Today I want to walk through how to configure Azure App Service Authentication when your App Service sits behind Azure Front Door and is accessed through a Private Link. On a dreadful day in october 2025, I received something that most IT people fear - a request from a client! The request included information from the client, that they were struggling with authentication on a Web App deployed behind Azure Front Door using Private Link. What looked like a straightforward setup

We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365. Now it’s time to answer the next question - how do we monitor and report on their usage? Unfortunately, there’s no built-in way to gain that visibility today. Neither Entra ID nor Microsoft 365 provides a simple method to inventory or audit Authentication Contexts across our estate including Conditional Access, PIM and Sensitivity labels

Getting annoyed or impatient when activating eligible roles in PIM — especially multiple roles at once? You’re not alone. Today, I’m sharing a solution to take the pain out of the process. Whenever I talk with clients, colleagues, or students about Microsoft Entra Privileged Identity Management (PIM), the first complaint I hear is always the same: activating roles is a headache! After hearing this one too many times, I decided to do something about it. What started as a quic

Managing external users is one of the most tedious—but also critical—challenges in a Microsoft Business Premium environment. With authentication , authorization , and password security covered in earlier posts, we're now prepared to dive into identity and access management (IAM) specifically for external and guest users. Collaboration beyond organizational boundaries presents unique security challenges, particularly in balancing streamlined access and robust security practic

Managing new guest accounts can be a daunting task—especially when you’re dealing with high turnover, distributed teams, or unknown user lists. Today, I’ll show you how Microsoft Entra User Flows , otherwise known as Self-Service Sign-Up , can help automate and streamline this process within a workforce tenant . Organizations such as retail chains, shipping companies, or accounting firms frequently collaborate with diverse groups of customers , vendors , and external partner

In Part 02 , we explored authentication , the process of verifying user identities—ensuring users are who they claim to be. Today we’ll build on that by diving into authorization—the process of determining what  authenticated users are allowed. While authentication is a foundational element of any organization’s identity and access management strategy, secure identity verification alone isn’t sufficient. Authorization completes the picture by assigning the correct permissions

In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are great capabilities, there’s a big issue: the permanent  nature of the access. - Let's fix that! The way Elevated Access currently works, there’s no built-in way to manage, or restrict it—not through PIM for time- and approval-based access, not with access reviews, and not with entitlement management either. Once access is enabled for a user,

Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned subscriptions. However, with no built-in restrictions on when or how long this access can be used , monitoring these events is critical  to maintaining security and accountability. Global administrators occasionally need to enable Elevated Access  in Microsoft Entra to manage Azure subscriptions, but without proper oversight, this level of a

Today kicks off a comprehensive blog series where I’ll delve into the security features of the Business Premium license SKU, offering detailed step-by-step guidance and best practices. In this first installment, we’ll explore the capabilities included in Business Premium and walk through the foundational configurations throughout the Admin center, Microsoft Entra, Microsoft Defender and Microsoft 365 Apps Admin center. These are the key settings I recommend establishing right

Managing emails for unlicensed admin accounts? Juggling a shared mailbox flooded with notifications from services and clients? Today’s solution: Plus addressing! In the world of IT administration, juggling multiple identities for a single employee can feel like a high-stakes balancing act. Notifications, admin emails, approval requests, and consent forms all demand clear separation from daily accounts. But licensing admin accounts? That can quickly get complicated. Enter Plus

As the Conditional Access series wraps up , we’re diving headfirst into a new adventure in Identity Management! Join me as I explore the...

I’ve gathered the Conditional Access tributes from nearly every district, and today, we’re collecting the final ones as we approach the...

Today, we’re donning our coolest black shades, pulling on leather jackets, and proudly proclaiming, “We’ll be back!” —for when our...

Welcome to Microsoft Entra, where Zero Trust, permissions, and the infamous policy change await. Buckle up—this rabbit hole goes deep! IAM, or Identity & Access Management, is undoubtedly one of the most critical pillars of cybersecurity. The reason for this is simple: we want to trip up adversaries as much as possible while still allowing our end users access to necessary data, applications, and more, all while adhering to the Zero Trust principles— Assume Breach, Verify Exp

Understanding the authentication flow for Microsoft Entra  is essential when working with IAM in a Microsoft environment. Like the...