Azure Active Directory

Securing Confidential SharePoint Online Data SharePoint Online sites hold some very confidential information. Now that SharePoint Online supports sensitivity labels, you can protect individual documents with encryption to stop their contents leaking. Other features, like regarding newly uploaded documents sensitive by default to stop them being shared externally until Data Loss Prevention (DLP) processing completes,…

Cloud Discovery, Application Proxy, passwordless authentication, and more Azure Active Directory features coming to Microsoft 365 Business in April.

Microsoft is gradually introducing multifactor authentication (MFA) for all organizational accounts in Azure Active Directory. In this article, I look at the new Security Defaults setting and how to enable it.

Many Office 365 applications now create Azure Active Directory guest accounts. What’s the best way to discover if the accounts are active and in use? This PowerShell script uses the Office 365 audit log and message trace data to figure out what guest accounts are active and outputs a CSV file for your review and analysis. Like any other PowerShell script, it can be adapted to suit your purposes.

Before you perform an AAD domain join, you should understand the difference between an AAD domain-joined device and one that is registered with AAD.

AAD Basic edition is ‘going away’ because it is low volume and confuses customers.

You can add photos to Azure Active Directory guest accounts and have Office 365 apps display those photos. But it’s a lot of work to track down suitable photos for individual guests. If you want to change the default two-initial icon displayed by Office 365, you can use PowerShell to update all guest accounts with a photo. Here’s how I handled the problem.

You can now protect your Azure Active Directory account with a 256-character password, including spaces. This news will bring much joy to Office 365 administrators and others who hated the previous 16-character limit, but please don’t rush into forcing users to change their passwords without taking the time to pause and consider how best to proceed. Longer passwords are good, but they should be only one part of a strategy to protect user accounts.

Microsoft launched the preview of Entitlement Management, a new part of their Azure Active Directory Identity Governance program. The idea is that you can manage access to resources via policy, which seems to be a good thing, especially in large organizations where objects like Office 365 Groups, SharePoint Sites, and Teams might just get a little out of hand. The preview is interesting, but like all previews, it needs some work to be ready for prime time.