AADOps is a personal study and research project which sets out to demonstrate how “operationalization” of Azure AD in Azure DevOps could look like. In this blog post, I’ve set...
Cloud Managed Service Providers and many other organizations are mostly interested to manage their environment(s) “as code” which enables advanced automation and scaling options. For some time, improvements in programmatic...
FIDO2 Security Keys are a passwordless and strong authentication method to sign-in to Windows devices and can be used for single sign-on (SSO) access to cloud and on-premises resources. This...
Microsoft has announced the GA of FIDO2 support in Azure AD at Ignite Spring 2021. Previously, passwordless authentication in hybrid environments was only possible by implementing Windows Hello for Business...
Over the past 3 months, I spoke at community events and set my focus on research work. Unfortunately, there was no time left for blogging. But I’m planning to share...
Microsoft offers several solutions and services for securing (hybrid) identities and protecting access to workloads such as Azure, Office 365 or other integrated apps in Azure Active Directory. I like...
In the recent weeks, I’ve worked together with Sami Lamppu on the first section of a playbook about common attack and defense scenarios in Azure AD. In this article I...
Recently, Microsoft added new categories for sign-in logs which finally included non-interactive, managed or service principals in Azure AD. In this blog post I will describe the configuration steps to...
Thank you all for congratulations and the kind words in the recent days! On the weekend, I’ve used the opportunity to look back on my (Azure) learning journey and previous...
Azure Privileged Identity Management (PIM) allows to assign eligibility for membership as part of “Privileged Access Groups” (PAG). In this blog post I like to give an overview of current...
In the recent months I‘ve spent time on research of identity security in B2B scenarios (when users are invited to another Azure AD tenant). In this blog post I like...
Originally we had planned to run the 1st edition of the „Cloud Identity Summit“ as local event (in Koblenz, Germany). But as many other community events, we are still facing...
In the recent years many organizations used the Microsoft Enterprise Agreement (EA) portal or APIs for creation and initial setup of their subscriptions. I like to give an overview about...
End-users are able to reset their passwords as part of the Azure AD „self-service password reset“ (SSPR) service. Including an option of password writeback from Azure AD to on-premises AD....
Ich freue mich sehr, ein besonderes Community-Event für den Herbst anzukündigen. Wir, das Orga-Team des “Azure Meetup Bonn”, planen für den 23. Oktober 2020 in meiner Heimatstadt Koblenz eine ganztägige...
Administrative Units (AUs) allow organizations to delegate admin permission to a custom segment of a tenant (such as region, department, business units). In this blog post I like to share...
Every created Azure AD tenant has default configurations by Microsoft. These settings should be reviewed and cross checked with your security requirements, strategy of self-services and governance policies. In these...
Popular phishing attacks are using illicit consent grant to gain access to company or user data. In this article we will cover the detection (with Azure Sentinel, Microsoft Cloud App...
It is recognized that privileged access and management of IT services needs particularly protection and high security policies. There are already some concepts for securing privileged access that has been...
Building and implementing “Zero Trust networks” (ZTN) is essential to archive a new cyber security model in a world of modern IT and cloud transformation. Previous (traditional) perimeter-based network security...
Microsoft strongly recommends to implement emergency access accounts. This article gives an overview and step-by-step guide to configure and monitor this type of accounts
macOS Keychain items from Microsoft products AAD Authenticated Edge Profile and Keychain Microsoft Bing Search and Family Refresh Token Primary Refresh Token (PRT) on macOS? Security considerations on cached tokens...
GitHub Enterprise is more than a platform to manage developer’s code in a repository. It will be also used to automate deployment of cloud resources and manage “infrastructure-as-code” or even...
AADOps is a personal study and research project which sets out to demonstrate how “operationalization” of Azure AD in Azure DevOps could look like. In this blog post, I’ve set...
Cloud Managed Service Providers and many other organizations are mostly interested to manage their environment(s) “as code” which enables advanced automation and scaling options. For some time, improvements in programmatic...
FIDO2 Security Keys are a passwordless and strong authentication method to sign-in to Windows devices and can be used for single sign-on (SSO) access to cloud and on-premises resources. This...
Microsoft has announced the GA of FIDO2 support in Azure AD at Ignite Spring 2021. Previously, passwordless authentication in hybrid environments was only possible by implementing Windows Hello for Business...
Over the past 3 months, I spoke at community events and set my focus on research work. Unfortunately, there was no time left for blogging. But I’m planning to share...
Microsoft offers several solutions and services for securing (hybrid) identities and protecting access to workloads such as Azure, Office 365 or other integrated apps in Azure Active Directory. I like...
In the recent weeks, I’ve worked together with Sami Lamppu on the first section of a playbook about common attack and defense scenarios in Azure AD. In this article I...
Recently, Microsoft added new categories for sign-in logs which finally included non-interactive, managed or service principals in Azure AD. In this blog post I will describe the configuration steps to...
Thank you all for congratulations and the kind words in the recent days! On the weekend, I’ve used the opportunity to look back on my (Azure) learning journey and previous...
Azure Privileged Identity Management (PIM) allows to assign eligibility for membership as part of “Privileged Access Groups” (PAG). In this blog post I like to give an overview of current...
In the recent months I‘ve spent time on research of identity security in B2B scenarios (when users are invited to another Azure AD tenant). In this blog post I like...
In the recent years many organizations used the Microsoft Enterprise Agreement (EA) portal or APIs for creation and initial setup of their subscriptions. I like to give an overview about...
