Understanding Sign-In Frequency (SiF) in Hybrid-Joined Environments
Why Enforcement Can Appear Inconsistent for SSO-Integrated SaaS Applications You’ve set your Sign-In Frequency to 12 hours, but users...| thetolkienblackguy
The Sum of the Whole is Greater Than the Sum of its Parts I won’t pretend this is the norm, but I’ve noticed in different circles professionally and on some corners of the internet that imply certain identity controls are redundant or unnecessary because another control is already in place: “If we have phishing-resistant MFA, do we really need PIM? This seems like overkill and not a necessary control” ~A SharePoint Administrator for one of my clients. “If we use PIM, why can’t adm...| thetolkienblackguy
Why Enforcement Can Appear Inconsistent for SSO-Integrated SaaS Applications You’ve set your Sign-In Frequency to 12 hours, but users...| thetolkienblackguy
I was helping someone who had written a PowerShell script against Entra with the Graph SDK. It worked perfectly for him during testing,...| thetolkienblackguy
Most administrators in the public sector are probably used to the concept of Personal Identity Verification (PIV) or Common Access Card...| thetolkienblackguy
Until recently, I misunderstood PowerShell classes. Not entirely, of course—I’ve been using them for a while. But like a lot of folks who...| thetolkienblackguy
In Microsoft Entra ID (formerly Azure AD), break glass accounts serve as your emergency access path when normal administrative channels...| thetolkienblackguy
Introduction Many PowerShell developers and IT administrators rely heavily on Where-Object to filter data, often without considering its...| thetolkienblackguy
ConditionalAccessIQ Overview Maintaining visibility into changes made to Microsoft Entra Conditional Access policies can be challenging...| thetolkienblackguy
Understanding how your users authenticate to your systems is crucial for maintaining security. While Entra Id provides various authentication methods, getting a clear picture of their usage across your organization can be challenging. This is where EntraAuthenticationMetrics comes in – a PowerShell module designed to help administrators visualize and track authentication methods, with a particular focus on Phishing-Resistant MFA.What Problem Does It Solve?As more organizations adopt a Zero ...| thetolkienblackguy
The Tolkien Black Guy. Quality, how-to articles for PowerShell automation and Azure AD identity and access management.| thetolkienblackguy
Microsoft just made a long-requested improvement: you can now manage application policies for Entra ID applications directly in the portal. Things like certificate and secret age restrictions - previously the domain of the Graph API only - are now exposed in a friendly UI as seen here in many of wonderful blog posts.That’s good news. But before you start tightening lifespans on certificates, let me share a gotcha I haven’t seen mentioned anywhere else yet.The Error You’ll SeeWhen you s...| thetolkienblackguy
