Microsoft has long been asked to support guest account expiration, just like the functionality available for on-premises Active Directory accounts. Engineering priorities have not allowed the developers to work on the feature, but it's possible to do the job with PowerShell as we explain here.
It's good to put a face on Azure AD Guest Accounts by updating the accounts with thumbnail photos. This article explains how to approach the process of gathering suitable photos and uploading them to Azure AD. We also discuss how to speed up the process by finding guest accounts that are missing photos so that the script can focus on those accounts.
Implementing zero trust in the world is a big hassle, often uncomfortable, and frequently dorky—plus, it can be expensive. At the same time, moving closer to a zero trust model helps harden your network significantly, and you may already have many of the tools and techniques you need available without much extra cost. In this article, we discuss how to take baby steps toward Zero Trust.
Microsoft actively develops Azure AD external identities and doesn't do much with mail contacts. Maybe it's a good idea to migrate mail contacts to Azure AD guest accounts. This article explores what's involved in moving mail contacts over to Azure AD guest accounts using PowerShell.
A writeup about the MERCURY attack by the Microsoft Threat Intelligence team reveals how a nation state actor linked to the Iranian government compromised an Azure AD tenant by using the AADConnect tool. In this article, we discuss how the attack developed and what you can do to prevent the same attack techniques being used against your tenant.
In this edition of Practical Protection with Paul Robichaux, we dive into understanding what multi-tenant applications are, what they can do, and how to manage them in order to keep your tenant and users safe.
Microsoft 365 tenant administrators might want to know when user accounts receive a specific license. Unhappily, Azure AD license assignment dates can mislead, so some interpretation and personal knowledge might be needed to find out just when a user was licensed.
As organizations move to the cloud, on-premises environments (and their security) are put in the background as the focus shifts to the cloud. Nevertheless, most organizations I know are in a hybrid scenario where the on-premises environment holds the master data and synchronizes everything into Azure Active Directory. This blog explores how an on-premises environment is connected to the cloud and how an attacker might move from on-premises to the cloud laterally.
Azure AD system-preferred authentication means that users must use their strongest authentication method when they sign-into Azure AD. The change emphasizes the desirability of strong authentication methods over weak. Now in preview, Microsoft plans to make the policy effective for everyone in July 2023.
Hybrid work is really a mixed blessing—while it offers a lot of fantastic benefits for people who are able to take advantage of it, it can introduce some new and unpleasant security issues that you need to be prepared to deal with. This article dives into these new risks and how you can avoid them.
Microsoft 365 security is a big topic. Focus is important when it comes to getting things done. In this article, we suggest five areas that administrators could work on during 2023 to improve the security posture of their tenant. You might already have established full control over some of these areas. Even if you have, it's still good to consider if you can improve security.
Dynamic Azure AD administrative units are like dynamic Azure AD groups in that they have a membership rule to calculate their membership. Azure AD uses the rule to find members regularly, so the administrative unit never goes out of date. That is, assuming the properties of Azure AD user accounts are maintained and up to date.
