In Part 02 , we explored authentication , the process of verifying user identities—ensuring users are who they claim to be. Today we’ll build on that by diving into authorization—the process of determining what  authenticated users are allowed. While authentication is a foundational element of any organization’s identity and access management strategy, secure identity verification alone isn’t sufficient. Authorization completes the picture by assigning the correct permissions

In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are great capabilities, there’s a big issue: the permanent  nature of the access. - Let's fix that! The way Elevated Access currently works, there’s no built-in way to manage, or restrict it—not through PIM for time- and approval-based access, not with access reviews, and not with entitlement management either. Once access is enabled for a user,

Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned subscriptions. However, with no built-in restrictions on when or how long this access can be used , monitoring these events is critical  to maintaining security and accountability. Global administrators occasionally need to enable Elevated Access  in Microsoft Entra to manage Azure subscriptions, but without proper oversight, this level of a

In the first part of this series , we laid the foundation for securing Microsoft Business Premium environments, covering the core security principles and configurations. Now, we shift our focus to authentication—the frontline of identity protection. Authentication is at the heart of securing any environment, and with evolving threats like phishing, credential stuffing, and AiTM attacks, ensuring robust authentication is non-negotiable. A compromised identity can grant an atta

Protecting highly critical configurations in our Entra tenants has never been easier! Join me as we explore Protected Actions  in Microsoft Entra and how they help us lock down security-sensitive operations. A solid Identity and Access Management (IAM) strategy based on Zero Trust principles strengthens security by enforcing separation of duties, elevating access requests , and ensuring Just-In-Time (JIT) access , among others. But what if you need to further restrict specif

Today kicks off a comprehensive blog series where I’ll delve into the security features of the Business Premium license SKU, offering detailed step-by-step guidance and best practices. In this first installment, we’ll explore the capabilities included in Business Premium and walk through the foundational configurations throughout the Admin center, Microsoft Entra, Microsoft Defender and Microsoft 365 Apps Admin center. These are the key settings I recommend establishing right

As the season for audits approaches (though, let’s be honest, auditing should be an all-year-round endeavor), I’m excited to share a practical solution for managing role assignments across your tenant. Managing role assignments can feel overwhelming, especially when multiple administrators are involved in assigning, monitoring, auditing, and managing roles. It’s rarely a one-person job, and the complexities only grow with the scale of your organization. Combine that with incr