iphase.dk — Michael Mardahl, MVP
Welcome to my corner of the internet — a personal tech blog styled with retro Norton Commander aesthetics.
Microsoft MVP — Security, Identity & Access, Modern Work
I write about Microsoft Entra ID, Intune, Windows 365, Azure, and everything in between.
Latest Posts
- Multi Admin Approval in Intune: Because One Admin Shouldn't Rule Them All
A practical guide to setting up Multi Admin Approval in Microsoft Intune — what it protects, how to configure it, how to harden it with Restricted Administrative Units, and why your future self will thank you for not letting a single compromised account nuke your tenant.
- The IT Admin's Guide to Horses: What Equines Can Teach Us About Enterprise Architecture
A lighthearted exploration of what horses and horsemanship can teach IT professionals about building resilient, scalable, and well-managed enterprise environments.
- No VPN, No Internet: Building a Windows Firewall Kill Switch for FortiClient with Intune
How to prevent Windows 11 devices from accessing the internet when not connected to corporate VPN using Windows Firewall and Intune — and all the things that go wrong along the way.
- Passkeys and the Personal Phone Problem – An MFA Update for 2026
An update on MFA in 2026: Microsoft's mandatory MFA enforcement, passkey types (synced vs device-bound), addressing personal phone resistance, and self-enrollment capabilities.
- ConsentFix - The Quickfix
How to protect your tenant from the ConsentFix OAuth attack by pre-creating and locking down service principals for vulnerable Microsoft first-party apps using PowerShell.
- Unlocking Self-Service Account Recovery (SSAR) in Microsoft Entra
A step-by-step guide to configuring Self-Service Account Recovery (SSAR) in Microsoft Entra ID, enabling users to regain access through government ID verification and biometric liveness checks.
- 2 for 1 - Mail Enable Unlicensed Admin Accounts - 2024 Edition
How to save on Exchange Online licensing for admin accounts by using plus addressing or distribution list redirection to receive admin mail without purchasing additional licenses.
- Simplify Windows Hello for Business SSO with Cloud Kerberos Trust - Part 1
Part 1 of a trilogy exploring Cloud Kerberos Trust for Windows Hello for Business - covering concepts, trust model pain points, and why Cloud Kerberos Trust is the future of SSO to on-premises resources.
Categories
- Identity 18 articles
- Modern Work 3 articles
- Intune 6 articles
- Azure 1 article
- Miscellaneous 2 articles