Directory
Are you looking for information about Active Directory? In this archive you will find all our posts about Active Directory.
-
Secure Emergency Access: Create and Manage Microsoft Entra Emergency Accounts with YubiKey (FIDO2)
A Microsoft Entra emergency access account, also known as a “Break Glass Account”, is a special account set up for accessing Azure resources in emergency situations. This account typically has higher permissions and is only used when conventional access routes are not available. This could be, for example, a service outage, so that no multi-factor authentication can be performed via a mobile phone. The use of emergency accounts is strictly controlled, monitored, and restricted.
-
Azure AD B2B Direct Connect for shared channels in Microsoft Teams
Microsoft offers with Azure AD B2B Direct Connect for shared channels in Microsoft Teams a feature that simplifies management for collaboration with external partners in teams. Until the release of Azure AD B2B Direct Connect, an external partner was invited to the tenant as a guest and authorized in Microsoft Teams (Azure AD B2B Collaboration). The external partner then received an email with instructions for further steps. When looking in to the own Azure Active Directory everyone notes: each external user gets a guest account in our own Azure Active Directory. Whether the guest account is still in use or not, it will always remain in Azure Active Directory until…
-
Installation and Configuration of Microsoft Entra Cloud Sync
Microsoft Entra Cloud Sync is an advanced synchronization solution that enables seamless integration of objects from Active Directory into Microsoft Entra ID. This technology simplifies synchronization by orchestrating the deployment of Active Directory objects within Microsoft Entra ID in the Microsoft Cloud Services. For the on-premises infrastructure, only the installation of a lightweight agent is required, reducing complexity and enhancing efficiency.
-
Microsoft Entra: Roll Over Kerberos Decryption Key
With Seamless Single Sign-On (Seamless SSO), users can leverage the same credentials for both on-premises and cloud-based services. Repeated authentication prompts between these environments are eliminated, as authentication data is automatically exchanged between Active Directory and Microsoft Entra. As part of the Seamless SSO configuration, a computer account named AZUREADSSOACC is created in the on-premises Active Directory. For security reasons, Microsoft recommends rotating the associated Kerberos decryption key every 30 days.
-
Microsoft Entra Privileged Identity Management (PIM): Request Microsoft Entra roles or Microsoft Azure roles by User
Microsoft Entra Privileged Identity Management (PIM) optimizes the management of privileged roles to Microsoft Azure and Microsoft 365 resources. This contributes to the improvement of the security standards of cloud services. An additional feature is the Just-in-Time authorization, where a user is granted elevated privileges only for the period in which they are actually needed. This minimizes the risk of misuse and unauthorized access. This guide explains how a user can apply for a Microsoft Entra role or Microsoft Azure role for a specific period of time and how an administrator can efficiently manage this requests.