Entra.News #21: Your weekly dose of Microsoft Entra
Learn about new GA and public preview features and don't forget to register for the free Microsoft Security Tech Accelerator sessions from the product group!
👋 Greetings, this is Merill bringing you the twenty first issue of entra.news. Catch up on the latest Microsoft Entra news from around the globe.
Enjoy!
⚡️ Microsoft
✅ Generally Available
Allow read access to blobs based on tags and custom security attributes • Microsoft Learn
📖 Read
What’s new in Microsoft Entra - Nov 2023 edition • Shobhit Sahay
SPA developers: Migrate to auth code flow with PKCE • Emily Lauber
Centralized security operations with external identities for multi-tenant defense organizations - Cloud Adoption Framework • Microsoft Learn
Step-by-Step : Assign access packages automatically based on user properties in Microsoft Entra ID • Dishan Francis
📖 Learn
Explore the many features of Microsoft Entra Permissions Management • 1 hr Training Module (15 Units) • Microsoft Learn
📺 Watch
425Show: Microsoft Entra Join and Intune, Beyond the Basics (1 hr) • Jason Sandys, Grace Picking
📆 Upcoming Events - Microsoft Security Tech Accelerator ➡️ Registration Required
Improve your security posture with Microsoft Entra ID Governance • 6 Dec, 7am - 7.30am PST • Jef Kazimer, Mark Wahl, Jairo Cadena
AMA: Microsoft’s Security Service Edge (SSE) solution • 6 Dec, 8.30am - 9.00am PST • Mamta Kumar, Yair Tor, Ashish Jain, Anupma Sharma, Abdi Saeedabadi
Level up identity protection: building a modern ITDR practice • 6 Dec, 9.00am - 9.30am PST
Leveraging Microsoft Entra ID (Azure AD) to counter token theft • 6 Dec, 10.00am - 10.30am PST • Paul Garner
Secure Your Identity Front and Back Door • 6 Dec, 11am-12pm EDT • Wendell Caroll • Adam Findlan • Jason Bingham
From the community…
☀️ Read
👮♂️ ID Governance
Using the hidden gems in Entra ID Governance access packages, all you need to know! - Pim Jacobs
Adopting Microsoft Entra ID Governance – A Deep Dive • Shehan Perera
Securing AWS: A Comprehensive Guide to Efficient Privilege Identity Access Management with Microsoft Entra SSO Integration. - Thobekani Ndlovu
🌐 Global Secure Access (SSE)
Prevent AiTM with Microsoft Entra Global Secure Access and Conditional Access - Jan Bakker
🔑 Authentication
Have you heard about passkeys and AAGuids? - Nicola Suter
Allow PIN reset for Windows Hello for Business - Lukas Beran
FIDO2 vs Evilginx - David Weir
Achieve higher security with certificate bindings - How it works! • Tom Weschler
🤖 Automation & DevOps
Creating new Entra ID users the PowerShell way - Dennis Johansson
🖥️ Devices
Usage of Temporary Access Pass with Windows Autopilot - Manish Bangia
💠 External ID
Using the client credentials flow inside of Azure AD B2C - Rory Braybrook
⛑️ ID Protection
Smart Lockouts in Microsoft Entra ID - Lukas Beran
🥷 Security
QR Code Phishing - Joe Stocker
Some factors to consider when choosing your IAM solution - Marcelo Di Lorio
💳 Verified ID
Decentralized Identity - Prudhvi Keertipati
⚒️ Toolkit
SCIM playground - Limosa
MiniGraph - Friedrich Weinmann
silhouette: An Azure SPN access minimizer - Christophe Parisel
📺 Watch
Entra App registration - Step-by step part 4 (13 mins) - BlueScreen Brothers
Check MFA Status without script by using EntraID User registration details (5 mins) - Zied Berrima
👨🏽💻 Merill’s corner
→ Entra Exporter - Coding Live Stream - Adding support to export Devices
→ Test-MsIdCBATrustStoreConfiguration
Do you need to configure Certificate Based Authentication in Microsoft Entra ID? My colleague Keith Brewer just added a handy cmdlet that will help you troubleshoot issues with your configuration. You will want to bookmark this 👇
Dealing with certificates in CBA configuration can be quite tricky and we see some common issues that folks stumble on frequently.
🚨 Header over to aka.ms/msid to get the updated module 🚨
The following is a list of checks performed by this cmdlet.
✅ CertificateRevocationListUrl Format Validation Test: Checks for a correctly formatted CRL Distribution Point (CDP) URL
✅ Certificate Time Validity Test: Checks that the CA certificate being evaluated is time valid
✅ CRL Download and Latency Test: Checks to make sure the Certificate Revocation List (CRL) can be downloaded from the configured CRL and that the download completes in less then 12 seconds
✅ CRL Size Test: Checks that the CRL is less then 44MB
✅ Certificate Trust Chain Test: Checks that any certificate that is not marked as a root has its issuer also present in the certificate store.
✅ CRL Authority Test: Checks that the CRL downloaded from the configured CA lists the CA certificate being evaluated as the its authority.
✅ CRL Time Validity Test: Checks that the CRL being evaluated is time valid
✅ Additional CRL Information: This includes properties of the tested CRL including thisUpdate(Issued), nextPublish, nextUpdate(Expiry) and amount of time remaining
→ Microsoft SSE - Recap from Microsoft Ignite (8 min)