-
You surely noticed the feature in SharePoint Online, that you can see other people that are on the same Sharepoint list or are previewing the same file. A nice feature to collaborate together but there can be reasons to disable these. For example for a internal job market site based on a SharePoint list. Microsoft noticed that customer feedback and provided us finally with a solution in February 2025 via PowerShell. All you need to do is to install either the Microsoft.Online.SharePoint.PowerShell or the PnP-Online PowerShell-Modules and be a SharePoint Administrator in your microsoft 365 tenant. Then you can disable…
-
I wanted to streamline the configuration of some of my settings in my Microsoft Entra ID tenant like administrative units, conditional access policies, authentication strengths or applications and service principals. Already using Terraform to deploy an Azure Landing Zone as Infrastructure as Code, so the obvious choice for me was to use same open-source tool by HashiCorp and fortunately there is a suitable provider for Entra ID available, although not always feature complete when it comes to the latest innovations. This is not a tutorial for learning Terraform or Git, as I am still discovering new tricks with these tools…
-
A lot of companies are neither on-premise only nor cloud-only but hybrid. That means that Active Directory objects like accounts, groups or devices are synced with Entra Connect (formerly known and still installed as Azure AD Connect). If you want to migrate an account from hybrid to cloud-only the typical process is to move the account out of scope for the Entra Connect sync. The object will be deleted with the next sync cycle and can be restored from the Entra ID recycle bin as a cloud-only object. But if you look closer at the object, there are still some…
-
There are some ongoing confusions around the meaning, usage and purpose of the application and the service principal endpoint in Graph API. To make matters worse even microsoft is sometimes misleading in their documentations and therefore even other third parties like terraform in their registry. Whats our starting point? In Entra ID we have two very important buttons on our right side of our graphical user interface. If you expand the “applications” menu if will reveal the “enterprise applications” and the “app registrations”. Sometimes both lists lists the same applications, sometimes not. Why is that? Furthermore if you use the…
-
The default limits for the SharePoint Online versioning are somewhat complex. First there is not necessarily just one setting to set your limit. You have the multiple options to define limits in your SharePoint environment, e.g. at SharePoint Tenant level, at a SharePoint site or even on a single SharePoint library. Version history limits are applied in the following ways: The default SharePoint Online storage capacity is 1 TB plus additional 10 GB per Microsoft 365 License. For example: If you have 4000 Microsoft 365 E3 Licenses, you will have 41 TB of SharePoint Online Storage. But why should you…
-
There are many ways to overcome the many challenges of user lifecycle management, especially the onboarding of a new employee. While creating the new account and its birthrights with pricey solution like Quest One Identity Manager is a breeze, almost all solutions lack the “out of the box”-ability to secure a new account with more than a complex password. How do you onboard a new employee if he is e.g. a remote worker and is not able to visit the office to be in a mostly secure environment to reach the “register security information”-page to setup your multi factor authentication.…
-
The need to allow access to a shared mailbox hosted in an exchange environment is a request that most exchange admins encounter on a regular basis. Back in the old days you just gave it full access to the shared mailbox. If an application requested the access you instead created an active directory account (or group managed service account if you were fancy) and gave it the permissions. Maybe you tried to exclude the service account from some default permissions, block the login to specific time slots or you limited the access on an ip address basis and chose a…
-
Mid of 2023 I was writing a little script to gather the information who invited a guest account and write that very information in an extension attribute from the user account. The plan was to run it on a schedules basis to monitor the audit log in Entra ID for these specific events and collect the informations for user lifecycle management. Luckily Microsoft introduced their own solution for that some months ago with the sponsor attribute in Entra ID without any need for an Azure Runbook, fiddling around with “tid” or “oid” attributes and with even less permissions needed. Perfect,…
-
Guest accounts in Entra ID are a bit of a double edged sword. They are perfect to invite external users in your tenant to work together in projects, keep collaborating easy and with the External Identities Cross Tenant Sync Feature there is little to do to keep your place clean, if the foreign tenant has a lifecycle management in place. As always, where there is light, there is also shadow. What do you do with all the other guests after a project endet or the given access is not needed anymore. A whole bunch of topics regarding lifecycle management (e.g.…
-
Microsoft just announced the coming support for Passkeys in Entra ID on Ignite 2023. Passkeys are unique codes or passwords that provide secure access to a device, system or service. They’re a form of multi-factor authentication and are considered a safer and easier replacement for traditional passwords. FIDO2 is an open standard for passwordless authentication and hopefully the future. Passkeys use that very standard to create such a device bound virtual key. Already supported by Entra id are physical FIDO2 security keys. Microsoft now announced the public preview of registering FIDO2 security keys for early 2024. In default the registration…
PS >cloudkreise