darrenjrobinson – Bespoke Identity and Access Management Solutions
Enterprise Microsoft and SailPoint Identity & Access Management Architect
Passwordless, are we there yet? Even though Passwordless means different things to different people, in my interpretation of user initiated password obsolescence I’ve minimised typing passwords as much as possible. In this post I’ll detail how.
You don’t need to wait for your organisation to start promoting and urging you to go passwordless.… keep reading
I’ve authored numerous posts on using the Microsoft Authentication Libraries to connect to Microsoft Graph using PowerShell and Python. They cover using both public and confidential client methods. But what about a method that can be either? In this post I show how to use the Authorization Code with PKCE Flow and PowerShell to authenticate and authorize against Azure Active Directory for Microsoft Graph access.… keep reading
I’m curious. I often think, how does that work? Or why does it behave like that? We are well into the journey towards Passwordless adoption and I’ve spoken and posted about aspects of it before. Always a good place to start are the standards.… keep reading
Which Azure AD Tenants is my user account federated too? More specifically, in which Azure Active Directory Tenants do I have an Azure Active Directory B2B Guest Account? Is there a way I can quickly get an Azure AD User Account Federation Report?… keep reading
Recently I wrote about reporting on individual Azure AD Users Authentication Methods using Microsoft Graph and PowerShell. Whilst this is great at a user level, Azure AD Authentication Methods Summary Reports at an organization level are often requested by IT Management.… keep reading
Collaboration between Azure Active Directory tenants typically involves Azure AD Guest accounts. After a few years, the proliferation of ‘Guest’ accounts usually becomes a focus, especially for larger tenants. As Azure AD has matured the meta data associated with accounts, along with Microsoft Graph improvements is making it easier to define and locate stale Azure AD B2B Guest Accounts.… keep reading
Reporting on users’ registered Azure AD Authentication methods is a more common request from enterprise security teams recently with the advance of Passwordless Authentication. In mid 2020 Microsoft added the ability to report on Azure AD Authentication Methods using Microsoft Graph, however ONLY with Delegated Microsoft Graph permissions.… keep reading
The ability to obtain Individual User Usage Reports has been possible in Office365 for many years. However, they were only available from each individual service such as Teams, OneDrive, Exchange, SharePoint and Yammer. If you wanted a holistic view you needed to query each of the services API’s and collate the responses for each identity.… keep reading
The ability to customize Azure AD Login branding with company images has been around for many years. Recently though additional configuration options have become available. Specifically, the ability to provide Username hint and Sign-in page text. Having recently done a mock-up of this for an engagement there were a few items that I want to recall for the next time I need to do this.… keep reading
Last week Microsoft released the public preview of the ability to convert Azure AD Users from members to B2B members. This means that full Azure AD User Objects (rather than Guests) can be federated to another tenant and that the Azure AD User object remains as a ‘member’ User Type.… keep reading