Showing items from Conditional Access

Add Windows Cloud Login application to Conditional Access automated

Sander Rozemuller
Date : June 14, 2024
Categories : Conditional access ,Azure virtual desktop
Tags : Conditional access ,Azure virtual desktop ,Single sign on ,Microsoft graph ,Security

Single Sign On (SSO) for Azure Virtual Desktop (AVD) gives users a seamless login experience from their Windows 10 or Windows 11 device to AVD. This feature is available for a while and most people have configured this feature already. Also, most are also using Conditional Access (CA) (I hope). To make Single Sign On work for AVD in combination with CA policies you need to add the applications Microsoft Remote Desktop (a4a365df-50f1-4397-bc59-1a1564b8bb9c) to your CA policies. Based on your situation the applications are in- or excluded. Now, Microsoft announced that the Single Sign On traffic will be transitioned from the Microsoft Remote Desktop app to Windows Cloud Login. This means you have to add this application to your CA policies. This can be done manually, but I prefer to automate this. In this blog post, I will show you how to add the Windows Cloud Login application to your CA policies automated.

Monitor assigned roles outside PIM and sent to MS Teams using OpenAI

Sander Rozemuller
Date : July 14, 2023
Categories : Open ai ,Monitoring
Tags : Privileged identity management ,Automation ,Conditional access ,Graph API ,Zero to zero trust

Another big helper in implementing a Zero Trust environment is the use of Privileged Identity Management, aka PIM. It is a best practice assigning the least permissions as needed for the shortest amount of time. PIM helps you with that. After implementing PIM you have left-overs of admins assign roles to identities without PIM. In that case there is a mechanism that check if there are roles assign outside PIM.

Monitor Conditional Access changes using OpenAI and MS Teams

Sander Rozemuller
Date : June 8, 2023
Categories : Open ai ,Monitoring
Tags : Automation ,Conditional access ,Graph API ,Zero to zero trust

Implementing conditional access policies have a huge impact on your identities and organisation. After implementation, there could be a situation conditional policies need changes. Think about the state, adding or excluding users, or adding a security strength for example.

Check Conditional Access Policy Effect Automated

Sander Rozemuller
Date : May 8, 2023
Categories : Security ,Zero trust
Tags : Automation ,Conditional access ,Entra ID ,Graph API ,Zero to zero trust ,Zero trust level 2

In earlier posts I created several conditional access policies in an automated way. During the time policies may change, users will be added to a specific Azure role, groups are added and so many more.
All those changes effect on how conditional access policies act. Because of that, it is recommended to check your conditional access policies environment so now and then.

Deploy and monitor conditional access authentication strength automated

Sander Rozemuller
Date : October 6, 2022
Categories : Azure ad ,Security
Tags : Conditional access ,Monitoring

Conditional access is an indispensable configuration setting in Azure AD. Conditional Access policies are in basic if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it. Or, it requires everyone to use multifactor authentication. Multifactor authentication can be a password in combination with an SMS or the use of the Microsoft Authenticator app for example. In the past, a user can choose to use SMS or the authenticator or what the admins provide you to use.

Deploy and monitor conditional access authentication strength automated

Sander Rozemuller
Date : October 6, 2022
Categories : Azure ad ,Security
Tags : Conditional access ,Monitoring