We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365. Now it’s time to answer the next question - how do we monitor and report on their usage? Unfortunately, there’s no built-in way to gain that visibility today. Neither Entra ID nor Microsoft 365 provides a simple method to inventory or audit Authentication Contexts across our estate including Conditional Access, PIM and Sensitivity labels

With identities and access strengthened in part 2 , it’s time to turn our focus to real-world data protection  with Authentication Contexts. One of the more underused capabilities of Authentication Contexts is their power to secure data across the environment, whether through direct enforcement using Sensitivity Labels or by protecting user sessions via Microsoft Defender for Cloud Apps. In this post, we’ll explore exactly that: how to secure organizational data using Authent

In Part 1 of this mini-series, we explored the what, why, and how of Microsoft Entra Authentication Contexts, laying the foundation for what they are and how they work. In this second part, we’ll build on that foundation with real-world examples of how Authentication Contexts can secure user access and critical actions. Along the way, we’ll walk through configurations, share recommendations, and look at the Conditional Access policies that tie it all together. So, let’s dive

Over my last few posts, I’ve casually mentioned Authentication Context a few times, so I thought it was about time we gave the feature a proper spotlight. Within Microsoft Entra, we sometimes encounter scenarios where we need to enforce specific conditions for certain sub-actions or unique requirements. While Conditional Access can directly enforce conditions in most cases, there are times when it’s trickier — especially if we want to enforce a condition for a single  action

Getting annoyed or impatient when activating eligible roles in PIM — especially multiple roles at once? You’re not alone. Today, I’m...

Today, I’ll take a closer look at Microsoft Entra Administrative Units (AUs)  and Restricted Management Administrative Units (RMAUs)...

Managing external users is one of the most tedious—but also critical—challenges in a Microsoft Business Premium environment. With...

Managing new guest accounts can be a daunting task—especially when you’re dealing with high turnover, distributed teams, or unknown user...

With authentication & authorization covered in the previous posts of the series, it's now time to dive into strengthening our password...

In Part 02 , we explored authentication , the process of verifying user identities—ensuring users are who they claim to be. Today we’ll...

In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are...

Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned...

In the first part of this series, we laid the foundation for securing Microsoft Business Premium environments, covering the core security...

Protecting highly critical configurations in our Entra tenants has never been easier! Join me as we explore Protected Actions  in...

Today kicks off a comprehensive blog series where I’ll delve into the security features of the Business Premium license SKU, offering...

Managing emails for unlicensed admin accounts? Juggling a shared mailbox flooded with notifications from services and clients? Today’s...

As the season for audits approaches (though, let’s be honest, auditing should be an all-year-round endeavor), I’m excited to share a...

Join me as I connect the dots from my previous posts on the fundamental Identity Governance features in Microsoft Entra with Lifecycle...

In this blog post, we’ll be covering the fundamentals  of Access Packages in Microsoft Entra—it’s all about getting a solid understanding...

Today, we’re exploring passkeys—what they are, how they work, and how Microsoft’s latest GA features make passwordless authentication...