How to use Azure Active Directory conditional access policies to enforce multi-factor authentication requirements when users login from unmanaged devices.
How to create and manage Office 365 Mobile Device Management policies and organization-wide settings.
There’s a lot of debate around the need to separate Microsoft 365 administrator accounts, especially when controls such as Privileged Identity Management exist within an organization. However, even with PIM there are remaining security concerns which necessitate the operation of separate accounts. This article explains the importance of using separate accounts; details how to target different Conditional Access policies for admin and user accounts and highlights how this approach increases your security posture and limits potential attack vectors against administrator accounts.
In this blog, we explore why break-glass accounts are your lifeline when identity systems fail. Microsoft’s updated guidance calls for two cloud-only Entra ID accounts with phishing-resistant MFA and restricted AD Administrator accounts limited to domain controllers. Excluding them from Conditional Access, storing credentials offline, and testing regularly ensures your emergency access is a lifeline — not a liability.
Microsoft's Alex Simons came to the TEC 2025 conference to talk about the future of Entra ID, a lot of which hangs on the use of AI in components like the Entra agents that are now in preview. The idea of using agents to relieve hard-pressed human administrators is great, but only if those agents do more than a skilled human administrator can do, and that's not the case so far.
Microsoft is rolling out Phase 2 of Azure services MFA enforcement starting October 1, 2025. This update requires MFA for all Azure Resource Manager operations. In this article, we dive into what you need to do to comply with the new enforcement requirements.
In this installment of Practical Protection, we look at Microsoft’s new OneDrive feature that prompts users to sync personal accounts on managed devices. While intended to reduce shadow IT, it risks exposing corporate data. With no option for admins to opt-out, we provide some advice on what you should do to prepare.
Convincing people to use MFA is one challenge. Convincing them to use a stronger authentication method than SMS is another. This article explains how to use PowerShell to find people still using SMS for MFA and send email to ask them to upgrade their authentication method.