Entra External ID in Edu
Introducing a new Microsoft identity solution which holds the answer to a longstanding need for a parent and guardian identity provider in schools.
Passing the buck with 'hacklore'
CISA’s Bob Lord coined the term ‘hacklore’ for ‘cybersecurity folklore’, the stories we tell ourselves and others about the nature of technological risks and ways to avoid them that are grounded in fear rather than fact, rumour rather than evidence, antiquity rather than the present day. I see this everywhere, even in high-end corporate ‘cyber awareness’ programmes. Beware of charging your phone from a public USB socket, beware of accepting browser cookies, beware of updating devices on untrusted networks and so on....
Secure cloud wifi for Entra/Intune devices with Mist
It’s been an incredibly long time coming but at last I have a working proof of concept for an end-to-end entirely cloud-based enterprise wireless network.
Combining user and device certificates for wifi authentication in Intune
Modern security and wifi standards say we have to move to certificates but that’s a tall order for many, particularly if we need to replicate the user-level identification of a humble password.
NPS RADIUS with AADJ – Part 2
Updating the old ghost computer account sync script to get NPS working with Azure AD / Entra-joined devices again, but it’s a last gasp.
A zero-disruption path to better MFA
Presenting some ideas about how we can enforce more secure authentication methods without locking out users that don’t have them yet. Featured in Entra News!
Testing Exchange Online via manual SMTP submission
Resurrecting a bit of troubleshooting technique from the golden age of email.
Exchange Online mailbox defaults to Pacific Time
A maddening bug in Exchange that will probably never be fixed, but at least I’ll show a workaround.
FIDO? Schmido!
A lack of mobile support for FIDO2 auth and Passkeys from Microsoft is hampering widespread adoption but some limited use cases can bring immediate benefit to securing high-risk activities.
Dropping the ball on MFA
We’re not doing well enough at communicating the need for better authentication or providing simple means for its widespread adoption.