Intro Implementing 3 tiers in Microsoft Entra Domain Services will greatly enhance the security posture of the domain, and minimize risk of hackers being able to traverse the domain.This guide aims and making it as simple as possible to implement these hardening features.However since Entra Domain Services is not like Active Directory, there are multiple …
Continue reading Microsoft Entra Domain Services – Tiering – Preventing lateral movement
Author:Christoffer Klarskov Jakobsen
Azure Virtual Desktop – Enable location Services redirection
Enabling location services for users on Azure Virtual Desktop (AVD) can significantly enhance the user experience and improve the functionality of certain applications. Here’s a detailed description of how and why you should enable these services: OBS: Google Search engine and other webpages that reply only on source IP address will not change location and …
Continue reading Azure Virtual Desktop – Enable location Services redirection
How to fix common Sysprep issues when capturing AVD Golden Image
If Azure Devops pipeline for capture of new image version from golden image VM fails, and the failed pipeline is caused by failing “VM Sealing” (also called sysprep), most likely it is because of AppX packages on the image VM, that blocks the sysprep from completing. You can take a snapshot of the image VM, …
Continue reading How to fix common Sysprep issues when capturing AVD Golden Image
Microsoft Teams on AVD – Fix Meeting Add-in
Intro Microsoft Teams is a great app for collaboration. On VDI systems like AVD however, it can be a challenge to install and present to users without any issues. This article is about installation and small workarounds. Bootstrapper installer Instruct Teams to understand it is AVD/VDI It has been reported that Teams is not added …
Continue reading Microsoft Teams on AVD – Fix Meeting Add-in
Prevent sign-in consent prompt on Azure Virtual Desktop (AVD)
Before you begin If you have hybrid joined session hosts, remember to first setup SSO using this guide:Azure Virtual Desktop – Entra ID SSO – Complete Guide – Christoffer Klarskov Jakobsen – Microsoft Architect Then configuring AVD, and we have spend some time setting up a nice SSO experience for the users, it is frustrating …
Continue reading Prevent sign-in consent prompt on Azure Virtual Desktop (AVD)
Exchange Hybrid Migration Cheat Sheet
Design It is recommended to create a new Exchange server that is not hosting any databases and mailboxes. This new Exchange server is configured as endpoint for the Hybrid Configuration in the Wizard. That way after comleting migrations, you can decommission all other Exchange servers and keep the Hybrid Exchange server, that can be used …
Continue reading Exchange Hybrid Migration Cheat Sheet
Physical Data Locations – Microsoft 365
Intro Data within a Microsoft 365 tenant can be placed several places and for a customer it can be challenging to know where data is physically stored. Whenever the abbreviation EUR is showed, for Microsoft 365 it spans across multiple datacenters: Quick way to show data locations Microsoft provides a simple way of getting this …
Continue reading Physical Data Locations – Microsoft 365
Password Protection Policy – Custom Banned Passwords List
Source: Microsoft Entra Password Protection – Microsoft Entra ID | Microsoft Learn CHECK OUT MY OTHER ENTRA ID PASSWORD PROTECTION GUIDE ON HOW TO DEPLOY TO LEGACY ACTIVE DIRECTORY FOR SYNCED USERS: Password Protection Policy – Hybrid mode to on-premise AD – Christoffer Klarskov Jakobsen – Microsoft Architect License requirement: default enabled Microsoft global banned passwords …
Continue reading Password Protection Policy – Custom Banned Passwords List
Password Protection Policy – Hybrid mode to on-premise AD
Source: Microsoft Entra Password Protection – Microsoft Entra ID | Microsoft Learn Huge credits to Ali Tajran: Configure Microsoft Entra Password Protection for on-premises – ALI TAJRAN Requirements License Requirements Scope Microsoft Entra Password Protection with global banned password list Microsoft Entra Password Protection with custom banned password list Cloud-only users Microsoft Entra ID Free Microsoft Entra ID …
Continue reading Password Protection Policy – Hybrid mode to on-premise AD
RDP to Entra ID Joined VM (Workaround then Azure Bastion is not possible to deploy)
Windows server 2025 (and earlier) comes with the feature of being Entra ID joined.In Azure, this is very easy and can be done then deploying, or later by installation the AADLoginForWindows extension. The best way to manage a VM (then you need RDP access), is by using Azure Bastion. However if that is not an …
Continue reading RDP to Entra ID Joined VM (Workaround then Azure Bastion is not possible to deploy)