Microsoft Azure
Are you looking for information about Microsoft Azure? In this archive you will find all our posts about Microsoft Azure.
-
Kerberos Cloud Trust and Windows Hello for Business: Secure and Seamless Authentication in Hybrid Environments
Kerberos Cloud Trust is a hybrid authentication protocol developed by Microsoft to enable secure and passwordless sign-ins. Kerberos Cloud Trust combines the strengths of Kerberos and Windows Hello for Business to offer a modern, secure, and user-friendly authentication solution. It is particularly useful in hybrid environments where both cloud and on-premises resources are utilized. Users authenticate securely and seamlessly both locally and in the cloud.
-
Microsoft Entra ID: Automatically Roll Over Kerberos Decryption Key
The regular roll over of the Kerberos decryption key is crucial to ensure the security and integrity of seamless Single Sign-On (SSO) in hybrid IT environments. Microsoft recommends rolling over this key every 30 days to close potential security gaps and ensure smooth integration between on-premises Active Directory and Microsoft Entra ID. This process can be automated to minimize administrative effort and ensure continuous security.
-
Switch from per-user MFA to MFA with Microsoft Entra Conditional Access
Setting up Multi-Factor Authentication (MFA) per user significantly enhances the security of a Microsoft tenant and is now the standard practice for every administrator. With per-user MFA, a Multi-Factor Authentication is required from the user during each sign-in. However, this can lead to frustration among legitimate users whose workflows are disrupted by frequent MFA prompts. To achieve a better user experience while balancing security and usability, it is recommended to switch to MFA (Multi-Factor Authentication) using Microsoft Entra Conditional Access.
-
Migrate Legacy MFA and SSPR Policies to Authentication Methods in Microsoft Entra ID
Microsoft announced that the legacy policies for Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) will no longer be supported after September 30, 2025. We need to migrate the legacy MFA and SSPR policies to the authentication methods in Microsoft Entra ID.
-
Securing Identities: Microsoft Authenticator Passkey in Microsoft Entra
A device-bound passkey is a FIDO2-based, phishing-resistant authentication credential where the device generates the private key and stores it securely. Microsoft Entra supports the use of a Microsoft Authenticator passkey. During sign-in, no password is transmitted. Instead, the Authenticator responds to a cryptographic challenge. The private key never leaves the device.