In this post I’ll take a closer look at how AADJ machines authenticated with an AD Synced identity can seamlessly access on-prem resources. This includes things like SMB file shares or other applications that require AD USER authentication. It’s important to remember if you have services utilizing machine authentication, those devices will need to remain AD joined […]
This is a short holiday week for me, so this post is quick and basic. It’s surprising to me how many tenants I encounter that have no dynamic groups configured. Many IT teams are still manually adding/removing devices or users from assigned groups. For anyone not using dynamic groups, you need to start using them.
Back to Basics – Use Dynamic Groups Wherever Possible Read More »
Microsoft’s new authentication strength options for Conditional Access is awesome, and I encourage you to start using this feature. This post will add some clarification on using Conditional Access for MFA, how to add a FIDO2 security key as an authentication method, and then how to use conditional access to protect certain applications with different levels
More often than not, I see both per-user MFA and Conditional Access MFA enabled in Azure AD tenants. There seems to be a misconception amongst IT admins that by disabling per-user MFA, users will need to re-register their MFA authentication methods. So, admins end up leaving per-user MFA enabled and also creating a Conditional Access
Move from per-user MFA to Conditional Access MFA in Azure AD Read More »
This post describes a recent issue I had with BitLocker drive encryption. It started with Hybrid AAD joined devices showing successfully encrypted, but keys are not uploading to Azure AD, and the encryption settings were not really being deployed. Further investigation revealed a strange BitLocker state on most of the machines. If you find yourself in
Before I begin, you should not use Hybrid Azure AD Join unless the organization truly needs it. This was a unique situation where due to a compliance requirement, MDM needed to be implemented in less than a week. There wasn’t time to move to AADJ in the very short term. Therefore, it was decided to
HAADJ devices stuck with pending registration state Read More »
If you’re using AD connect and you’re planning to eliminate Active Directory, you’ll eventually need to remove AD connect and convert all users to cloud managed identities. Azure AD Connect synchronizes your AD identities with Azure AD, giving the users a cloud identity in addition to their on-prem identity. However, AD remains the source of
How to Convert AD Connect Synchronized Users To Cloud Managed Identities Read More »
As organizations continue to expand their remote workforces, those refusing to adopt modern cloud solutions are neglecting tools that enhance mobility and productivity. They’re also putting corporate data at higher risk of compromise by not taking advantage of modern cloud security solutions. It wasn’t that long ago where nearly all employees were reporting to an
