This article is a documentation for another script which I have written and would like to make available to the community. The script refers to the conditional access policies. And can be used in several ways. The admin should be able to create a simple report of the existing conditional access policies for his customers. […]
Introduction In this article, I describe one of the most elaborate scripts I have ever written for the community. This script is about defining a standard for how a tenant assessment can be carried out. Everyone who works as a consultant, solution architect or similar in the Microsoft 365 world faces more or less similar […]
In today’s digital landscape, automating processes is an essential part of increasing efficiency and maximizing productivity. In this blog post, I will introduce you to a powerful PowerShell script that greatly simplifies the registration of applications in Microsoft 365. This script provides a complete solution that not only automates app registration, but also generates a […]
Recently, an unexpected problem popped up with some ConditionalAccess policies: it is not possible to enforce controls. Applications show up as ‘excluded’ from the targeted resources when ConditionalAccess policies are evaluated. This behaviour allows users to access resources without MFA or compliant devices. This is possible for Applications which use Entra ID as Idp or […]
This article is a continuation – i.e. Part 2 – of the article Recommendation – Microsoft 365 authorization concepts – Part 1. In this article, the following topics are now dealt with to complete the start for understanding an authorization concept: Configuration of Exchange online RBAC at Administrative Units level Configuration of automatic users, guests […]
In today’s digital landscape, businesses are increasingly grappling with the repercussions of cybercrime. Cyberattacks are escalating in frequency, and the resulting damage is growing at an unprecedented rate. Among the most significant vulnerabilities for organizations are their passwords, which serve as the entry point into an account and, consequently, represent the weakest link in their […]
Microsoft 365 administrators have various roles and tasks that they need to manage to ensure that the organization runs smoothly. Authorization concepts that are familiar from the on-premise world cannot be replicated 1:1 in the Microsoft Cloud. In order to ensure data security, several steps need to be implemented. These are as follows: PIM: […]
Creating a standardized and consistent naming convention for IT infrastructures based on Microsoft 365 and Microsoft Azure is essential for efficient management. The following guidelines should be adhered to: General Principles: Consistency: Maintain consistency across all resources, ensuring a uniform and predictable structure. Readability: Names should be easy to read and understand, avoiding unnecessary abbreviations. […]
From time to time I get requests from customers for the following scenario: The customer basically has a hybrid infrastructure, must (or wants to) continue to operate Exchange on-premise. However, the customer wants to protect the Outlook Web App (OWA) of the on-premise messaging infrastructure with Multi Factor. On the one hand, this can be […]
Microsoft is becoming more and more a telephony provider. With the possibility of building a call centre with native tools (i.e. without 3rd party tools), Microsoft has taken another big step towards playing in the top 3 league of telephony solutions. Microsoft Teams has been offering the possibility to build call center solutions for some […]
This script helps to create dynamic Azure AD groups based on the PowerShell module Graph SDK. The idea is that organizations have different autopilot profiles. These can differ by region, language or other elements. In order to roll these out in the best possible way with little effort, it is recommended to work with dynamic […]
For a given occasion, I have rewritten the script: Add BULK Users from CSV to Azure AD Group. The functionality is almost the same. The following points have been adapted: Instead of the Azure Active Directory module, the script now works with the Microsoft Graph PowerShell SDK module. If the required module is not […]