In any identity infrastructure attack, attackers are going after the "privileges". The more privileged account they own, the more damage they can do. There can be privileged accounts in a system that only used once a month to do a privileged task. In any IT system, we used to believe administrators are trustworthy people. Therefore, most of the time we do not really worry about what they…
In order to manage Azure AD, we use Azure Active Directory option in https://portal.azure.com. By default, any user under Azure AD can access this option event they do not have a Directory role. In my demo setup, I have a user called "Emily Braun". She doesn't have any Directory role assigned.
Then I log in to Azure portal https://portal.azure.com as the user and then go to Azure…
Azure AD B2B allows organizations to share company applications and other services/resources with external users. Before, this external user should have one of following to initiate connection with the organization who sents the B2B inivitation.
1) Azure AD Account
2) Microsoft Account
3) Google Federation ( More info…
Microsoft recently released the new combined registration experience for MFA and SSPR. This steamlined the registration experience and users can sign up by following up step-by-step process. This new portal also improve experience of managing user profile data.
To enable this new experience,
1) Log in to Azure portal as Global Administrator
2) Then go to Azure Active Direcotry | User…
