Azure AD B2B allows external users to collaborate with the organization’s application, services, and data. To allow guest user access, these external users are required to have Azure AD account, Microsoft Account, or Google federation (for @gmail.com and @googlemail.com users). But now, if the guest user doesn’t have any of the above-mentioned accounts, he/she can connect using…
Azure AD Privileged Identity Management allows organizations to manage, monitor, audit access to sensitive Azure resources. One of the main features of PIM is the ability to provide just-in-time (JIT) access to Azure AD and Azure resources. As an example, a user can request to be a Global Administrator for 1 hour. Once a user requests it through the portal, Approver will receive a notification.
In my previous blog post, I explained how to set up sign-in risk-based Azure conditional access policy. This article can be accessed using this link. As I explained in the article, sign-in risk is calculating based on user access behavior. If the user access behavior is flagged as risky, most probably the user account is also compromised. Most of the time, these compromised accounts are sold or…
Some time ago I wrote an article about sign-in risk-based conditional access policies. But things have been changed over time and I thought it is time to update it with new content.
Let’s assume we have a web application that is published via the internet. To access the services, the user has to provide a user name and password. If one of the users’ accounts compromised, how the system…
