darrenjrobinson – Bespoke Identity and Access Management Solutions
Enterprise Microsoft and SailPoint Identity & Access Management Architect
Microsoft Graph webhooks or the ability to receive an Azure AD Change Notification has been around for some time. However, as I primarily deal with Azure AD for user and group objects I never previously had the need to utilize them.… keep reading
Accessing Microsoft Office365, the Azure Portal, and the plethora of services we integrate with Azure Active Directory is for the most part seamless, especially when you only need to access a single tenant. However, it is 2021, and collaboration across tenants is the new normal.… keep reading
Recently I’ve posted about accessing Microsoft Graph using MicroSoft Authentication Libraries (MSAL) with Python and using MSAL with Python and Delegated Permissions. This is the final post in the series where I give an example and script for accessing Microsoft Graph using MSAL with Python and Certificate Authentication.… keep reading
Recently I wrote about reporting on individual Azure AD Users Authentication Methods using Microsoft Graph and PowerShell. Whilst this is great at a user level, Azure AD Authentication Methods Summary Reports at an organization level are often requested by IT Management.… keep reading
Collaboration between Azure Active Directory tenants typically involves Azure AD Guest accounts. After a few years, the proliferation of ‘Guest’ accounts usually becomes a focus, especially for larger tenants. As Azure AD has matured the meta data associated with accounts, along with Microsoft Graph improvements is making it easier to define and locate stale Azure AD B2B Guest Accounts.… keep reading
Reporting on users’ registered Azure AD Authentication methods is a more common request from enterprise security teams recently with the advance of Passwordless Authentication. In mid 2020 Microsoft added the ability to report on Azure AD Authentication Methods using Microsoft Graph, however ONLY with Delegated Microsoft Graph permissions.… keep reading
The ability to obtain Individual User Usage Reports has been possible in Office365 for many years. However, they were only available from each individual service such as Teams, OneDrive, Exchange, SharePoint and Yammer. If you wanted a holistic view you needed to query each of the services API’s and collate the responses for each identity.… keep reading
The ability to customize Azure AD Login branding with company images has been around for many years. Recently though additional configuration options have become available. Specifically, the ability to provide Username hint and Sign-in page text. Having recently done a mock-up of this for an engagement there were a few items that I want to recall for the next time I need to do this.… keep reading
Close to 3 years ago I authored this post on using PowerShell for Certificate based Azure AD Authentication using ADAL (Active Directory Authentication Library). More recently I’ve published posts on using MSAL (MicroSoft Authentication Library) with PowerShell for Application and Delegated integration with the Microsoft Graph.… keep reading
Last week Microsoft released the public preview of the ability to convert Azure AD Users from members to B2B members. This means that full Azure AD User Objects (rather than Guests) can be federated to another tenant and that the Azure AD User object remains as a ‘member’ User Type.… keep reading