I’ve been seeing a lot of discussions about the different extension types available across Microsoft Entra objects, and I have a few thoughts on the subject that I want to share with y’all. Being able to extend the built-in attributes and data model in Microsoft Entra provides a flexible way to handle information across our organizations for monitoring, automation, and governance. With that said, I don’t believe the 15 predefined extension attributes are the best route to tak

Conditional Access is one of, if not the, strongest tools in our kit for securing access to our organizations. And it seems to be on the cusp of becoming even stronger. Some time ago, while scrolling through LinkedIn, I came across a post by fellow MVP Daniel Bradley. He highlighted a new property that appeared when experimenting with the beta Graph APIs for Conditional Access: a new condition called Time. After waiting far too long, I finally got the chance to sit down and e

We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365. Now it’s time to answer the next question - how do we monitor and report on their usage? Unfortunately, there’s no built-in way to gain that visibility today. Neither Entra ID nor Microsoft 365 provides a simple method to inventory or audit Authentication Contexts across our estate including Conditional Access, PIM and Sensitivity labels

With identities and access strengthened in part 2 , it’s time to turn our focus to real-world data protection with Authentication Contexts. One of the more underused capabilities of Authentication Contexts is their power to secure data across the environment, whether through direct enforcement using Sensitivity Labels or by protecting user sessions via Microsoft Defender for Cloud Apps. In this post, we’ll explore exactly that: how to secure organizational data using Authent

With authentication & authorization covered in the previous posts of the series, it's now time to dive into strengthening our password policies, empowering end-users, and enhancing overall password security. As I've gone over previously , passwords aren't exactly bulletproof, but for many organizations, transitioning to a fully passwordless setup overnight isn't realistic. While we steadily work towards that passwordless dream, managing and securing passwords across the org