I’ve been seeing a lot of discussions about the different extension types available across Microsoft Entra objects, and I have a few thoughts on the subject that I want to share with y’all. Being able to extend the built-in attributes and data model in Microsoft Entra provides a flexible way to handle information across our organizations for monitoring, automation, and governance. With that said, I don’t believe the 15 predefined extension attributes are the best route to tak

Today I want to share something I’ve been working on for a while now - a Progressive Web App (PWA) version of my PowerShell-based tool, PIMActivation! Back in October 2025 I released the first version of my PowerShell module PIMActivation, which I also wrote a blog post about that you can read here. The goal back then was to provide users with a faster PIM experience, including bulk activation across different types of PIM resources: Entra roles, Groups, and Azure Resources.

Conditional Access is one of, if not the, strongest tools in our kit for securing access to our organizations. And it seems to be on the cusp of becoming even stronger. Some time ago, while scrolling through LinkedIn, I came across a post by fellow MVP Daniel Bradley. He highlighted a new property that appeared when experimenting with the beta Graph APIs for Conditional Access: a new condition called Time. After waiting far too long, I finally got the chance to sit down and e

Emergencies happen every day. Most of the time, they happen to someone else. Until the day they happen to you - then what? We all know things can go wrong, but most organizations do not spend much time thinking about what happens when they lose access to their own environment. That is understandable right up until the moment a misconfiguration, outage or any other emergency turns it from a theoretical problem into a very real one. That is why emergency access matters. In this

Have you ever felt that the native reporting options in the Microsoft Cloud are lacking? Well, you’re not alone - let’s talk about it. Visibility into your Microsoft Cloud identity and security configurations has never been more important… or more fragmented. While Microsoft offers native reporting options for specific parts of our environments, they are often too narrow, incomplete, or difficult to use without significant additional processing. That gap led to the creation o

Sharing is caring — While that is a mantra I follow myself, collaboration needs to be done securely. Email is often the first and most widely used collaboration tool in any organization, which makes Exchange Online a natural place to start when securing collaboration. In today’s work environment, collaboration with others is essential, both internally and externally. To support this, collaboration must be easy for users while remaining secure and manageable for administrators

We’re already sending emails securely, now it’s time to secure inbound email as well! Back in 2022, Microsoft enabled outbound SMTP DANE with DNSSEC for all Exchange Online customers, including MSA (hotmail, live, outlook), ensuring encrypted delivery when sending to domains that support it. Finally, at the tail end of 2024, Microsoft enabled inbound SMTP DANE with DNSSEC across all Exchange Online tenants in a public preview. This adds transport-layer security for receiving