Welcome back!
This is part 2 in the CA series – if you haven’t checked Part 1 yet, you can find it here; https://prottecio.com/2025/03/02/2025-conditional-access-ca-policy-part-1-get-started/
Today we will build a policy to block risky sign-in, risky user, securing device registration and more!
Continue reading “2025 – Conditional Access (CA) policy part 2”Welcome back!
Today we will look into the world of Conditional Access – I’ll short it to CA from now.
Even though this could be done at a really fine-grained level and with great complexity – fear not; I will provide you some examples on some really great and fairly easy policies you can implement quickly and improve your security posture with low effort.
Let’s go get those low hanging fruits first!
Continue reading “2025 – Conditional Access (CA) policy part 1 – Get started!”Hi and welcome back!
Today we will talk about Privileged Identity Management (PIM) and I will show you the idea of how you can enable this for your admin users in your tenant.
First – what is a Microsoft Entra role and why can’t all your admins just be Global Admins 24/7?!?
Continue reading “2025 – Enable Privileged Identity Management (PIM) in your tenant”Hi and welcome back!
Do you want your employees to be able to log on without passwords in your tenant? And even better, do you want them to get phishing-resistant logon? Let’s go ahead and set it up!
This picture is Microsoft’s, and I’m just borrowing it for reference.
For more information on authentication and verification methods, you can visit Microsoft Learn here; Authentication methods and features – Microsoft Entra ID | Microsoft Learn
Everything is better then just a username and password. If you don’t have MFA setup in your tenant yet, do it.
Continue reading “2025 – Enable Phishing-resistant MFA in your tenant”It’s been too long since my last post. Life caught up to me, so did work. It’s been a long 1,5 years, to cut it short I acted as IT-leader in Voss herad (a municipality in Norway) from June 2023 to June 2024 before I then got the job and title permanently. A big task, a big responsibility and a big opportunity – right now I wouldn’t be any other place then working with my talented IT-crew here – we have done a lot of good work the last couple of years and we have a lot of cool stuff on the threshold for 2025!
The blog has been lurking in the back of my head but I just couldn’t find enough time to do it right, so I didn’t. The way I started out I wanted to do a scenario from A-Z with all details covered. A way bigger project than I first thought it to be.
But a couple of weeks ago, after posting a bit on LinkedIn about FIDO and phishing-resistant authentication, I stated something along the line; “don’t wait to implement something security related just because you can’t do it 100% the first time – it’s better to do something than nothing at all. 10% is better than 0%”
