Azure AD 17 - Benoit's Corner

Azure AD Connect – Potential vulnerability in version 1.3.20.0

A vulnerability in Azure Active Directory Connect (Azure AD Connect), the directory synchronization tool for Office 365/Azure AD, version 1.3.20.0 (the latest one released last late April) has been found. This vulnerability may lead to an elevation of privileges, under specific conditions, allowing an attacker to execute 2 PowerShell cmdlets in the context of a […]

Azure AD Connect – Potential vulnerability in version 1.3.20.0 Read More »

Azure AD – You can now writeback from Azure AD to Workday

Leave a Comment / Azure Active Directory / Benoit HAMET / May 21, 2019 / AAD, Azure, Azure Active Directory, Azure AD, Workday

As you may know, Microsoft and Workday have been working pretty hard to make Workday integration with Azure Active Directory (AAD) as seamless as possible. This integration now goes one step further as you can writeback from Azure AD to Workday. This means if an attribute is updated on Azure AD, you can get the

Azure AD – You can now writeback from Azure AD to Workday Read More »

Office 365 – Office 365 Groups/Teams naming policy is now manageable from Azure AD portal

Leave a Comment / Azure Active Directory, Microsoft Teams, Office 365 / Benoit HAMET / May 17, 2019 / AAD, Azure Active Directory, Azure AD, Microsoft Teams, O365, Office 365, Office 365 Groups, Teams

You may already know that you can define naming policy for your Office 365 Groups, which also applies to Microsoft Teams. Until now, this was done by connection with PowerShell. Now, you can manage (create/update) your naming policy as well as the blocked words list from your Azure AD portal. Connect to your Azure (https://portal.azure.com)

Office 365 – Office 365 Groups/Teams naming policy is now manageable from Azure AD portal Read More »

Azure AD – You can now secure SSPR and MFA registration using conditional access

Leave a Comment / Azure Active Directory, Security / Benoit HAMET / May 17, 2019 / AAD, Azure Active Directory, Azure AD, Conditional Access, MFA, Multi Factor Authentication, Self Service Password Reset, SSPR

You may already know this is a best practice to get your users registered for Azure Multi Factor Authentication (MFA) and Self Service Password Reset (SSPR). That said, the registration requires your end-user to provide sensitive information (phone number, external email address…) to help the system to properly identify them during the registration process –

Azure AD – You can now secure SSPR and MFA registration using conditional access Read More »

Office 365 / Azure AD – The limitation of the 16-characters password is now removed

Leave a Comment / Azure Active Directory, Office 365 / Benoit HAMET / May 15, 2019 / AAD, Azure Active Directory, Azure AD, O365, Office 365, Password

Until today, when you were setting up a cloud password on Office 365 or Azure Active Directory (AAD), you were not able to use more than 16 characters. NOTE this limitation did apply to synchronized password. Now, this limitation has been removed; you can set your password by using up to 256 characters, with a

Office 365 / Azure AD – The limitation of the 16-characters password is now removed Read More »

Azure AD – You can easily and automatically manage access to groups, applications and SharePoint sites for your users (internal and external)

Leave a Comment / Azure Active Directory, Beta / Preview / Benoit HAMET / May 1, 2019 / AAD, Azure, Azure Active Directory, Azure AD, Governance, Identity, Identity and Access Management, Identity Governance, Identity Management

As part of the identity and access control management on Azure AD, you can now use Azure AD Entitlement (also known as Azure AD Identity Governance) (in preview) to easily and automatically manage access to your groups or applications by your users, both internal (corporate) or external (guest). By using Azure AD Entitlement, you can

Azure AD – You can easily and automatically manage access to groups, applications and SharePoint sites for your users (internal and external) Read More »

Azure AD – New Session control settings available in preview for Conditional Access

Leave a Comment / Azure Active Directory / Benoit HAMET / April 29, 2019 / AAD, AAD Conditional Access, Azure, Azure Active Directory, Azure Active Directory Conditional Access, Azure AD, Azure AD Conditional Access, Conditional Access, Persistent Browser Session, Sign-In Frequency

2 new settings have been introduced for the Session Control in Azure AD Conditional Access: Sign-in frequency: defines the time period before a user is asked to sign-in again when attempting to access a resource. This means that if the security posture of the authentication session has not changed, users will be asked to re-authenticate

Azure AD – New Session control settings available in preview for Conditional Access Read More »

Azure AD – You can now use group claims in SAML and OIDC/Oauth token

Leave a Comment / Azure Active Directory / Benoit HAMET / April 29, 2019 / AAD, AAD Application, Azure, Azure Active Directory, Azure Active Directory Application, Azure AD, Azure AD Application

When publishing application using Active Directory Federation Services (AD FS) or other identity provider, you often use group membership as claim is a user’s token. Until now, this was not possible to use group membership as claim in Azure AD Application; now you can To start using group membership claim for your Azure AD Application,

Azure AD – You can now use group claims in SAML and OIDC/Oauth token Read More »

Azure AD – You can now use Directory Roles when configuring Conditional Access

Leave a Comment / Azure Active Directory, Beta / Preview, Microsoft Intune, Security / Benoit HAMET / April 26, 2019 / AAD, Azure Active Directory, Azure AD, Conditional Access, Directory Roles

As you know, Azure AD Conditional Access allows you to define conditions to allow or block access to Azure/Office 365 resource (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview). When configuring such conditional access, you define to which set of users/groups this apply (or not – aka exclude). Now, you can apply the conditional access policy by using the Directory Roles to

Azure AD – You can now use Directory Roles when configuring Conditional Access Read More »

Office 365 / Azure AD – New administration roles available

Leave a Comment / Azure Active Directory, Office 365 / Benoit HAMET / April 11, 2019 / AAD, Admin Role, Administration Role, Azure Active Directory, Azure AD, O365, Office 365

As Office 365 and Azure AD are evolving, the need for more granular administration role is more and more important. 2 new administration roles have been introduced to reduce the need for more elevated privileges: Information Protection Administrator: to grant all Azure Information Protection (AIP) administration aspects without granting global administrator permission. This covers Azure

Office 365 / Azure AD – New administration roles available Read More »