How to work with Administrative Units

More and more organizations are working with Azure Active Directory. Those organizations can have an Azure AD only implementation or and hybrid situation (On-Premises Active Directory where users/groups/devices are synchronized towards Azure AD). The on-premises Active Directory consists of Organizational Units where users and groups are hierarchical stored in the units, you can also assignContinue reading “How to work with Administrative Units”

Secure Windows Virtual Desktop with Conditional Access

Currently a lot of organizations are using Windows Virtual Desktop. A lot of security administrators asks questions how to secure Windows Virtual Desktop as this feature is public accessible. I’ve already implemented some conditional access policies regarding Windows Virtual Desktop. Examples are: Block access when a user is outside the network and his/her device isContinue reading “Secure Windows Virtual Desktop with Conditional Access”

Manage application permissions for your B2B users

It’s quite difficult for an IT department to manage access towards corporate data for B2B users. The IT department is mostly not aware which companies needs access to which resources of your organization. Also the IT department isn’t aware of the people that needs to have access towards a specific application. This article describes howContinue reading “Manage application permissions for your B2B users”

Synchronize Bitlocker recovery keys to local AD

Most companies are working with different IT specialist, some of them are more experienced in configuring and managing Microsoft Endpoint Managers while others are working on first line support. In this situation IT does not want to grant access towards the Microsoft Endpoint Management portal for their first line support. For example, first line supportContinue reading “Synchronize Bitlocker recovery keys to local AD”

Automate B2C Deployments with Azure Devops

It can be hard to manage different environments in Azure AD B2C. You need to switch to all the different tenants to upload your policies. This is not an ideal situation when working on multiple customer projects. This blog describes how to automate your deployments on multiple environments. The configuration on the script is notContinue reading “Automate B2C Deployments with Azure Devops”

Restrict download on a personal device

Currently a lot of users are working from home during the corona virus but what about security? We can follow up the logs of specific users in cloud app security or you can create custom alerting but what if you’re working in an organization with more than 1000 users? This blog describes how to restrictContinue reading “Restrict download on a personal device”