Today we secure our tenants using conditional access or security defaults, but in the old days many tenants were configured to use Legacy per-user Multi-Factor Authentication (MFA). It is recommended that per-user Microsoft Entra multifactor authentication should not be enabled or enforced when Conditional Access policies are in use. Convert users from per-user MFA to […]| Mindcore Techblog
Dynamic Microsoft 365 Groups come with many advantages, but they also require Entra P1 licenses. This article explores how to create and maintain a DIY version of dynamic Microsoft 365 groups using the Microsoft Graph PowerShell SDK and Azure Automation. At the end of the day, the principle is proven, but maybe it's best to pay for the licenses. The post Practical Graph: Creating Dynamic Microsoft 365 Groups without Entra P1 Licenses appeared first on Practical 365.| Practical 365
Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts| Help Net Security
A banner posted in the Entra admin center informs administrators that Entra ID governance features used by guest accounts incur charges from June 2025. This only affects Microsoft 365 tenants that use ID governance for features like inactive guest access reviews, but unexpected charges might come as a surprise. This article explains a PowerShell script to find chargeable events in audit logs and how to calculate likely charges.| Office 365 for IT Pros
Managing permissions for Managed Identities in Azure/Entra ID has been a long-standing challenge. Microsoft has yet not provided a built-in interface for this, leaving administrators reliant on PowerShell to handle permissions – even if the “same” exists for App Registrations and Enterprise Applications. To bridge this gap, I developed this PowerShell-based tool to the community […] The post Entra ID – Managed Identity Permission Manager appeared first on Mindcore Techblog.| Mindcore Techblog
Recently we ran into a fun experience when adjusting the Cross-Cloud meetings within the Teams Admin Center which caused Entra ID Cross-Tenant Access Settings to be changed. This behavior didn’t seem to be documented anywhere and did cause some head-scratching before we figured out why B2B invitations weren’t automatically being accepted any longer. Update 07-02-2025: […] The post Entra ID Cross-Tenant Access Settings vs. Teams Cross-Cloud meetings – Who wins? appeared first on Mindco...| Mindcore Techblog
Introduction You may think that setting up a language in Microsoft 365 [admin.microsoft.com] portals may be straightforward. However, it may not be as obvious as it seems at first, and there are many factors which can play a role in that. The Basics The interface language of Azure [portal.azure.com] and Microsoft 365 portals may be […] The post Languages confusion in Microsoft 365 portals appeared first on Mindcore Techblog.| Mindcore Techblog
Introduction In case you missed the update about the new announcement Microsoft is tightening security around Azure and Microsoft admin portals, by enforcing multifactor authentication (MFA) for all interactive sign-ins. This change has sparked a lot of questions across social medias, and in this post, I aim to address these questions to the best of […] The post Mandatory MFA enforcements is coming appeared first on Mindcore Techblog.| Mindcore Techblog
Microsoft in recent months has made leaps and bounds to support Multi-Tenant organizations utilizing Cross-tenant Synchronization.| Mindcore Techblog
Linkable token identifiers is a new Entra ID feature that adds a GUID to all the audit events for a session. The new identifiers make it easier to track all user actions taken during a session, and should be of great advantage to security investigators who need to know if an account is performing suspicious actions, possibly due to an attacker compromise.| Office 365 for IT Pros
The Microsoft Authenticator app gets two important changes in September 2025 to make the app easier to use for average users. The current number matching mechanism is modified to make it less likely that notifications will fail to be seen and the first run experience is changing to give priority to Entra ID accounts. . Hopefully, the changes will encourage adoption of MFA in Microsoft 365 tenants.| Office 365 for IT Pros
The Microsoft Authenticator app is a secure authentication method for MFA. The app is getting an easier way for backup and recovery, which should make it easier for people to move to new iOS devices. Instead of a Microsoft recovery account, Authenticator will use the iCloud keychain. The update is expected to roll out in September 2025.| Office 365 for IT Pros
In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting users grant unsupervised consent to third-party apps to access files stored in OneDrive for Business and SharePoint Online is a bad idea. There are certainly apps out there that need such access, but requiring one-time administrator approval is no hardship.| Office 365 for IT Pros
Microsoft 365 tenants with Entra P1 or P2 licenses can use a custom banned password list to stop people using specific terms in their passwords. The idea is to prevent easily-guessed terms being used in passwords. You could also block words deemed to be objectionable. In any case, this article explains how to maintain the custom blocked password list with a PowerShell script.| Office 365 for IT Pros
The last thing you want on a Saturday morning is to find that Entra ID has blocked your account because of leaked credentials. Even though the account is protected by MFA, it’s still important to remediate the event by changing its password. A check against some beta sign-in metrics shows that no one has tried to use the leaked credentials, so that’s good.| Office 365 for IT Pros
Entra ID populates the sponsor property for new guest accounts with details of the person who invites the guest to the tenant. It's data that can be used for different purposes, such as having someone to justify the continued presence of a guest account in a Microsoft 365 tenant. This article explains how to report guest accounts and their sponsors with some straightforward PowerShell.| Office 365 for IT Pros
This blog shows how to implement a delegated Microsoft On-Behalf-Of flow in ASP.NET Core, and has a focus on access token management. The solution uses Microsoft.Identity.Web to implement the diffe…| Software Engineering
According to the Microsoft Digital Defense Report 2022, weak identity controls are listed as a top three contributing factors found during ransomware incident response. One particularly troubling finding within identity […] The post Protect your privilege with PAW appeared first on Eric on Identity.| Eric on Identity