Azure & Active Directory Center

ENow Software's Azure & Active Directory blog built by Microsoft MVPs for IT/Sys Admins.

Posts about:

Office 365

update listing image

Basic Authentication Update - February 2022

Image of Jaap Wesselius
Jaap Wesselius

The last couple of years we have seen several security breaches in IT, leading to serious impact and financial losses. Not only in the United States, but also in the rest of the world. Last year here in Holland we have seen two respected companies in a lawsuit, where one company was compromised, leading to a financial loss of a 7-digit number of the other company. The first company was running their environment in Office 365, but because of a weak password, the mailbox of a financial controller was compromised. It could easily have been prevented by using Multi-Factor Authentication (MFA). In my own customer base there are also examples of security breaches, including CFO fraud which resulted in a financial loss which also could have been prevented easily.

Read More
Weak Password and how Active Directory can help

How to Prevent Users from Using Weak Passwords

Image of Jaap Wesselius
Jaap Wesselius

Previously, MVP Nicolas Blank wrote an interesting article "Having an Identity Crisis" and it talked about all kinds of attacks on your environment. One such attack is on user email.  Users tend to choose a password that is easy for them to remember and this makes the password weak and easy to guess by others.  Even with some social engineering, user passwords are easy to retrieve, as can be seen on this YouTube clip What is your password?

Read More
Office 365 Authentication listing image

Using Selective Authentication per Subdomain in Office 365

Image of Michael Van Horenbeeck MVP, MCSM
Michael Van Horenbeeck MVP, MCSM

Office 365 allows for various authentication mechanisms, which includes federated authentication through Active Directory Federation Services. Federated authentication in Office 365 is configured per domain. However, if you register multiple subdomains in your Office 365 tenant, those subdomains will automatically inherit the authentication settings from the parent domain IF you registered the subdomains in the tenant after the parent domain.

For instance, if you have added child1.domain.com and child2.domain.com after registering domain.com, both subdomains will be converted to use federated authentication if you convert the parent domain.

Read More
3 Steps to Managing Azure AD

The Hard Part of Soft Matching between Active Directory and Azure AD

Image of Sander Berkouwer
Sander Berkouwer

One of the pieces of feedback we received from a previous ENow post (integrating your temporary COVID tenant with your on-premises environment), was the fear of introducing errors and interrupting processes that now rely on the Azure AD tenant. This, indeed, may be the case when you rely solely on Azure AD Connect’s soft matching capabilities and wield a narrow scope for synchronization of objects.

Read More
Authentication listing image

Office 365 Basic Authentication Update

Image of Jaap Wesselius
Jaap Wesselius

Almost a year ago, in March 2020, I wrote an article called Microsoft stops basic authentication, now what on this site about Microsoft’s plan to decommission Basic Authentication in Office 365. The Covid-19 pandemic took over the world and a lot of projects were postponed. This was also the case of the Basic Authentication project at Microsoft, but the decommissioning is still planned although there are some serious changes in Microsoft’s planning. Time for an update.

Read More
Discovery Tenant to Tenant listing image

Part 1: Discovery in Tenant to Tenant Migrations

Image of Dominik Hoefling MVP
Dominik Hoefling MVP

Microsoft 365 tenant to tenant migrations happen very often.  There are merger and acquisitions, e. g. when a company buys another company, and there are divestitures, e. g. when a company gets partially outsourced to another company. This three-part blog series covers all things you should be aware of when you, as an admin, get involved in tenant to tenant migrations.

- Part 1 covers the discovery of identities, workloads, data, and security.
Read More
businessman touching virtual key

Microsoft 365 Security Assessment Part 2

Image of Matthew Levy
Matthew Levy

Last week I shared part one of my Microsoft 365 Security Assessment where we took a deep dive into securing things related to Azure Active Directory. If you haven’t had a chance to read through it yet, take a few minutes and read it here.

Now that we’re all on the same page, lets dive into part two, where we’ll cover security settings in the Microsoft 365 Admin Center.

Moving on to the Microsoft 365 Admin Center

Turn ON modern authentication

Modern authentication is what allows you to enforce MFA and other identity based security features. Products that don’t use “modern authentication” use what we call “Legacy Authentication” (obviously) or “Basic Authentication”. It only uses username and password pairs to authenticate a user. The example shown in Figure 14: Basic authentication prompt is using legacy authentication, also known as basic authentication.
Read More
Sander-AD-Book-2nd edition copy

Want to learn more about Active Directory?

Active Directory Administration Cookbook, 2nd Edition

In this book, Microsoft MVP & Technical Editor of ENow's Azure & Active Directory Center, Sander Berkouwer will share the intricacies of managing Azure AD, Azure AD Connect as well as Active Directory for administration in the cloud and on Windows Server 2022.