Category: Microsoft Entra

Microsoft’s Zero Trust Assessment gives you a structured way to understand how closely your Microsoft 365 tenant aligns with modern security expectations. It reviews core identity, device, access and logging configurations, then produces a clear report with practical guidance. Never miss an article and subscribe, and don’t forget to subscribe to my YouTube channel, Control Alt […]

If attackers can’t phish a password, they’ll just ask for permission instead. That is exactly how consent phishing works: a user is tricked into approving an app that looks genuine, granting it silent access to mailboxes, OneDrive, or Teams data. Microsoft Entra ID now gives administrators more control to stop this.By restricting who can grant […]

Restricted Management Administrative Units (RMAUs) in Microsoft Entra ID provide a secure way to isolate and protect sensitive users, devices, and security groups.When you enable restricted management, even tenant-wide roles like Global Administrator lose access unless explicitly assigned within that Administrative Unit (AU).This feature prevents accidental or malicious changes to high-value accounts. Never miss an […]

Conditional Access (CA) policies are one of the strongest defences in Microsoft Entra ID , but they can also be dangerous when misconfigured. A single mistake can lock out every user, including your global administrators. That’s why the What-If Tool exists. It allows you to test Conditional Access policies safely before enforcing them, helping you […]

Microsoft Entra Administrative Units are one of the most underrated tools in Entra ID. Many large tenants start with a handful of global admins managing everything, which works at first, but quickly becomes risky as the organisation grows. Suddenly, one global admin is approving resets for departments they’ve never heard of, and every minor change […]

Microsoft Entra ID (formerly Azure Active Directory) is the foundation of identity, access, and security in every Microsoft 365 environment. A poorly configured tenant can cause login issues, inconsistent branding, and security gaps that take days to fix. Getting your Microsoft Entra tenant right from day one means fewer surprises down the line. This guide […]

Phishing keeps bypassing legacy MFA. Reverse-proxy kits intercept one-time codes and session cookies, allowing attackers to sidestep prompts entirely. Microsoft Entra ID’s phishing-resistant MFA blocks this by binding sign-in to a device-backed key, such as passkeys, FIDO2 security keys, or Windows Hello for Business and requiring real user presence. You can pilot it in Report-only […]

Temporary Access Pass and custom banned passwords in Microsoft Entra ID Temporary Access Pass (TAP) and custom banned passwords strengthen sign-in security in Microsoft Entra ID. Used together with Self-Service Password Reset (SSPR) and the My Staff portal, they reduce helpdesk load while enforcing strong password rules. This guide explains what they do, how to […]

Automate onboarding and offboarding with Microsoft Entra Lifecycle Workflows Microsoft Entra Lifecycle Workflows lets you automate user onboarding, role changes and offboarding so access is provisioned and removed on time, every time. This guide covers prerequisites, setup for onboarding and offboarding, and the checks to keep runs reliable. Never miss an article and subscribe , […]

Break glass accounts exist for moments like this “My entire Microsoft 365 organisation is down. I can’t even log in as the admin.” This was the cry for help from a sysadmin whose tenant became completely inaccessible due to a misconfigured MFA policy. Microsoft Teams? Down. SharePoint? Inaccessible. Admin centre? Locked out. Even the global […]