Azure Active Directory

Latest Articles

Achieving Passwordless Authentication in Azure AD

In the second iteration of a two-part series about FIDO2 and passwordless authentication, we walk you through how to facilitate your passwordless deployment for Azure AD identities. Once passwordless authentication is achieved, users can authenticate up to 3x faster and helpdesks should receive fewer requests for password resets, saving your organization time and money.

May 11, 2021

Inventorying Permissions Assigned to Azure AD Apps

Many apps are created in the Azure AD for a tenant. Those apps have permissions to allow them to access data, and consent for those permissions are granted by administrators and users. How often do you check what apps are known in your Azure AD and what permissions those apps have? In this article, we review how to use the Graph API and PowerShell to create a report inventorying apps and permissions. What you do with that data is up to you!

April 26, 2021

Why Microsoft 365 Audit Logs Lack Proper Fit and Finish

The audit events generated for license assignments to user accounts available in the Azure AD audit log and Office 365 audit log are inconsistent and incomplete. This is certainly true for licenses assigned to accounts through auto-claim policies and group-based licensing, but known gaps exist in the audit records generated in other areas of Office 365 and Microsoft 365 functionality. We think Microsoft needs to pay attention to ensure that auditing works consistently and predictably across all workloads. Once they improve the fit and finish of audit record generation, they can move into other areas, like charging for access to high-value audit events.

April 14, 2021

The Practical 365 Update: S2, Ep 14 – Azure AD, Viva Connections, Teams News and special guest Brian Desmond

On the show this week, we're talking about the Azure AD outage, new Exchange patches (yes, again!) and tools, how to get ready for Viva Connections, talking UserVoice and the biggest Roadmap and Message center news. And - Brian Desmond joins us to talk in a more positive way about the Azure AD Premium (and free) features you absolutely need to switch on.

March 19, 2021

How to Define Custom Sensitive Information Types for Use in DLP Policies

Data Loss Prevention (DLP) is a feature of Office 365 E3 and E5 plans. Most DLP policies focus on matching sensitive information types created by Microsoft, like credit card numbers, but it is relatively easy to create a custom sensitive information type for use in DLP policies to detect information specific to your organization. In this example, we create a sensitive information type for Azure AD passwords and explore its use in Teams DLP policies.

March 15, 2021

How to Decide Between Azure AD Connect and Azure AD Connect Cloud Sync

Microsoft recently announced that Azure AD Connect cloud sync had reached GA (general availability), adding another option for directory synchronization with Microsoft 365. This article provides a background on directory synchronization and why it is fundamental for your journey to the cloud. Then we will discuss the solutions and give you the information you need to pick the right solution. Let’s begin with some basics.

March 11, 2021

Microsoft Wants to Talk About Group Sprawl (Finally)

Nearly seven years after the introduction of Office 365 Groups, Microsoft has finally admitted that tenants might just have a problem with "group sprawl." In other words, tenants have too many underused or unused groups because the groups have been created without oversight and not managed thereafter. Microsoft wants to discuss the problem with tenant administrators. Practical365.com thinks this is a great idea and strongly supports the initiative to get a handle on group sprawl once and for all.

February 17, 2021