With this post, I will take you on the journey to enable FIDO authentication for Office 365 as an alternative to the Authenticator app or as an addition to the Authenticator app.
What is FIDO FIDO stands for “Fast IDentity Online” and provides a passwordless authentication method with a passkey like the Yubikey 5. FIDO allows you to log into many websites and devices without entering a password. In-depth information about FIDO can be found on the FIDO Alliance website.
Lately, I have been working on some self-service tooling so that the employees can do specific tasks themselves, like updating members of a Shared Mailbox instead of creating a ticket and asking IT to do this. To build this solution, we have developed an Azure Function with API management as the back-end and a PowerApp as the front-end.
Our team uses PowerShell a lot, and the easiest way to communicate with Exchange Online is using PowerShell.
Five years ago, I wrote an article about enabling PIM roles with Powershell, and last week I took it upon myself to convert it using the Microsoft Graph PowerShell modules
Why would you move? The primary reason to start moving to the graph modules is that the AzureAD and other modules were declared deprecated last year; see this post for all the details https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-change-management-simplified/ba-p/2967456 The modules still work but will not get any updates anymore.
The last few weeks I had to create a few PowerShell scripts where I had to combine certain information from several sources.
The way I used to do it was to do a where-object on an ID in an array. This works well, but I noticed that on large datasets it takes a lot of time. A where-object on a dataset of 30.000 items it takes on average between 1 and 2 seconds.
This weekend I had the privilege to speak at SharePoint Saturday in Madrid. The session was about Automation in Office 365. See the slides below
[slideshare id=151347967&doc=20190622-usingautomationinoffice365-190623120657]
Last week I attended the European Collaboration Summit for the third time. This year another location in Wiesbaden.
It was a fantastic conference with a lot of great speakers. This year I choose not to make a long post an everything I saw but made an Instagram story with the highlights.
Go and watch it here
https://www.instagram.com/stories/highlights/17889983905339614/
Next year the conference is coming back to Wiesbaden from June 8th till June 10th
So, what is Access Review? It is an Azure solution that can assist in the reduction of access to guests in your tenant and access to applications for your users. This tool can assist you in doing automated reviews of access to certain Enterprise applications or on AD groups in your tenant. See this YouTube video for a detailed explanation
https://youtu.be/kDRjQQ22Wkk
The downside of this tool is that it is only available when you have Azure AD P2 or EMS E5 license.
What is Azure AD Terms of use? Within Azure AD conditional Access there is an option called Terms of use. As Microsoft explains it:
“Azure AD Terms of use provides a simple method that organizations can use to present information to end users. This presentation ensures users see relevant disclaimers for legal or compliance requirements.”
So basically, you will give the end users a popup or screen when they login with a disclaimer for legal or compliance reasons.
This week I had the privilege to speak at DIWUG about securing your Office 365 environment. This time I started from a governance point of view. So what policies do we have and do we need before we can set up the security in Office 365. Also what licenses are available and do we need additional licenses to satisfy our security needs.
In the demos I showed how Conditional Access can help securing the environment and how Terms of use can be used for certain user groups or applications.
At my customer we are using Privileged Identity Management (PIM) for all admin related tasks, no employee has standing access within the company.
What is PIM Let’s first start by explaining Privileged Identity Management. It is a service that is available in Azure AD and is part of Azure AD Plan 2. For a user to use it, they need this plan enabled. PIM makes it possible to give a user the privilege to elevate his or her access rights for a preset amount of time to a higher role such as User Administrator or SharePoint Administrator.