https://www.verboon.info/tags/entra-id/Recent content in Entra ID on Anything About ITHugoen-usSun, 28 Apr 2024 12:25:01 +0000https://www.verboon.info/2024/04/microsoft-defender-for-endpoint-security-settings-management-internals-0x1/Sun, 28 Apr 2024 12:25:01 +0000https://www.verboon.info/2024/04/microsoft-defender-for-endpoint-security-settings-management-internals-0x1/<p>In this post, we take a closer look at how <strong>Microsoft Defender for Endpoint Security Settings Management</strong> works behind the scenes, especially for Windows Server scenarios.</p> <h2 id="entra-id-device-registration">Entra ID Device Registration</h2> <p>Because Intune policy assignment is group-based, devices need an object in Entra ID. If a server already has an existing registration (for example Hybrid Join), that object is reused. If not, a synthetic device identity is created in Entra ID so the device can retrieve policy.</p>https://www.verboon.info/2022/11/users-can-create-azuread-tenants/Tue, 22 Nov 2022 22:13:09 +0000https://www.verboon.info/2022/11/users-can-create-azuread-tenants/<p>Hello there,</p> <p>In this blog post we look at a setting within the Azure AD portal: &ldquo;Users can create Azure AD tenants&rdquo;. Unfortunately, this setting is enabled by default. Most organizations will probably want to turn this off. You can find it in the Azure AD portal under Settings &gt; Users &gt; User settings &gt; Tenant creation.</p> <p> <img src="images/112222_2202_Userscancre1.png" alt=""> </p> <p><code>Yes</code> allows default users to create Azure AD tenants. <code>No</code> allows only users with the Global Administrator or Tenant Creator roles to create Azure AD tenants. Anyone who creates a tenant becomes the Global Administrator for that tenant.</p>https://www.verboon.info/2021/02/collecting-azuread-user-authentication-method-information/Sun, 07 Feb 2021 13:28:44 +0000https://www.verboon.info/2021/02/collecting-azuread-user-authentication-method-information/<p>Hello everyone, last Friday I received an email from one of my customers, asking how to identify users in Azure AD that have enabled <a href="https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone">passwordless sign-in with the Microsoft Authenticator app</a>. Previously I usually made use of the <a href="https://docs.microsoft.com/en-us/samples/azure-samples/azure-mfa-authentication-method-analysis/azure-mfa-authentication-method-analysis/">Script for Azure MFA authentication method analysis</a> but that script uses the MSOnline PowerShell module where the <code>Get-MsolUser</code> cmdlet does not expose the information about these newer authentication methods.</p> <p>So heading over to Microsoft Graph and there we can grab all authentication methods for users as shown in the example below.</p>https://www.verboon.info/2019/02/windows-7-hybrid-join-and-mfa-ramblings/Tue, 05 Feb 2019 19:36:58 +0000https://www.verboon.info/2019/02/windows-7-hybrid-join-and-mfa-ramblings/<p>Today I ran into an issue where Windows 7 would not hybrid join as expected. Before going into the details, for those who might not be aware like Windows 10 and Server 2016, you can also hybrid join down-level devices. The functionality is of course not built into Windows so you need to install the &ldquo;<a href="https://www.microsoft.com/en-us/download/details.aspx?id=53554">Microsoft Workplace Join for non-Windows 10 computers</a>&rdquo; software.</p> <p>One reason why you want to hybrid join Windows 7 devices is Conditional access. Let&rsquo;s assume you plan to introduce Conditional access for your users where you want to enforce MFA when using a non-corporate device.</p>