Automating access to Shared mailboxes in Exchange Online using Entra ID Governance is something that has been on my to-do list for some time. I was recently asked by a colleague if I could find a way to automate that process when a user onboards or moves (department, location change, etc.). When handling access to … Read more
If you have been working with Access Packages in Entra ID Governance, you probably know that getting a proper overview of your setup is not easy. There is no built-in way to see all your catalogs, packages, policies, and resources in one place. I have written about some of the challenges before, like finding and … Read more
Continuing from where I left off in part 1 of this blog post series, in this one I want to turn the focus on the security I wrote a little bit about at the end of part 1, but also how to request access to different resources on behalf of the admin accounts. One of … Read more
The lifecycles of admin accounts can be tricky to manage, because admin accounts are not regular user accounts – they have to be handled differently. You need to make sure, just like with regular users, that they are not over-privileged. Another thing to consider with admin accounts is their lifecycle. What happens when the regular … Read more
Did you know that if you delete an Entra ID security group, it will still remain under resources in an Access Package in Entra ID Governance? Well, now you know it does. This can lead to delivery of access packages being partially delivered when a user gets an access package assigned. This is something that … Read more
When you offboard users and ultimately delete their user accounts, something that can easily be forgotten is that the user may be an approver in an access package in Entra ID Governance. What happens is when you delete the user in Entra ID (via AD Connect sync or otherwise), the user will still be present … Read more
The other day I was working on a change with a colleague where one Entra ID security group needed to be replaced with another security group in an in-house application. I was asked to make sure the same members of the old group were added to the new group, and that’s a fairly simple task … Read more
If you have been working with Entra ID, you’ve probably figured out that managing on-premises active directory security groups (AD groups) might be one of the biggest “how to?” questions when planning to use this cloud-based identity solution. As you might know, AD groups can only be managed from your domain controllers (or servers with … Read more
The last couple of weeks, I have been working with Microsoft’s new service called Global Secure Access (GSA), which is positioned as a replacement for your traditional VPN, whether it be split tunnel or force tunnel. You can read more about it here – What is Global Secure Access?, as I won’t go into much … Read more
In my blog post a few weeks ago about creating an access package in Entra ID Governance with PowerShell, I wrote about how you can programmatically create access packages with PowerShell and create templates to make it easier to create access packages in the future. In this blog post, I want to share how you … Read more
