Replied in thread
Recent searches
Search options
#entraid
2 posts2 participants1 post today
Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
Microsoft Entra ID kommt mit gefährlichen Defaults. Wir zeigen, wo man unbedingt nachbessern muss. Und bis Mittwoch gibts das Webinar noch 20 Prozent reduziert.
heise online · Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
More from 
ju
It’s great to see @merill has launched his #podcast! It’s been fun listening to!
If you work in #entraid , or just like hearing about #iam - give it a listen.
https://podcasts.apple.com/gb/podcast/entra-chat/id1801200012
Apple PodcastsEntra.ChatTechnology Podcast · Updated weekly · Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been…
Blogged: ASP.NET Core delegated Microsoft OBO access token management (Entra only)
Software Engineering · ASP.NET Core delegated Microsoft OBO access token management (Entra only)This blog shows how to implement a delegated Microsoft On-Behalf-Of flow in ASP.NET Core, and has a focus on access token management. The solution uses Microsoft.Identity.Web to implement the diffe…
#securescore on #ms365 is a bit pants - it’s a great way to get a rough idea on your posture - but lacks context and takes FOREVER to update.
Want to know where you stand - give #Maester a go.
maester.devMaester | MaesterYour Microsoft Security test automation framework!
iX-Workshop: Effektive zentrale Authentifizierung mit Entra ID
Erfahren Sie, wie Sie Entra ID als Cloud-basierten Authentifizierungsdienst einsetzen und hybride Identitäten sicher verwalten.
heise online · iX-Workshop: Effektive zentrale Authentifizierung mit Entra ID
𝐒𝐌𝐀𝐑𝐓 𝐋𝐎𝐂𝐊𝐎𝐔𝐓𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃
Smart Lockouts in Microsoft Entra ID help protect Microsoft Entra ID accounts from password attacks. And smart lockouts are also called smart lockouts because they are smart in the meaning of that they should not negatively impact regular users.
Do you want to learn more about Smart Lockouts in Microsoft Entra ID? Watch my YouTube video bellow 
https://youtu.be/7V7BJcqb5CM
𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐄𝐍𝐓𝐄𝐑𝐏𝐑𝐈𝐒𝐄 𝐀𝐏𝐏𝐒 𝐀𝐍𝐃 𝐀𝐏𝐏 𝐑𝐄𝐆𝐈𝐒𝐓𝐑𝐀𝐓𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃
In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators don’t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.
Watch my YouTube video bellow
https://youtu.be/4ljbruQOOiI
Practical Graph: Nag Users to Upgrade to a Strong Authentication Method
Convincing people to use MFA is one challenge. Convincing them to use a stronger authentication method than SMS is another. This article explains how to use PowerShell to find people still using SMS for MFA and send email to ask them to upgrade their authentication method.
https://practical365.com/upgrade-stronger-authentication-method-mfa/
#Microsoft365 #EntraID
Practical 365 · Practical Graph: Nag Users to Upgrade to a Strong Authentication MethodConvincing people to use MFA is one challenge. Convincing them to use a stronger authentication method than SMS is another. This article explains how to use PowerShell to find people still using SMS for MFA and send email to ask them to upgrade their authentication method.
𝐏𝐚𝐬𝐬𝐤𝐞𝐲𝐬 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐨𝐫 𝐚𝐫𝐞 𝐧𝐨𝐰 𝐠𝐞𝐧𝐞𝐫𝐚𝐥𝐥𝐲 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞!
What does it mean? Users can now enroll passkeys in Microsoft Authenticator for their Microsoft Entra ID accounts in the default authentication methods setting. No need for key restrictions anymore!
iX-Workshop: Angriffe auf Entra ID abwehren
Lernen Sie, wie Sie Entra ID einschließlich Azure-Diensten härten und effektiv vor Angriffen schützen.
heise online · iX-Workshop: Angriffe auf Entra ID abwehren
𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐌𝐅𝐀 𝐀𝐍𝐃 𝐏𝐇𝐈𝐒𝐇𝐈𝐍𝐆-𝐑𝐄𝐒𝐈𝐒𝐓𝐀𝐍𝐓 𝐌𝐅𝐀
Phishing is a very popular technique of attackers. They trick the user into entering their credentials on some fraudulent site pretending to be a corporate login page, for example to log into Microsoft Entra ID. The user enters their login credentials there and sends them to the attacker.
Watch my YouTube video where I show the difference between MFA and phishing-resistant MFA
https://youtu.be/NGx6tRKtEFI
Security-Webinar mit Frühbucherrabatt: Microsoft Entra ID – Dangerous Defaults
Microsofts Cloud-Angebote in Betrieb zu nehmen ist einfach – sie sicher zu betreiben, nicht. Wir erklären, wo und warum man unbedingt Hand anlegen muss.
heise online · Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
More from ju
If you have access to manage #EntraID in your org, make sure the User Settings > #LinkedIn option is disabled. Else you’re giving away your company’s data and making an enemy of your Privacy team. This is ridiculous #Microsoft, you should be ashamed.
Veeam erweitert Partnerschaft mit Microsoft, um neue KI-gestützte Lösungen für verbesserte Datenausfallsicherheit zu entwickeln
#Backup #DataProtection #Datenresilienz #EntraID #künstlicheIntelligenz #Microsoft #MicrosoftAI @Veeam @Veeam_de
𝐇𝐎𝐖 𝐓𝐎 𝐔𝐒𝐄 𝐓𝐄𝐌𝐏𝐎𝐑𝐀𝐑𝐘 𝐀𝐂𝐂𝐄𝐒𝐒 𝐏𝐀𝐒𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃
When an organization uses passwordless authentication, they need to figure out how to onboard users. In other words, you need to solve the chicken/egg problem. If a user has not registered any passwordless authentication method, how can they authenticate to register a passwordless authentication method?
Temporary Access Pass (TAP) solves this problem.
Watch my YouTube video bellow on how to use Temporary Access Pass in Microsoft Entra ID
https://youtu.be/AqqvMqNcXRU
iX-Workshop: Effektive zentrale Authentifizierung mit Entra ID
Erfahren Sie, wie Sie Entra ID als Cloud-basierten Authentifizierungsdienst einsetzen und hybride Identitäten sicher verwalten.
heise online · iX-Workshop: Effektive zentrale Authentifizierung mit Entra ID
Blogged: Use client assertions in OpenID Connect and ASP.NET Core
https://damienbod.com/2025/02/24/use-client-assertions-in-openid-connect-and-asp-net-core/
Software Engineering · Use client assertions in OpenID Connect and ASP.NET CoreClient assertions is a method of client authentication which can be used in OpenID Connect. This provides an alternative to client secrets. This approach enhances security by using signed tokens (J…
𝐇𝐎𝐖 𝐓𝐎 𝐌𝐀𝐍𝐀𝐆𝐄 𝐁𝐑𝐄𝐀𝐊-𝐆𝐋𝐀𝐒𝐒 𝐀𝐂𝐂𝐎𝐔𝐍𝐓𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃
When you start tightening the requirements for access to your corporate cloud, it can be easy to accidentally lock yourself out and cut yourself off from access to the admin interface.
Alternatively, some part of Microsoft Entra ID may fail. For example, there have been a couple of times in the past where multi-factor authentication in Microsoft Entra ID has had a failure and you couldn’t authenticate.
That is why you need break-glass accounts.
Watch my YouTube video bellow on how to manage break-glass accounts
https://youtu.be/Q2vicBapspg
