The lifecycles of admin accounts can be tricky to manage, because admin accounts are not regular user accounts – they have to be handled differently. You need to make sure, just like with regular users, that they are not over-privileged. Another thing to consider with admin accounts is their lifecycle. What happens when the regular … Read more
Did you know that if you delete an Entra ID security group, it will still remain under resources in an Access Package in Entra ID Governance? Well, now you know it does. This can lead to delivery of access packages being partially delivered when a user gets an access package assigned. This is something that … Read more
When working with Microsoft Global Secure Access (GSA), you will find yourself in the beginning creating Enterprise Applications manually for apps that will use Private access. That could be for RDP access or application access to an on-premise system. I was recently tasked with adding a lot of websites that needed to be processed through … Read more
When you offboard users and ultimately delete their user accounts, something that can easily be forgotten is that the user may be an approver in an access package in Entra ID Governance. What happens is when you delete the user in Entra ID (via AD Connect sync or otherwise), the user will still be present … Read more
Reporting is a key component in my opinion when working with Microsoft licenses. You should be able to know fairly easily at all times how many licenses you have, how many you have left, and who is using what. This is especially valuable when you are doing a Microsoft True-up, or when you need to … Read more
The other day I was working on a change with a colleague where one Entra ID security group needed to be replaced with another security group in an in-house application. I was asked to make sure the same members of the old group were added to the new group, and that’s a fairly simple task … Read more
If you have been working with Entra ID, you’ve probably figured out that managing on-premises active directory security groups (AD groups) might be one of the biggest “how to?” questions when planning to use this cloud-based identity solution. As you might know, AD groups can only be managed from your domain controllers (or servers with … Read more
In this blog post, I want to share with you how to bulk create Global Secure Access (GSA) Enterprise applications using PowerShell. The need for this arose when I was tasked with creating all the servers in Microsoft Global Secure Acces to be used to control RDP to servers. This was one of those repetitive … Read more
The last couple of weeks, I have been working with Microsoft’s new service called Global Secure Access (GSA), which is positioned as a replacement for your traditional VPN, whether it be split tunnel or force tunnel. You can read more about it here – What is Global Secure Access?, as I won’t go into much … Read more
In my blog post a few weeks ago about creating an access package in Entra ID Governance with PowerShell, I wrote about how you can programmatically create access packages with PowerShell and create templates to make it easier to create access packages in the future. In this blog post, I want to share how you … Read more
