Identity
18 articles
- Passkeys and the Personal Phone Problem – An MFA Update for 2026
An update on MFA in 2026: Microsoft's mandatory MFA enforcement, passkey types (synced vs device-bound), addressing personal phone resistance, and self-enrollment capabilities.
- ConsentFix - The Quickfix
How to protect your tenant from the ConsentFix OAuth attack by pre-creating and locking down service principals for vulnerable Microsoft first-party apps using PowerShell.
- Unlocking Self-Service Account Recovery (SSAR) in Microsoft Entra
A step-by-step guide to configuring Self-Service Account Recovery (SSAR) in Microsoft Entra ID, enabling users to regain access through government ID verification and biometric liveness checks.
- 2 for 1 - Mail Enable Unlicensed Admin Accounts - 2024 Edition
How to save on Exchange Online licensing for admin accounts by using plus addressing or distribution list redirection to receive admin mail without purchasing additional licenses.
- Simplify Windows Hello for Business SSO with Cloud Kerberos Trust - Part 1
Part 1 of a trilogy exploring Cloud Kerberos Trust for Windows Hello for Business - covering concepts, trust model pain points, and why Cloud Kerberos Trust is the future of SSO to on-premises resources.
- Simplify Windows Hello for Business SSO with Cloud Kerberos Trust - Part 2
Part 2 of the Cloud Kerberos Trust trilogy - a step-by-step configuration walkthrough covering Entra Kerberos PowerShell setup, Intune Settings Catalog profile creation, and verification testing.
- Simplify Windows Hello for Business SSO with Cloud Kerberos Trust - Part 3
Part 3 of the Cloud Kerberos Trust trilogy - deep diving into the mechanics, migration from other trust models, NGC credentials, Wireshark captures, Kerberos ticket flows, and troubleshooting with klist.
- 2FA/MFA - Why Multi-Factor Authentication is Important
A high-level overview of multi-factor authentication concepts, types (SMS, app-based, hardware), and why MFA is critical in today's corporate IT landscape.
- Fix onmicrosoft.com Missing Default Domain
A quick workaround to fix the missing onmicrosoft.com default domain alias on synced identities in hybrid Exchange environments by temporarily changing the user's UPN.
- How to remove credentials from a FIDO2 key like a boss
Learn how to remove credentials from a FIDO2 key (Feitian keys specifically) and why housekeeping on your FIDO2 devices matters.
- The Windows Hello Zone! - Part 2
Part 2 of the Windows Hello Zone series - why PINs are more secure than passwords and real-world scenarios where Windows Hello for Business prevents credential theft.
- The Windows Hello Zone! - Part 1
Part 1 of the Windows Hello Zone series - real-world scenarios showing why biometric authentication with Windows Hello for Business is essential for enterprise security.
- Enable Microsoft Enterprise SSO plug-in for Apple Devices through Intune
How to enable the Microsoft Enterprise SSO plug-in for Apple iOS and macOS devices through Microsoft Intune.
- Passwordless journey with FIDO2 - Part 3 - Engine troubles
Part 3 of the FIDO2 passwordless journey covering unsupported key whitelisting, AAGUID discovery, and reviews of Ensurity ThinC-AUTH, KEY-ID, and OnlyKey security keys.
- Conditional Access and the woes of being an external user
Challenges of Conditional Access and MFA as an external/guest user in Entra ID tenants, and practical solutions including FIDO2 keys.
- Passwordless journey with FIDO2 - Part 2 - Usage experiences
Part 2 of the FIDO2 passwordless journey covering hands-on usage experiences with Solokeys, Yubico, and eWBM biometric security keys for Azure AD.
- Passwordless journey with FIDO2 - Part 1 - Getting started with Security keys
Part 1 of the FIDO2 passwordless journey covering requirements, setup hurdles, and an overview of security key vendors for Azure AD enterprise use.
- 2 Cool new password policy features in Microsoft Entra Connect Sync
Two new Microsoft Entra Connect Sync preview features: force password reset at logon and enforce cloud password policy for synced users.