Restricted Management Administrative Units in Microsoft Entra ID to Protect Sensitive Accounts

1 November 2025 · Microsoft Entra

Restricted Management Administrative Units (RMAUs) in Microsoft Entra ID provide a secure way to isolate and protect sensitive users, devices, and security groups.When you enable restricted management, even tenant-wide roles like Global Administrator lose access unless explicitly assigned within that Administrative Unit (AU).This feature prevents accidental or malicious changes to high-value accounts. Never miss an […]

How to Test Microsoft Entra Conditional Access Policies Safely with the What If Tool

22 October 2025 · Microsoft Entra

Conditional Access (CA) policies are one of the strongest defences in Microsoft Entra ID , but they can also be dangerous when misconfigured. A single mistake can lock out every user, including your global administrators. That’s why the What-If Tool exists. It allows you to test Conditional Access policies safely before enforcing them, helping you […]

How to Set Up Your Microsoft Entra Tenant the Right Way

8 October 2025 · Microsoft Entra

Microsoft Entra ID (formerly Azure Active Directory) is the foundation of identity, access, and security in every Microsoft 365 environment. A poorly configured tenant can cause login issues, inconsistent branding, and security gaps that take days to fix. Getting your Microsoft Entra tenant right from day one means fewer surprises down the line. This guide […]

Break Glass Accounts in Microsoft 365 How to Stay in Control

4 July 2025 · Microsoft Entra

Break glass accounts exist for moments like this “My entire Microsoft 365 organisation is down. I can’t even log in as the admin.” This was the cry for help from a sysadmin whose tenant became completely inaccessible due to a misconfigured MFA policy. Microsoft Teams? Down. SharePoint? Inaccessible. Admin centre? Locked out. Even the global […]

Endpoint Security configure it with Intune

27 September 2025 · Intune

Security you already own, applied properly. This article explains what each Intune Endpoint security blade does and what Endpoint Security settings you can configure with Intune, which licence unlocks it, and where it pays off. Turn windows security you already own into a consistent, centrally enforced baseline. Switch on the Defender for Endpoint connector, and […]

Entra ID phishing-resistant MFA staged rollout with Authentication Strengths

23 September 2025 · Microsoft Entra

Phishing keeps bypassing legacy MFA. Reverse-proxy kits intercept one-time codes and session cookies, allowing attackers to sidestep prompts entirely. Microsoft Entra ID’s phishing-resistant MFA blocks this by binding sign-in to a device-backed key, such as passkeys, FIDO2 security keys, or Windows Hello for Business and requiring real user presence. You can pilot it in Report-only […]

Temporary Access Pass Setup & Custom Banned Passwords In Entra

20 September 2025 · Microsoft Entra

Temporary Access Pass and custom banned passwords in Microsoft Entra ID Temporary Access Pass (TAP) and custom banned passwords strengthen sign-in security in Microsoft Entra ID. Used together with Self-Service Password Reset (SSPR) and the My Staff portal, they reduce helpdesk load while enforcing strong password rules. This guide explains what they do, how to […]