When a Microsoft partner (CSP) sends you an invitation into your M365 tenant you might also give them Global Administrator and Helpdesk admin permissions even though the partner just provides you with licenses. This is a problem as a partner could access your M365 tenant and can make changes like adding accounts, changing permissions, read… Weiterlesen Manage partner relationships (CSP) and partneradmin roles in a M365 tenant
Kategorie: Azure Active Directory
Überprüfen der Partnerbeziehungen (CSP) und Rollen im M365 Tenant
Seit einiger Zeit nutzen Angreifer die Schnittstelle zwischen M365 Partner (CSP) und Kunden aktiv aus, um so in einen M365 Kundentenant zu gelangen. Das wird dadurch ermöglicht, dass man einem M365 Partner Zugriff in seinen Tenant gewährt hat, um von diesem z.B. mit Microsoft Lizenzen versorgt zu werden, dabei aber auch dem Partner Global Administrator,… Weiterlesen Überprüfen der Partnerbeziehungen (CSP) und Rollen im M365 Tenant
Use Graph Directory Schema Extensions for Microsoft Teams Governance

In this article, I want to share a method that allows your organization to bring a Microsoft Teams Governance solution to the next level. Most organizations that use Microsoft Teams have Governance requirements like naming conventions, Teams creation limitations, etc. Microsoft has solutions in the portfolio that help you fulfill these requirements, like creation and… Weiterlesen Use Graph Directory Schema Extensions for Microsoft Teams Governance
Teams Invitation Processes – A comparison
Hi, in this blog article, I deal with Microsoft Teams and Guest User handling. If you’ve read my latest articles here you might have recognized that I’ve talked a lot about Identity Governance and its relevance for Teams. Now I want to share a short comparison about the different methods to invite guests to Teams… Weiterlesen Teams Invitation Processes – A comparison
Use more Access Packages!
Microsoft Teams & Azure AD Access Packages = BFF ?! Hi, the more I am using Azure Active Directory Entitlement Management and Access Reviews, the more I am impressed by the possibilities of Identity Governance. The challenges which I am confronted with every day, these are especially Governance, Compliance and Security Topics round about M365,… Weiterlesen Use more Access Packages!
Microsoft Teams – Fulfill Advanced Guest Access Requirements
There are a lot of of settings available in a Microsoft 365 Tenant which were responsible for guest access. To manage guest Access in Teams you have to adjust different settings. At least the Azure AD external Collaboration Settings, the SharePoint Sharing Policies & Settings and the Teams Guest Access Settings are relevant. If you’re… Weiterlesen Microsoft Teams – Fulfill Advanced Guest Access Requirements
Another Microsoft Teams Governance Approach – Using Azure AD Identity Governance

Since Microsoft published the Request a Teams App Solution on github ( https://github.com/OfficeDev/microsoft-teams-apps-requestateam ), I stopped all my „ambitions“ to create my own deployment tool for Microsoft Teams, because it´s designed very well and especially the PowerApp-Part is better than I could ever build it. So I concentrated on other Governance topics than the creation… Weiterlesen Another Microsoft Teams Governance Approach – Using Azure AD Identity Governance
Advanced Conditional Access Use Cases – Part 2: Controlling the actions in a session
After my introduction to Policy Design for Conditional Access and the integration of Risk Based Conditional Access I would like to deal with the first session controls today. While all other policies so far were concerned with the question of whether an access is allowed or not, session controls define conditions within the access or… Weiterlesen Advanced Conditional Access Use Cases – Part 2: Controlling the actions in a session
Advanced Conditional Access Use Cases – Part 1: Risk
In my last blogpost I told you about my approach and experiences at designing CA rule sets. While this blogpost was focussed on the basic features I now want to cover the more advanced features. This first blog is about Risk Based Conditional Access and I hope that Session Controls will follow soon. Risk based… Weiterlesen Advanced Conditional Access Use Cases – Part 1: Risk
How to build Conditional Access rule sets

In the past months I have spent some time designing and implementing Conditional Access rule sets and would like to capture / share my experiences. In my experience, CA rule sets usually start relatively simply, then grow and become more complex and confusing. With the increasing use of cloud apps, different devices and different user… Weiterlesen How to build Conditional Access rule sets