Category: Microsoft Entra

Let’s be direct about how most organisations handle Conditional Access session controls. You built your policies. You required MFA. You targeted All Resources. You congratulated yourself and moved on. But did you scroll down to the Session section before you saved? If you are not sure, the answer is probably no, and that means your users can […]

Let’s be honest about how you manage Privileged Identity Management (PIM) and PIM for groups? Think back to when you set up an existing admin, What did that workflow look like? Did you go into PIM, search for “the user”, click “Add Assignment”, and select the Exchange Administrator role? Then did you go back, search […]

Microsoft’s Zero Trust Assessment gives you a structured way to understand how closely your Microsoft 365 tenant aligns with modern security expectations. It reviews core identity, device, access and logging configurations, then produces a clear report with practical guidance. Never miss an article and subscribe, and don’t forget to subscribe to my YouTube channel, Control Alt […]

If attackers can’t phish a password, they’ll just ask for permission instead. That is exactly how consent phishing works: a user is tricked into approving an app that looks genuine, granting it silent access to mailboxes, OneDrive, or Teams data. Microsoft Entra ID now gives administrators more control to stop this.By restricting who can grant […]

Restricted Management Administrative Units (RMAUs) in Microsoft Entra ID provide a secure way to isolate and protect sensitive users, devices, and security groups.When you enable restricted management, even tenant-wide roles like Global Administrator lose access unless explicitly assigned within that Administrative Unit (AU).This feature prevents accidental or malicious changes to high-value accounts. Never miss an […]

Conditional Access (CA) policies are one of the strongest defences in Microsoft Entra ID , but they can also be dangerous when misconfigured. A single mistake can lock out every user, including your global administrators. That’s why the What-If Tool exists. It allows you to test Conditional Access policies safely before enforcing them, helping you […]

Microsoft Entra Administrative Units are one of the most underrated tools in Entra ID. Many large tenants start with a handful of global admins managing everything, which works at first, but quickly becomes risky as the organisation grows. Suddenly, one global admin is approving resets for departments they’ve never heard of, and every minor change […]

Microsoft Entra ID (formerly Azure Active Directory) is the foundation of identity, access, and security in every Microsoft 365 environment. A poorly configured tenant can cause login issues, inconsistent branding, and security gaps that take days to fix. Getting your Microsoft Entra tenant right from day one means fewer surprises down the line. This guide […]

Phishing keeps bypassing legacy MFA. Reverse-proxy kits intercept one-time codes and session cookies, allowing attackers to sidestep prompts entirely. Microsoft Entra ID’s phishing-resistant MFA blocks this by binding sign-in to a device-backed key, such as passkeys, FIDO2 security keys, or Windows Hello for Business and requiring real user presence. You can pilot it in Report-only […]

Temporary Access Pass and custom banned passwords in Microsoft Entra ID Temporary Access Pass (TAP) and custom banned passwords strengthen sign-in security in Microsoft Entra ID. Used together with Self-Service Password Reset (SSPR) and the My Staff portal, they reduce helpdesk load while enforcing strong password rules. This guide explains what they do, how to […]