Microsoft Entra
Are you looking for information about Microsoft Entra? In this archive you will find all our posts about Microsoft Entra.
-
Secure Emergency Access: Create and Manage Microsoft Entra Emergency Accounts with YubiKey (FIDO2)
A Microsoft Entra emergency access account, also known as a “Break Glass Account”, is a special account set up for accessing Azure resources in emergency situations. This account typically has higher permissions and is only used when conventional access routes are not available. This could be, for example, a service outage, so that no multi-factor authentication can be performed via a mobile phone. The use of emergency accounts is strictly controlled, monitored, and restricted.
-
Microsoft Entra Private Access: Secure Access to Internal Resources and Cloud Services without VPN
Microsoft Entra Private Access enables identity-based access to private enterprise applications and resources located on premises and in the cloud, without relying on traditional VPN connections. Access control is provided by Microsoft Entra ID, which enforces Zero Trust principles based on contextual signals. As a component of Microsoft Entra Global Secure Access, the service delivers location independent network access. Microsoft Entra ID evaluates identity, device status and applicable policies to determine access. This article describes how to configure Microsoft Entra Private Access, starting with service activation and Quick Access configuration through to the installation of the Global Secure Access client. Validation of the setup is performed using name resolution and…
-
SMB over QUIC and Azure Server: empowering secure and lightning fast file sharing
SMB over QUIC is a network protocol used by Windows. It allows secure, shared use of resources such as files on the network. To use SMB (Server Message Block) without QUIC, TCP port 445 is required. Some Internet providers block TCP port 445 for security reasons. Therefore, it is not possible to connect to a file share on Azure by SMB successfully. To bypass the blocking of TCP port 445, there are several options to choose from, including the following:
-
Windows LAPS in Microsoft Intune
Windows LAPS (Local Administrator Password Solution) provides centralized, simple, and secure management of local administrator passwords through Microsoft Intune. Each device receives its own, time-limited local administrator password. Windows LAPS independently manages the administrator passwords in terms of expiration and rotation. The passwords are stored either in Microsoft Entra ID (formerly Azure Active Directory) or in the local Active Directory. The centralized management of all local administrator passwords simplifies control and monitoring. The time-controlled rotation of passwords significantly reduces their exposure duration. In addition, access to the stored passwords is strictly controlled, which makes unauthorized access more difficult and overall increases the security of the network environment.
-
Passwordless Sign In with Microsoft Entra ID (Azure AD) and YubiKey (FIDO2)
Passwordless Sign In with a FIDO2-enabled security key such as a YubiKey in conjunction with Microsoft Entra ID (Azure AD) provides high security while maintaining ease of use. There is no longer any need to enter a username and password. For users with private mobile devices who do not want to install the Microsoft Authenticator app, a security key from YubiKey offers a good alternative. This tutorial sets up a YubiKey 5 security key for passwordless sign in to Microsoft Azure and Microsoft 365 services.