Reducing the time that security tokens remain valid negatively affects the end-user experience. CAE is designed to address the problem.
SMS and Voice MFA Methods in Microsoft’s Crosshairs On November 10 Alex Weinert, the Director of Identity Security at Microsoft, posted It’s Time to Hang Up on Phone Transports for Authentication. The article argues that it’s time to consider dumping the SMS and voice methods for multi-factor authentication (MFA) in favor of passwordless strong authentication…
Logical Division of Azure Active Directory Management Since its launch in 1999, Active Directory has used Organizational Units (OUs) to logically partition the directory. Despite discussions going back as far as 2014, the ability to partition Azure Active Directory in the same or an equivalent manner wasn’t available. Administrative Units (AUs), launched in public preview…
Microsoft Graph Conditional Access support and insights make it easier to secure users at scale.
Improve security by setting up passwordless sign-in for Microsoft 365 users.
Clamping Down on Guests After several years’ usage, most Office 365 tenants are accustomed to guest users and the way that the Microsoft 365 groups membership model allows guests access to group resources such as plans, sites, and teams. For most, the model works well, and the only issue is how to best manage the…
Controlling Access to Sensitive Content A recent Microsoft Technical Community article covers how to use Azure AD Privileged Identity Management to control access to the super-user permission for Azure Information Protection. An account holding super-user permission can access any content protected (encrypted) by an Azure Information Protection or Office 365 sensitivity label. I don’t intend…
Cloud provisioning simplifies synchronizing on-premises identities to Azure AD during mergers and acquisitions.
Good Visibility Over Guest Activity for Host Office 365 Tenants From a host tenant perspective, Microsoft has done a great job with Azure B2B Collaboration, the foundation for guest user access for applications like Teams and Planner. External people can be invited to join groups and teams or share documents and folders (including now through…
Enable users to sign in to Azure AD using a phone number or with an alternate email address.