First, we just had Microsoft 365 Roles like Global Administrator, Exchange Administrator, SharePoint Administrator. It very quickly became apparent that these were not appropriate for an enterprise organisation, as they were permanent and were too broad in permission scope in some respects, particularly if you just need to grant things like Conditional Access Administrator or […]
MFA – Everywhere. All the time. For everyone.
This is a hill I will die on. MFA for everyone, from everywhere, all the time. No excuses, no if, buts and whys. MFA is your number one frontline defence against malicious actors. Yes, there are other many compensating controls that can be in place such as Firewalls, VPNs, networking controls, Conditional Access policies, Device […]
Entra App Registrations, Enterprise Apps and Service Principals
A practical engineering guide to owners, assignment, consent, credentials and risk The one-line lesson: do not confuse ownership, assignment, consent and credentials. They control different risks. Contents Why this topic trips people up Microsoft Entra application governance looks simple until you start reviewing real tenants. Then the terminology gets slippery. App Registrations, Enterprise Applications, service […]