Category: Azure AD

Do’s and don’t concerning security for Identity part 1

In simplified terms there is two different ways to build a cloud service. Cloud-based or Cloud native Hybrid There is also different possibilities to federate Identities between Cloud service providers but also with Federation services through on-premises environment. Azure AD…

Continue Reading Do’s and don’t concerning security for Identity part 1

What’s new with Secure score in Microsoft Defender portal (and some other tips)

What is Secure score? Microsoft releases suggestions on security settings that should be turned on to enhance your security posture against external and internal threats. You’re given points for the following actions: Configuring recommended security features Doing security-related tasks Addressing…

Continue Reading What’s new with Secure score in Microsoft Defender portal (and some other tips)

How to use Azure Key Vault with managed identities and generating keys with auto-rotation

Data-planes First you have to understand the different URLs that you can use for different types of resources Resource type Key protection methods Data-plane endpoint base URL Vaults Software-protected and HSM-protected (with Premium SKU) https://{vault-name}.vault.azure.net Managed HSMs HSM-protected https://{hsm-name}.managedhsm.azure.net When…

Continue Reading How to use Azure Key Vault with managed identities and generating keys with auto-rotation

Microsoft managed Authentication Methods Policy (Preview)

What Microsoft Managed is? With Microsoft Managed Settings, admins can trust Microsoft to enable a security feature they have not explicitly disabled. If the feature status is set to Microsoft-managed, it will be enabled by Microsoft at an appropriate time…

Continue Reading Microsoft managed Authentication Methods Policy (Preview)

Automatic assignment policy in Entitlement management

If you are not familiar with Entitlement management, read this first. Microsoft keeps evolving Azure AD Entitlement management solution, here is a feature added previously. And there is again a new feature added, let us see what it is. Automatic…

Continue Reading Automatic assignment policy in Entitlement management

Section 5 – Design security for infrastructure – Design a strategy for securing server and client endpoints

Wednesday is here and time for the next post to my SC-100 exam cram. NOTE: includes hybrid and multi-cloud Specify security baselines for server and client endpoints Specify security requirements for servers, including multiple platforms and operating systems Specify security…

Continue Reading Section 5 – Design security for infrastructure – Design a strategy for securing server and client endpoints

Section 3 – Design a Zero Trust strategy and architecture – Design an identity security strategy

And onward to the next section in my SC-100 study guide: Note: includes hybrid and multi-cloud scenarios! Design a strategy for access to cloud resources Recommend an identity store (tenants, B2B, B2C, hybrid) Recommend an authentication strategy Recommend an authorization…

Continue Reading Section 3 – Design a Zero Trust strategy and architecture – Design an identity security strategy

Microsoft Entra Verified ID went GA!

Back in 2018 Microsoft joined ID2020 alliance and started collaborating with Accenture and Avanade on a blockchain-based identity prototype for Azure. The intention was to give people means to identify them selves easily. And finally Yesterday Microsoft released the final product!…

Continue Reading Microsoft Entra Verified ID went GA!

Microsoft Entra Permissions Management

Entra has combined three existing solutions under entra.microsoft.com: Azure Active Directory (Azure AD)  Multicloud identity and access management solution with integrated security.  Microsoft Entra Permissions Management​  One unified model to manage permissions ​of any identity across any cloud.  Microsoft Entra Verified ID​ …

Continue Reading Microsoft Entra Permissions Management