centralized and simplified management of resources. This guide describes how to deploy a Windows Server hosted out ..read more

First Contact Safety Tip is a feature in Microsoft Office 365 to better protect users from phishing attacks. First Contact Safety Tip is part of Microsoft Defender for Office 365 or Exchange Online Protection and helps users detect fake or fraudulent mails. If a suspicious email is received, the email will have a warning in the header informing the user that it may be phishing email. The warning is shown in one of the following cases: – the sender sends an email to the mailbox for the first time – the sender very rarely sends an email to this mailbox Prerequisites and Licensing The Exchange On ..read more