WFH and Remote Access Security Risks
Mitigation - Important multi-factor authentication automatic session timeouts and access monitoring Unauthorized access to devices Any machine that is capable of connecting to your network should be protected using multi-factor…
Work from Home – Laptop Options
The VDI Option The simplest and most configurable. The VDI can also be domain joined to either the on premises Windows Server AD or to an Azure only AAD domain.…
Domain joining an Azure VDI to a corporate Windows Server AD
Can you domain join an Azure VDI to a corporate Windows AD? Yes. Windows Server Active Directory Domain Services (ADDS) which is synchronized with Azure Active Directory (AAD) using Azure…
Can you SSO into an API?
Yes - SSO to an API is possible using one of the following tools API Manager Supports SAML-based SSO, which allows users to log in to API Manager and other…
API authentication and OAuth
OAuth for API Authentication - Some Security Checks Limit SCOPE of OAuth token to READONLY Limit The duration - expiration of the Token to a short lived token Restrict the…
Microsoft Intune Device Management
Microsoft Intune and Azure Active Directory (Azure AD) are both services that help manage devices and users in an organization, but they have different functions: Azure AD A universal identity…
Azure AD – How many tenants?
Azure AD - How many tenants? A common question is - should we have a single tenant or more than one? The answer is straightforward Mandatory: There is always one directory…
Privileged Identities in Azure AD – Above Global administrators
Privileged Identities in Azure AD With this option, you can build up an Role-based Access Control (RBAC) solution on top of Azure AD roles, as well as other Microsoft online services,…
OAuth 2.0 Basics – Client Credentials Flow
What are client credentials in OAuth ? It is a string value that contains a token. The token is sufficient for a resource to allow access to. What is it…
JWT vs SSL
The purpose of a JWT is NOT to encrypt data during transport (that’s SSL). JWT, using hashes, allows the receiving party to trust that the received data was not modified…