Tag: Azure AD

Azure AD
Thomas Kurth

Azure AD Guest Account -Governance and Cleanup

One of the biggest challenges with guest/external accounts in Azure AD is to build a governance process to keep your directory clean. Many companies do not like to have old and unused guest accounts forever in their Azure AD. Without a review functionality and information who has invited them this

Read More »
SCCM
Thomas Kurth

Monitor Windows Hello and AAD Hybrid join enrollment with MEMCM

Dsregcmd.exe is one of the most important troubleshooting tools on a Windows device when working with Azure AD Hybrid Join or Windows Hello. But this tool is only available as a command line tool and not in PowerShell. I wrote a translation function to change that. The Get-DsRegStatus function can

Read More »

Automatic environment cleanup with Intune Connector for AD Extender

In today’s environments one of the most important point is to keep them clean and tidy. Otherwise deployment statistics and security related reports are not correct. Therefore it’s important to continuously clean up your environment. In this blog I will cover solution on how to automatically cleanup when you are

Read More »

AzureAD Joined Device and Kerberos???

If you join a device to Azure AD, then you get SSO to cloud resources protected by Azure AD. If you are using a Hybrid User (Synchronized from your on-premise Domain), you get an additional hidden gimmick. In general, it allows a lot of use cases where a company would

Read More »

Assign AzureAD/O365 Roles based on groups

In nearly every engagement I get the question why it’s not possible to assign Azure AD roles based on Azure AD or synced AD groups. Also, in my opinion this would be a nice feature to have in a productive environment. I started building a solution based on Azure Automation,

Read More »

Implementing Azure AD Privilege Management for Azure IaaS

Two years ago, we implemented AzureAD PIM in our baseVISION infrastructure to rise the security level. But after some time, we recognized, that it has too many drawbacks because the activation of the requested role took sometimes longer than a few hours. Especially in Exchange, Skype or Intune this was

Read More »