The lifecycles of admin accounts can be tricky to manage, because admin accounts are not regular user accounts – they have to be handled differently. You need to make sure, just like with regular users, that they are not over-privileged. Another thing to consider with admin accounts is their lifecycle. What happens when the regular … Read more
Did you know that if you delete an Entra ID security group, it will still remain under resources in an Access Package in Entra ID Governance? Well, now you know it does. This can lead to delivery of access packages being partially delivered when a user gets an access package assigned. This is something that … Read more
When working with Microsoft Global Secure Access (GSA), you will find yourself in the beginning creating Enterprise Applications manually for apps that will use Private access. That could be for RDP access or application access to an on-premise system. I was recently tasked with adding a lot of websites that needed to be processed through … Read more
When you offboard users and ultimately delete their user accounts, something that can easily be forgotten is that the user may be an approver in an access package in Entra ID Governance. What happens is when you delete the user in Entra ID (via AD Connect sync or otherwise), the user will still be present … Read more
The other day I was working on a change with a colleague where one Entra ID security group needed to be replaced with another security group in an in-house application. I was asked to make sure the same members of the old group were added to the new group, and that’s a fairly simple task … Read more
If you have been working with Entra ID, you’ve probably figured out that managing on-premises active directory security groups (AD groups) might be one of the biggest “how to?” questions when planning to use this cloud-based identity solution. As you might know, AD groups can only be managed from your domain controllers (or servers with … Read more
In this blog post, I want to share with you how to bulk create Global Secure Access (GSA) Enterprise applications using PowerShell. The need for this arose when I was tasked with creating all the servers in Microsoft Global Secure Acces to be used to control RDP to servers. This was one of those repetitive … Read more
In my blog post a few weeks ago about creating an access package in Entra ID Governance with PowerShell, I wrote about how you can programmatically create access packages with PowerShell and create templates to make it easier to create access packages in the future. In this blog post, I want to share how you … Read more
Access packages in Entra ID Governance are a great way to bundle resources together and then provide a user or multiple users access to these resources or access to resources via security groups. But what happens when a user gets removed from a security group that is part of an access package? The answer to … Read more
In my previous blog post regarding A way to handle distribution lists with Entra ID Governance, I described the process of creating an access package for each department and office location within my company. These access packages were utilized to manage memberships of Exchange Online distribution lists, as well as security groups in Entra ID … Read more
