Microsoft Teams Lifecycle Management: Key Governance Tips

Posted on 1. September 2024 by Armend

Getting Started: Microsoft Teams Lifecycle Management and Governance

Effectively managing the lifecycle of teams within Microsoft Teams is crucial for preventing uncontrolled growth and ensuring the orderly management of your tenant. By setting clear governance policies, users can understand when and how they are allowed to create new teams or groups. This approach ties closely to a well-thought-out plan for lifecycle management in Microsoft Teams. Generally, there are two approaches to team creation: centralized and decentralized. Consider whether your IT department should manage all team creation or if users should have similar rights, taking into account factors like company size, security requirements, and desired control levels.
Continue reading

Posted in Teams | Tagged , , | 4 Comments

Configure Cloud-based Message Recall in Exchange Online

Posted on 29. August 2024 by Armend

In the realm of professional communication, sending an email is just the beginning. Sometimes, a message needs to be recalled due to errors or changing circumstances. But what happens after you hit that recall button? Should your recipients be notified? In Microsoft Exchange, you have the power to configure recall notifications, ensuring that your team stays informed and engaged.

The Importance of Recall Notifications

Recall notifications serve several critical functions: Continue reading

Posted in Exchange Online | Tagged , | 2 Comments

New Teams client pre-installation script

Posted on 31. July 2024 by Armend

New Teams clientMicrosoft has a pre-installation check script designed to identify why devices can’t be updated to the new Teams client. The script also suggests solutions to any problems it finds. Administrators can save time moving to new Teams by running the script in these two use cases:

  • Before you install new Teams for the first time.
  • After the new Teams client installation fails on some devices.

Continue reading

Posted in Teams | Leave a comment

Remove certificate from a Single Sign-On Enterprise Application

Posted on 29. July 2024 by Armend

SAML certificates are an important part of Single Sign-On (SSO) in a Security Assertion Markup Language (SAML) environment. SAML certificates are used to establish trust between the identity provider (IdP) and the service provider (SP) in a SAML-based SSO scenario. When setting up an enterprise application in Entra, a default SAML certificate is generated. At least one active certificate is necessary to authenticate single sign-on. Continue reading

Posted in Entra ID (Azure) | Tagged , | 7 Comments

How to disable MFA for all users except the admins in the M365

Posted on 28. July 2024 by Armend

For a number of reasons, I am often asked how to disable MFA for all users except the administrator in M365 , for example for: educational institutions like schools, etc…

If you don’t want to do it, you can still limit access to specific IPs or networks. This can be done under the ‘Network’ settings by selecting ‘Any network’ or specifying particular locations. However, I’ll explain this topic in more detail in another post.

To disable multi-factor authentication (MFA) for all users except the administrator in a Microsoft 365 environment using Conditional Access, the following steps are required:

Continue reading

Posted in Entra ID (Azure), M365 | Tagged , | Leave a comment

How to Turn Your Hobby into a Career as an IT Professional

Posted on 22. July 2024 by Armend

It’s never too late to turn your passion into a career, as many companies do not place much emphasis on a diploma or degree in IT but are looking for experienced and enthusiastic colleagues. The transition from hobbyist to IT expert is not only possible but also incredibly rewarding. Here are some steps you can take on your journey to transform your passion into a career. Continue reading

Posted in IT career | Tagged , , | Leave a comment

Can I set up recurring access reviews for different Azure AD roles

Posted on 5. July 2024 by Armend

entra-idHere is how you can set up recurring access reviews for different Azure AD roles using.

Azure AD Privileged Identity Management (PIM):

 

  1. Create an Access Review:
    In the Microsoft Entra admin center, go to Identity governance > Privileged Identity Management.
    Select Azure AD roles under “Manage”.
    Continue reading
Posted in Entra ID (Azure) | Leave a comment

How does DMARC improve email authentication compared to using SPF and DKIM alone

Posted on 4. July 2024 by Armend

DMARC improves email authentication by building upon SPF and DKIM in a few key ways:

 

 

 

  1. Alignment check: DMARC requires the domain in the “From:” header of the email to align with either the domain specified by SPF or DKIM. This prevents attackers from using your domain name in the “From:” field while using a different domain that passes SPF/DKIM. Continue reading
Posted in Generally | Leave a comment

How do I limit the duration of privileged role assignments in Entra ID

Posted on 4. July 2024 by Armend

Limiting the Duration of Privileged Role Assignments in Entra ID

Entra IDEntra ID (formerly Azure Active Directory) provides the ability to limit the duration of privileged role assignments, which can help enhance the security of your organization’s identity management. Here’s how you can do it:

 

Step 1: Understand Privileged Role Assignments

Privileged role assignments in Entra ID grant users elevated permissions, such as the ability to manage other users, access sensitive data, or perform critical administrative tasks. Limiting the duration of these assignments can help reduce the risk of unauthorized access and ensure that users only have the necessary permissions for the required time. Continue reading

Posted in Generally | Leave a comment

How to create custom roles with specific permissions in Azure AD

Posted on 3. July 2024 by Armend

Creating Custom Roles with Specific Permissions in Azure AD

Entra IDCreating custom roles with specific permissions in Azure Active Directory (Azure AD) can be a useful way to grant users the exact level of access they need, without giving them unnecessary privileges. Here’s a step-by-step guide on how to do it:

 

Step 1: Understand Azure AD Roles and Permissions

Azure AD has a set of built-in roles, such as Global Administrator, User Administrator, and Security Administrator. These roles have predefined permissions that you can assign to users. However, if the built-in roles don’t meet your specific needs, you can create custom roles. Continue reading

Posted in Entra ID (Azure) | Leave a comment