Showing items from Graph API

Monitor assigned roles outside PIM and sent to MS Teams using OpenAI

Sander Rozemuller
Date : July 14, 2023
Categories : Open ai ,Monitoring
Tags : Privileged identity management ,Automation ,Conditional access ,Graph API ,Zero to zero trust

Another big helper in implementing a Zero Trust environment is the use of Privileged Identity Management, aka PIM. It is a best practice assigning the least permissions as needed for the shortest amount of time. PIM helps you with that. After implementing PIM you have left-overs of admins assign roles to identities without PIM. In that case there is a mechanism that check if there are roles assign outside PIM.

Monitor Conditional Access changes using OpenAI and MS Teams

Sander Rozemuller
Date : June 8, 2023
Categories : Open ai ,Monitoring
Tags : Automation ,Conditional access ,Graph API ,Zero to zero trust

Implementing conditional access policies have a huge impact on your identities and organisation. After implementation, there could be a situation conditional policies need changes. Think about the state, adding or excluding users, or adding a security strength for example.

Check Conditional Access Policy Effect Automated

Sander Rozemuller
Date : May 8, 2023
Categories : Security ,Zero trust
Tags : Automation ,Conditional access ,Entra ID ,Graph API ,Zero to zero trust ,Zero trust level 2

In earlier posts I created several conditional access policies in an automated way. During the time policies may change, users will be added to a specific Azure role, groups are added and so many more.
All those changes effect on how conditional access policies act. Because of that, it is recommended to check your conditional access policies environment so now and then.

Passwordless, Multi-layered Break Glass Alternative Automated

Sander Rozemuller
Date : April 14, 2023
Categories : Security ,Microsoft intune ,Zero trust
Tags : Automation ,Microsoft intune ,Graph API ,Zero to zero trust

Emergency accounts are a fundamental part of any security strategy. They are used to access systems when the primary account is unavailable or locked out. In the past, emergency accounts were often called “break glass” accounts. In an earlier post, I explained how to create an emergency account based on a user account with a password. In this post, I will show you how to automate the creation of a passwordless, multi-layered emergency account using Graph API.

Zero Trust Data Protection Using App Protection Policies Automated

Sander Rozemuller
Date : March 30, 2023
Categories : Security ,Microsoft intune ,Zero trust
Tags : Automation ,Data protection ,Entra ID ,Graph API ,Zero to zero trust ,Zero trust level 1

In earlier steps, I explained how to control identity and devices to connect to your environment. Now people are connected to your environment safely, the next step is to make sure your data won’t walk out.
In this step of the Zero to Zero Trust journey we will look at the first step of how to keep your data safe. In this blog, I show how to automate the creation of App Protection Policies. Intune App Protection policies help protect corporate data even if a device itself is not managed.

Zero Trust Common Identity and Device Access Protection

Sander Rozemuller
Date : March 14, 2023
Categories : Security ,Entra ID ,Zero trust
Tags : Automation ,Entra ID ,Graph API ,Zero to zero trust ,Zero trust level 1

This is the 3rd step in the series Zero to Zero Trust in an automated way. In the previous steps, we configured an emergency account and protected the account with conditional access policies. The conditional access policies control the log-in process. In this step, we configure access policies for other users and devices.