This article will explore the less known ways to authenticate and access resources protected by Azure AD.

This article assumes you know what conditional access is. It’s the identity security “firewall” of Azure AD, if you will. It lets you set rules on which apps can be accessed by whom under which conditions. Restrictions can be set like you need a managed device, or MFA is required. If you are using Azure AD and are not using Conditional Access, well you are doing it wrong. Although conditional access is great, it however doesn’t protect you against all forms of authentication. It is exactly these scenarios on which I want to focus in this article.

Oauth credential fishing is a problem for Microsoft 365 customers. The recent hack of 28.000 e-mails at SANS shows this can even happen to companies that give security training.

At Build 2020 Microsoft announced "self-service signup with social IDs" for Azure AD using "user flows". A feature that was originally introduced in Azure AD B2C. This is really, really exciting news! Sure, you can write your own apps and invite partners in using their Google and Facebook accounts, like Microsoft's Josh Douglas says in his Build 2020 presentation. But you could also have used Azure AD B2C for that for already 3 years. Azure AD B2C has supported social IDs as well as corporate IDs using user flows since its beginning. What Josh didn't say, is that now you can start to combine the power of regular Azure AD with the new features that coming from Azure AD B2C. Although not many people might realize, it is the combination of these two things that will allow you to build very, very exciting new scenarios!

Azure Active directory differentiates two types of permission for apps. The “on behalf of a user” permission and the “access without a user” permission. In my previous post I wrote about a script I created that lists apps that have access without a user being present. In this post I will focus on apps that users or admins have consented to.

Azure Active directory differentiates two types of permission for apps. The “on behalf of a user” permission and the “access without a user” permission. Although both are interesting from a security perspective the access without a user permission is especially interesting.

Azure AD Business to Consumer is a very flexible and powerful identity platform. It allows you to completely control the user experience for your customer and partner facing applications. See About Azure AD B2C for more info.

Have you looked at the new Graph Connector for Microsoft Identity Manager recently? You can find a link here. I used to use the PowerShell MA that Søren Granfeldt made. That thing is probably the best extension to MIM period. Use it for all kinds of things. But the new Graph connector will now be my new default for syncing with Azure AD.

Azure AD Business to Consumer is a very flexible and powerful identity platform. It allows you to completely control the user experience for your customer and partner facing applications. See About Azure AD B2C for more info.

Over the last year and a half or so we have implemented Azure AD B2C for a number of customers. Over the next couple of days / weeks I will be posting a number of blogs with some of the tips and tricks we learned along the way. I will also be sharing some example scripts, policies and Powershell modules we have developed.

In this first post we explain the process of creating a new Azure AD B2C tenant within your existing Azure environment, adding other admins etc. Also see; Setup identity experience framework.

De reputatie economie, online of offline, is erg bepalend voor het succes van een restaurant of hotel. In de trein zit ik hier over na te denken. Hoe is dat in jou werk? Heeft jou bedrijft ook een grote verkoop afdeling die erg hard werken op iedereen aan het werk te houden? Hoe belangrijk is reputatie hierin? En wat kan jou bedrijf doen om zijn reputatie te verbeteren.