We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365. Now it’s time to answer the next question - how do we monitor and report on their usage? Unfortunately, there’s no built-in way to gain that visibility today. Neither Entra ID nor Microsoft 365 provides a simple method to inventory or audit Authentication Contexts across our estate including Conditional Access, PIM and Sensitivity labels

With identities and access strengthened in part 2 , it’s time to turn our focus to real-world data protection  with Authentication Contexts. One of the more underused capabilities of Authentication Contexts is their power to secure data across the environment, whether through direct enforcement using Sensitivity Labels or by protecting user sessions via Microsoft Defender for Cloud Apps. In this post, we’ll explore exactly that: how to secure organizational data using Authent

In Part 1 of this mini-series, we explored the what, why, and how of Microsoft Entra Authentication Contexts, laying the foundation for what they are and how they work. In this second part, we’ll build on that foundation with real-world examples of how Authentication Contexts can secure user access and critical actions. Along the way, we’ll walk through configurations, share recommendations, and look at the Conditional Access policies that tie it all together. So, let’s dive

Over my last few posts, I’ve casually mentioned Authentication Context a few times, so I thought it was about time we gave the feature a proper spotlight. Within Microsoft Entra, we sometimes encounter scenarios where we need to enforce specific conditions for certain sub-actions or unique requirements. While Conditional Access can directly enforce conditions in most cases, there are times when it’s trickier — especially if we want to enforce a condition for a single  action

Managing external users is one of the most tedious—but also critical—challenges in a Microsoft Business Premium environment. With authentication , authorization , and password security covered in earlier posts, we're now prepared to dive into identity and access management (IAM) specifically for external and guest users. Collaboration beyond organizational boundaries presents unique security challenges, particularly in balancing streamlined access and robust security practic

In Part 02 , we explored authentication , the process of verifying user identities—ensuring users are who they claim to be. Today we’ll build on that by diving into authorization—the process of determining what  authenticated users are allowed. While authentication is a foundational element of any organization’s identity and access management strategy, secure identity verification alone isn’t sufficient. Authorization completes the picture by assigning the correct permissions

In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are great capabilities, there’s a big issue: the permanent  nature of the access. - Let's fix that! The way Elevated Access currently works, there’s no built-in way to manage, or restrict it—not through PIM for time- and approval-based access, not with access reviews, and not with entitlement management either. Once access is enabled for a user,

In the first part of this series , we laid the foundation for securing Microsoft Business Premium environments, covering the core security principles and configurations. Now, we shift our focus to authentication—the frontline of identity protection. Authentication is at the heart of securing any environment, and with evolving threats like phishing, credential stuffing, and AiTM attacks, ensuring robust authentication is non-negotiable. A compromised identity can grant an atta

Protecting highly critical configurations in our Entra tenants has never been easier! Join me as we explore Protected Actions  in Microsoft Entra and how they help us lock down security-sensitive operations. A solid Identity and Access Management (IAM) strategy based on Zero Trust principles strengthens security by enforcing separation of duties, elevating access requests , and ensuring Just-In-Time (JIT) access , among others. But what if you need to further restrict specif

As the countdown for my series draws to a close, there are still a few final points I’d like to explore, and hopefully, you’ll join me...

I’ve gathered the Conditional Access tributes from nearly every district, and today, we’re collecting the final ones as we approach the...

Today, we’re donning our coolest black shades, pulling on leather jackets, and proudly proclaiming, “We’ll be back!” —for when our...

Now that we’ve covered the baseline essentials, it’s time to focus our Conditional Access policy deployment a bit more. As I mentioned in...

Welcome to Microsoft Entra, where Zero Trust, permissions, and the infamous policy change await. Buckle up—this rabbit hole goes deep! IAM, or Identity & Access Management, is undoubtedly one of the most critical pillars of cybersecurity. The reason for this is simple: we want to trip up adversaries as much as possible while still allowing our end users access to necessary data, applications, and more, all while adhering to the Zero Trust principles— Assume Breach, Verify Exp

Understanding the authentication flow for Microsoft Entra  is essential when working with IAM in a Microsoft environment. Like the...