Today I want to walk through how to configure Azure App Service Authentication when your App Service sits behind Azure Front Door and is accessed through a Private Link. On a dreadful day in october 2025, I received something that most IT people fear - a request from a client! The request included information from the client, that they were struggling with authentication on a Web App deployed behind Azure Front Door using Private Link. What looked like a straightforward setup

We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365. Now it’s time to answer the next question - how do we monitor and report on their usage? Unfortunately, there’s no built-in way to gain that visibility today. Neither Entra ID nor Microsoft 365 provides a simple method to inventory or audit Authentication Contexts across our estate including Conditional Access, PIM and Sensitivity labels

Over my last few posts, I’ve casually mentioned Authentication Context a few times, so I thought it was about time we gave the feature a proper spotlight. Within Microsoft Entra, we sometimes encounter scenarios where we need to enforce specific conditions for certain sub-actions or unique requirements. While Conditional Access can directly enforce conditions in most cases, there are times when it’s trickier — especially if we want to enforce a condition for a single  action

Today, I’ll take a closer look at Microsoft Entra Administrative Units (AUs)  and Restricted Management Administrative Units (RMAUs) Despite being incredibly useful, AUs and RMAUs are still underutilized in many environments. As organizations scale and responsibilities shift across teams, the need for scoped delegation becomes increasingly important. AUs let you define clear administrative boundaries, while RMAUs go a step further by blocking even high-privileged roles from m

Managing external users is one of the most tedious—but also critical—challenges in a Microsoft Business Premium environment. With authentication , authorization , and password security covered in earlier posts, we're now prepared to dive into identity and access management (IAM) specifically for external and guest users. Collaboration beyond organizational boundaries presents unique security challenges, particularly in balancing streamlined access and robust security practic

With authentication & authorization covered in the previous posts of the series, it's now time to dive into strengthening our password policies, empowering end-users, and enhancing overall password security. As I've gone over previously , passwords aren't exactly bulletproof, but for many organizations, transitioning to a fully passwordless setup overnight isn't realistic. While we steadily work towards that passwordless dream, managing and securing passwords across the org

In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are great capabilities, there’s a big issue: the permanent  nature of the access. - Let's fix that! The way Elevated Access currently works, there’s no built-in way to manage, or restrict it—not through PIM for time- and approval-based access, not with access reviews, and not with entitlement management either. Once access is enabled for a user,

Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned subscriptions. However, with no built-in restrictions on when or how long this access can be used , monitoring these events is critical  to maintaining security and accountability. Global administrators occasionally need to enable Elevated Access  in Microsoft Entra to manage Azure subscriptions, but without proper oversight, this level of a

Protecting highly critical configurations in our Entra tenants has never been easier! Join me as we explore Protected Actions  in Microsoft Entra and how they help us lock down security-sensitive operations. A solid Identity and Access Management (IAM) strategy based on Zero Trust principles strengthens security by enforcing separation of duties, elevating access requests , and ensuring Just-In-Time (JIT) access , among others. But what if you need to further restrict specif

Today kicks off a comprehensive blog series where I’ll delve into the security features of the Business Premium license SKU, offering detailed step-by-step guidance and best practices. In this first installment, we’ll explore the capabilities included in Business Premium and walk through the foundational configurations throughout the Admin center, Microsoft Entra, Microsoft Defender and Microsoft 365 Apps Admin center. These are the key settings I recommend establishing right

In this blog post, we’ll be covering the fundamentals  of Access Packages in Microsoft Entra—it’s all about getting a solid understanding...

As the Conditional Access series wraps up , we’re diving headfirst into a new adventure in Identity Management! Join me as I explore the...