Cloud Local Administrator Password Service - Project

Craig Wilson
Over the last few years I have worked with Microsoft Intune, and AzureAD. I always get the request; “We can do this on-premise, why doesn’t it work now in the cloud”. Most of the time it is just a mindset change. Once you understand how cloud native solutions work. One issue that has appeared over and over again is local administrators on workstations that are AzureAD joined only. On-premise we would use LAPS to control administrator accounts, for AzureAD joined devices it’s different, we don’t have a domain or group policy.

Microsoft Ignite 2019 - Day 5 wrap up

Craig Wilson
The final day at Ignite. This is the shortest of the conference but is always the longest for me. The conference finishes at 2 pm, then it’s the long flight home, 30+ hours of travel. Ignite still has sessions running right up the 2 pm, the HUB area is still open, but the vendors or swag guys are gone. The lunchrooms are cut in half. It was good to see Microsoft providing assistance to attendee that have social issues or disabilities.

Microsoft Ignite 2019 - Day 4 wrap up

Craig Wilson
The long day. The fourth day of Ignite is always the longs, started at 7am with breakfast and finished 11pm with the trip to the hotel from the after-party. My day was similar to the day before, lots of sessions and extended focus groups. Here are a few of the updates from the sessions. Microsoft Teams, Microsoft has integrated Teams with almost everything they can. There were so many updates its impossible to capture all the changes, best to review the sessions for Microsoft Teams on the MS Ignite site.

Microsoft Ignite 2019 - Day 2 wrap up

Craig Wilson
Today was a little slower in the information dump then yesterday. I spent more time with the product teams in the hub discussing the new products and solutions. Here are a few of the updates from the sessions. Insider Risk Management, this new service uses the Microsoft Graph, security services and connectors to other systems like SAP, to obtain real-time native signals such as file activity, communications sentiment, abnormal user behaviors and resignation date (If connected to HR).

Microsoft Ignite 2019 - Day 3 wrap up

Craig Wilson
The days are getting longer, still heaps happening at Ignite. Most of my formal tasks are done now. It was time to look at some of the more exciting things that I don’t usually get to see. Started with a look at the new Power Platform areas in PowerApps and PowerBI. Then headed over to Microsoft focus groups area for a chat with them around notifications, then over to Azure Stack.

Microsoft Ignite 2019 - Day 1 wrap up

Craig Wilson
MS Ignite 2019, day 1, is now over. There have been so many posts already highlighting what was covered in the keynotes and some sessions during the day, I attempt not to repeat them. Here are some of the key points that I took away from day 1. Vision Keynote. The keynote was only open to 3000 people in The Hub area, the rest had to view for viewing areas around the conference.

Microsoft Ignite 2019 - Pre-day IoT workshop wrap up

Craig Wilson
Microsoft Ignite 2019 has kicked off. On Sunday I was attended the pre-day workshop on IoT. Benjamin Cabé took the group through the development of a modern cloud IoT solution. We focused on Microsoft’s demo company, Contoso Art Shipping Inc. The workshop started by setting up sensors using IoT Hub and the new Device Provisioning Service with Plug and Play to do enrolment. The device we used was the Azure MX Chip Dev Kit.

Disabling, blocking and revoking an M365 user from your tenant

Craig Wilson
There are times when you need to force a user or users to be disconnected for Microsoft 365 services like Exchange and SharePoint and block their access. When this happens, you need to complete the following tasks. Block the user’s sign in Reset the user’s password and force a change on next login Revoke their sessions to SharePoint and OneDrive Revoke or remove their AzureAD authentication tokens These tasks can be done via the GUI, but it’s quick to have a script pre-paired.

AzureAD Passwordless Sign in - Part 1

Craig Wilson
Microsoft is currently on a path to switch services to Passwordless logins, meaning we will at some point no longer require a password. This does not mean accounts will not be protected; accounts will be using tokens, Multi-Factor, authenticator apps to perform authentication. The Microsoft strategy is base on 4 steps; Develop password replacement offering Reduce the user-visible password surface area Transition into password-less deployment Eliminate password from identity directory Right now, we still see the continued development of the replacement for passwords and the reduction of locations where we need to enter password.

AzureAD Passwordless Sign in with FIDO - Part 2

Craig Wilson
FIDO keys provide you with a hardware-based authentication device. The keys can be used on a number of different sites as well. I use the keys to protect my AzureAD login, GitHub and a few other places as well. In this section, I will go over the process to enable AzureAD. In part 1, I went over methods for PasswordLess login and set up the Microsoft Authenticator App. AzureAD Passwordless Sign in with FIDO - Part 1