Source: Microsoft Entra Password Protection – Microsoft Entra ID | Microsoft Learn CHECK OUT MY OTHER ENTRA ID PASSWORD PROTECTION GUIDE ON HOW TO DEPLOY TO LEGACY ACTIVE DIRECTORY FOR SYNCED USERS: Password Protection Policy – Hybrid mode to on-premise AD – Christoffer Klarskov Jakobsen – Microsoft Architect License requirement: default enabled Microsoft global banned passwords …
Continue reading Password Protection Policy – Custom Banned Passwords List
Author:Christoffer Klarskov Jakobsen
Password Protection Policy – Hybrid mode to on-premise AD
Source: Microsoft Entra Password Protection – Microsoft Entra ID | Microsoft Learn Huge credits to Ali Tajran: Configure Microsoft Entra Password Protection for on-premises – ALI TAJRAN Requirements License Requirements Scope Microsoft Entra Password Protection with global banned password list Microsoft Entra Password Protection with custom banned password list Cloud-only users Microsoft Entra ID Free Microsoft Entra ID …
Continue reading Password Protection Policy – Hybrid mode to on-premise AD
RDP to Entra ID Joined VM (Workaround then Azure Bastion is not possible to deploy)
Windows server 2025 (and earlier) comes with the feature of being Entra ID joined.In Azure, this is very easy and can be done then deploying, or later by installation the AADLoginForWindows extension. The best way to manage a VM (then you need RDP access), is by using Azure Bastion. However if that is not an …
Continue reading RDP to Entra ID Joined VM (Workaround then Azure Bastion is not possible to deploy)
Entra ID – Passwordless Configuration – Basic
Intro This guide is devided into two phases. One phase is about preparing the customer’s Microsoft 365 Entra ID to support passwordless implementation.The other phase is about creating users, adding temporary access pass and self-service password reset options. DISCLAIMER: Some of the pictures is in danish – I wish to come back and edit for …
Continue reading Entra ID – Passwordless Configuration – Basic
Inbound SMTP DANE with DNSSEC in Exchange Online
Intro This guide expains how to enable Inbound SMTP DANE with DNSSEC in your customers tenant.Domains to be configured for this, will be domains present in your customers tenant. Verify DNSSEC Update existing MX record TTL in DNS management system Enable DNSSEC for domain in Exchange Online Add new MX record to domain Verify new …
Continue reading Inbound SMTP DANE with DNSSEC in Exchange Online
Azure Virtual Deskop – AppAttach and MSIX AppAttach
Intro Before beginning, it is important to understand when to use the newest offer AppAttach or go with the older MSIX AppAttach.Below is a table comparing the two: In general use AppAttach, as long as you’re running Windows 11 Multi-Session or newer, as it is not available on Windows 10 Multi-Session. Prerequisites Install MSIX Packaging …
Continue reading Azure Virtual Deskop – AppAttach and MSIX AppAttach
Windows Hello for Business Cloud Kerberos Trust
Prerequisites and Requirements Link to full Microsoft article: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/#windows-server-requirements AzureAD Kerberos object in Active Directory Link to full Microsoft article: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises#install-the-azureadhybridauthenticationmanagement-module Windows Hello for Business Policy enable Link to full Microsoft article: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/configure Enable Windows Hello for Business in the tenant-wide policy.OBS: If any hybrid-joined devices are present in tenant, do not use this tenant-wide policy, but use account …
Continue reading Windows Hello for Business Cloud Kerberos Trust
Azure Virtual Desktop – Entra ID SSO – Complete Guide
This guide will walk through all the steps required for SSO to work, both within AVD session hosts (auto login to Microsoft applications running within AVD) and from clients to AVD session hosts, then connecting to them.If you only require SSO to work within AVD session hosts, you can skip step 12 (that links to …
Continue reading Azure Virtual Desktop – Entra ID SSO – Complete Guide
Move on from Exchange Online SMTP Basic Authentication with Client Submission
Intro Link to full Microsoft article:https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750 Microsoft are closed one of the older legacy protocols; SMTP with basic authentication.Due late september 2025, now is the time to prepare your systems for the decommission of SMTP relay using the old basic authentication. This article talks about a few ways to modernize sending mails. High volume email …
Continue reading Move on from Exchange Online SMTP Basic Authentication with Client Submission
Microsoft Defender for Endpoint – Use Microsoft Security API to export inventory
Intro This guide will assist in the proces of exporting inventory from Defender for Endpoint. This export will both export servers and clients that are registrered in Defender for Endpoint, since servers also registrer to the same inventory as clients. It can be useful then you want to export data about high exposure devices, or …
Continue reading Microsoft Defender for Endpoint – Use Microsoft Security API to export inventory