End-users are able to reset their passwords as part of the Azure AD „self-service password reset“ (SSPR) service. Including an option of password writeback from Azure AD to on-premises AD....
Ich freue mich sehr, ein besonderes Community-Event für den Herbst anzukündigen. Wir, das Orga-Team des “Azure Meetup Bonn”, planen für den 23. Oktober 2020 in meiner Heimatstadt Koblenz eine ganztägige...
Administrative Units (AUs) allow organizations to delegate admin permission to a custom segment of a tenant (such as region, department, business units). In this blog post I like to share...
Every created Azure AD tenant has default configurations by Microsoft. These settings should be reviewed and cross checked with your security requirements, strategy of self-services and governance policies. In these...
Popular phishing attacks are using illicit consent grant to gain access to company or user data. In this article we will cover the detection (with Azure Sentinel, Microsoft Cloud App...
It is recognized that privileged access and management of IT services needs particularly protection and high security policies. There are already some concepts for securing privileged access that has been...
Building and implementing “Zero Trust networks” (ZTN) is essential to archive a new cyber security model in a world of modern IT and cloud transformation. Previous (traditional) perimeter-based network security...
Microsoft strongly recommends to implement emergency access accounts. This article gives an overview and step-by-step guide to configure and monitor this type of accounts
macOS Keychain items from Microsoft products AAD Authenticated Edge Profile and Keychain Microsoft Bing Search and Family Refresh Token Primary Refresh Token (PRT) on macOS? Security considerations on cached tokens...
AADOps is a personal study and research project which sets out to demonstrate how “operationalization” of Azure AD in Azure DevOps could look like. In this blog post, I’ve set...
Cloud Managed Service Providers and many other organizations are mostly interested to manage their environment(s) “as code” which enables advanced automation and scaling options. For some time, improvements in programmatic...
FIDO2 Security Keys are a passwordless and strong authentication method to sign-in to Windows devices and can be used for single sign-on (SSO) access to cloud and on-premises resources. This...
Microsoft has announced the GA of FIDO2 support in Azure AD at Ignite Spring 2021. Previously, passwordless authentication in hybrid environments was only possible by implementing Windows Hello for Business...
Over the past 3 months, I spoke at community events and set my focus on research work. Unfortunately, there was no time left for blogging. But I’m planning to share...
Microsoft offers several solutions and services for securing (hybrid) identities and protecting access to workloads such as Azure, Office 365 or other integrated apps in Azure Active Directory. I like...
In the recent weeks, I’ve worked together with Sami Lamppu on the first section of a playbook about common attack and defense scenarios in Azure AD. In this article I...
Recently, Microsoft added new categories for sign-in logs which finally included non-interactive, managed or service principals in Azure AD. In this blog post I will describe the configuration steps to...
Thank you all for congratulations and the kind words in the recent days! On the weekend, I’ve used the opportunity to look back on my (Azure) learning journey and previous...
Azure Privileged Identity Management (PIM) allows to assign eligibility for membership as part of “Privileged Access Groups” (PAG). In this blog post I like to give an overview of current...
In the recent months I‘ve spent time on research of identity security in B2B scenarios (when users are invited to another Azure AD tenant). In this blog post I like...
Originally we had planned to run the 1st edition of the „Cloud Identity Summit“ as local event (in Koblenz, Germany). But as many other community events, we are still facing...
In the recent years many organizations used the Microsoft Enterprise Agreement (EA) portal or APIs for creation and initial setup of their subscriptions. I like to give an overview about...
End-users are able to reset their passwords as part of the Azure AD „self-service password reset“ (SSPR) service. Including an option of password writeback from Azure AD to on-premises AD....
Ich freue mich sehr, ein besonderes Community-Event für den Herbst anzukündigen. Wir, das Orga-Team des “Azure Meetup Bonn”, planen für den 23. Oktober 2020 in meiner Heimatstadt Koblenz eine ganztägige...
Administrative Units (AUs) allow organizations to delegate admin permission to a custom segment of a tenant (such as region, department, business units). In this blog post I like to share...
Every created Azure AD tenant has default configurations by Microsoft. These settings should be reviewed and cross checked with your security requirements, strategy of self-services and governance policies. In these...
Popular phishing attacks are using illicit consent grant to gain access to company or user data. In this article we will cover the detection (with Azure Sentinel, Microsoft Cloud App...
It is recognized that privileged access and management of IT services needs particularly protection and high security policies. There are already some concepts for securing privileged access that has been...
Building and implementing “Zero Trust networks” (ZTN) is essential to archive a new cyber security model in a world of modern IT and cloud transformation. Previous (traditional) perimeter-based network security...
Microsoft strongly recommends to implement emergency access accounts. This article gives an overview and step-by-step guide to configure and monitor this type of accounts
Originally we had planned to run the 1st edition of the „Cloud Identity Summit“ as local event (in Koblenz, Germany). But as many other community events, we are still facing...
GitHub Enterprise is more than a platform to manage developer’s code in a repository. It will be also used to automate deployment of cloud resources and manage “infrastructure-as-code” or even...
macOS Keychain items from Microsoft products AAD Authenticated Edge Profile and Keychain Microsoft Bing Search and Family Refresh Token Primary Refresh Token (PRT) on macOS? Security considerations on cached tokens...
GitHub Enterprise is more than a platform to manage developer’s code in a repository. It will be also used to automate deployment of cloud resources and manage “infrastructure-as-code” or even...
