Windows server 2025 (and earlier) comes with the feature of being Entra ID joined.In Azure, this is very easy and can be done then deploying, or later by installation the AADLoginForWindows extension. The best way to manage a VM (then you need RDP access), is by using Azure Bastion. However if that is not an …
Continue reading RDP to Entra ID Joined VM (Workaround then Azure Bastion is not possible to deploy)
Author:Christoffer Klarskov Jakobsen
Entra ID – Passwordless Configuration – Basic
Intro This guide is devided into two phases. One phase is about preparing the customer’s Microsoft 365 Entra ID to support passwordless implementation.The other phase is about creating users, adding temporary access pass and self-service password reset options. DISCLAIMER: Some of the pictures is in danish – I wish to come back and edit for …
Continue reading Entra ID – Passwordless Configuration – Basic
Inbound SMTP DANE with DNSSEC in Exchange Online
Intro This guide expains how to enable Inbound SMTP DANE with DNSSEC in your customers tenant.Domains to be configured for this, will be domains present in your customers tenant. Verify DNSSEC Update existing MX record TTL in DNS management system Enable DNSSEC for domain in Exchange Online Add new MX record to domain Verify new …
Continue reading Inbound SMTP DANE with DNSSEC in Exchange Online
Azure Virtual Deskop – AppAttach and MSIX AppAttach
Intro Before beginning, it is important to understand when to use the newest offer AppAttach or go with the older MSIX AppAttach.Below is a table comparing the two: In general use AppAttach, as long as you’re running Windows 11 Multi-Session or newer, as it is not available on Windows 10 Multi-Session. Prerequisites Install MSIX Packaging …
Continue reading Azure Virtual Deskop – AppAttach and MSIX AppAttach
Windows Hello for Business Cloud Kerberos Trust
Prerequisites and Requirements Link to full Microsoft article: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/#windows-server-requirements AzureAD Kerberos object in Active Directory Link to full Microsoft article: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises#install-the-azureadhybridauthenticationmanagement-module Windows Hello for Business Policy enable Link to full Microsoft article: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/configure Enable Windows Hello for Business in the tenant-wide policy.OBS: If any hybrid-joined devices are present in tenant, do not use this tenant-wide policy, but use account …
Continue reading Windows Hello for Business Cloud Kerberos Trust
Azure Virtual Desktop – Entra ID SSO – Complete Guide
This guide will walk through all the steps required for SSO to work, both within AVD session hosts (auto login to Microsoft applications running within AVD) and from clients to AVD session hosts, then connecting to them.If you only require SSO to work within AVD session hosts, you can skip step 12 (that links to …
Continue reading Azure Virtual Desktop – Entra ID SSO – Complete Guide
Move on from Exchange Online SMTP Basic Authentication with Client Submission
Intro Link to full Microsoft article:https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750 Microsoft are closed one of the older legacy protocols; SMTP with basic authentication.Due late september 2025, now is the time to prepare your systems for the decommission of SMTP relay using the old basic authentication. This article talks about a few ways to modernize sending mails. High volume email …
Continue reading Move on from Exchange Online SMTP Basic Authentication with Client Submission
Microsoft Defender for Endpoint – Use Microsoft Security API to export inventory
Intro This guide will assist in the proces of exporting inventory from Defender for Endpoint. This export will both export servers and clients that are registrered in Defender for Endpoint, since servers also registrer to the same inventory as clients. It can be useful then you want to export data about high exposure devices, or …
Continue reading Microsoft Defender for Endpoint – Use Microsoft Security API to export inventory
Azure Bastion
Deploy Azure Bastion to subscription No hassle of managing Network Security Groups (NSGs)You don’t need to apply any NSGs to the Azure Bastion subnet. Because Azure Bastion connects to your virtual machines over private IP, you can configure your NSGs to allow RDP/SSH from Azure Bastion only. This removes the hassle of managing NSGs each …
Continue reading Azure Bastion
Create custom Privileged Identity Management (PIM) group with approver
Description This guide will walk through the proces of creating custom PIM group that will give members eligility to elevate and become global admin. This guide will also outline how to setup approver as required step in the proces of elevation. Create groups Enable groups for PIM Setup PIM for the group that holds the …
Continue reading Create custom Privileged Identity Management (PIM) group with approver