Skip to content

Category: Active Directory

I am a Global Admin but don’t have access to Azure Subscriptions.

I am a Global Admin but don’t have access to Azure Subscriptions. One of the questions I get frequently is “If you are a Global Administrator, can you grant yourself access to the Azure Subscriptions?” The answer is YES you can and straight forward as well. To get started, navigate to Azure Active Directory and…

Leave a Comment

Conditional Access Policy Templates

Conditional Access Policy Templates In this post, we will look at Conditional Access Policy Templates a feature which is currently still in Public Preview. These templates are designed to provide a more convenient method of deploying new policies based on Microsoft’s recommendations. If you are new to Conditional access policies or simply just want to…

Leave a Comment

Conditional Access policy for Guest and External Accounts

Conditional Access policy for Guest and External Accounts In post, I will go through the steps of setting up a Conditional Access Policy which will enforce MFA for Guest and External Accounts. This will add another layer of protection if guest account credentials were compromised. To get started we need to sign into the Azure…

Leave a Comment

Securing Azure Active Directory from PowerShell abuse

Securing Azure Active Directory from PowerShell abuse Malware attacks are evolving and once common tactics are becoming a thing of the past. Attack strategies, like using a third-party hacking program or injecting viruses from external sources, are almost obsolete as they leave a distinct footprint. Most antimalware tools can now detect the presence of a…

Leave a Comment

Copy Active Directory Group Members Script

Copy Active Directory Group Membership Script The following Script Copies members from one Active Directory Group to another Active Directory Group. To start the Script run: .\CopyGroupMembership.ps1 You will be prompted to enter the Group whose membership you need to copy. The you will be prompted to add the group name where you want to…

Leave a Comment

Let users rest their Passwords in Office 365

Let users rest their Passwords in Office 365 Office 365 and Azure AD allows users to reset their own passwords, this reduces the calls to helpdesk for password resets. Once you enable this setting users will be able to navigate to https://passwordreset.microsoftonline.com/ and reset their own passwords. To get started Launch the Office 365 Admin…

Leave a Comment

Configure Azure AD Connect Pass Through Authentication

Configure Azure AD Connect Pass Through Authentication Azure pass-through authentication allows user to login to cloud and on-premise applications by using the same passwords. Pass-through authentication validated the password against the on-premise active directory. Prerequisite needed: Global Admin account Azure AD Connect 1.1.750.0 or later Windows Server 2012 R2 or later with TLS 1.2 enabled…

Leave a Comment

Enable MFA for All Office 365 Users using Azure Active Directory Identity Protection.

Enable MFA for All Office 365 Users using Azure Active Directory Identity Protection. “Azure Active Directory Identity Protection provides a consolidated view of at risk users, risk events and vulnerabilities, with the ability to remediate risk immediately, and set policies to auto-remediate future events. The service is built on Microsoft’s experience protecting consumer identities and…

Leave a Comment