Check out this article via web browser: No, your NHIs can’t use passwords either! For human identities, going passwordless is becoming pretty standard these days. It looks like passkeys are getting some good traction, and more and more organisations are moving towards passwordless solutions for their workforce. But with the rise of NHI (non-human identities), it’s time to fight the battle of passwords in this corner of the field.… Read More »No, your NHIs can’t use passwords either...| JanBakker.tech
For both modes, users who have previously registered a method that can be used for Microsoft Entra multifactor authentication need to perform multifactor authentication before they can access their security info. Users must confirm their information before continuing to use their previously registered methods. Desktop vs. Mobile app If you want to roll out passkeys… Read More »You shall not pass(key)! (updated)| JanBakker.tech
This blog post needs a brief introduction. Bear with me. Five years ago, I spent a significant amount of time creating a blog post about the Combined Registration Wizard in Entra ID. It took many hours to capture the screenshots, as every change in the settings took 20 minutes to take effect. However, I’m glad… Read More »Security Info Registration. Entra ID’s rabbit hole.| JanBakker.tech
Microsoft Entra ID Governance Entitlement Management supports various static and dynamic approvers for access packages, such as users, groups, managers, and second-level managers. The approver configurations are all stored in the assignment policy of the Access Package, and already provide great flexibility. But what if you require even more flexibility and need to connect with… Read More »Dynamic approval in Entra ID access packages using custom extensions| JanBakker.tech
Check out this article via web browser: Managing PIM-enabled groups with Entra ID Governance Access Packages just got better! Just a quick heads-up for those working a lot with Entra ID Governance: Access Packages now supports eligible membership and ownership of PIM-enabled groups. This might sound a bit confusing, as many moving parts and features are involved. Let me explain the new improvement. PIM for Groups is excellent for just-in-time ownership or membership for… Read More »Manag...| JanBakker.tech
Check out this article via web browser: Poor man’s IGA: Monitor and clean up stale guest accounts Today’s challenge Today, we are dealing with inactive or stale guest users in a tenant. Entra ID Governance has several ways to solve this, but if you had those licenses, you wouldn’t be here. For today’s challenge, I built two Dynamic Groups and two Logic Apps. Process 1 The first process involves a Dynamic Group… Read More »Poor man’s IGA: Monitor and clean up stale guest account...| JanBakker.tech
This is a knowledge base item. Hope it will help you someday. Issue When you register a new passkey to Entra ID or Microsoft 365, an error is thrown: We detected that this particular key type has been blocked by your organization. Contact your administrator for more details and try registering a different type of… Read More »KB – We detected that this particular key type has been blocked by your organization| JanBakker.tech
Check out this article via web browser: Poor man’s IGA: Generate Temporary Access Pass for joiners Today’s challenge Today, we look at a joiner scenario, where you want to trigger a time-based workflow to send a Temporary Access Pass 7 days before the employee’s start date. This is a built-in capability from Entra ID Lifecycle Workflow, and you have a lot of options to configure: In this blogpost, I will try… Read More »Poor man’s IGA: Generate Temporary Access Pass for joiners T...| JanBakker.tech
Today’s challenge Today, we look at Microsoft Entra ID Lifecycle Workflows. Microsoft has recently introduced a new task that revokes a user’s refresh token. Consider scenarios where the account is disabled and you also want to revoke all tokens, so the resources can no longer be accessed, or in cases where you need to terminate… Read More »Poor man’s IGA: Revoke all refresh tokens for user| JanBakker.tech
Disclaimer: The main structure of this blog post is created by Claude 3.7 Sonnet. Together with Lokka, I figured out all the supported operators by testing all examples against my demo tenant. Here’s a snippet from my adventures: With that out of the way, on with the show! Introduction Microsoft Entra ID’s dynamic groups provide… Read More »Unlocking the Power of employeeHireDate in Entra ID Dynamic Groups| JanBakker.tech
