Identity and Access

Highly Available, Secure, and Convenient: Leveraging Azure Blob Storage for your PKI Needs, Part 1

For as long as public key infrastructure (PKI) has existed, it has relied on certificate revocation lists (CRLs) and authority information access (AIA). CRLs are a fundamental part of most PKIs that allow clients to be 100% sure a certificate has not been revoked. AIA is a certificate extension that provides information on how to […]

Highly Available, Secure, and Convenient: Leveraging Azure Blob Storage for your PKI Needs, Part 1 Read More »

Virtual Machine Generation ID with Active Directory Domain Controllers

Active Directory (AD) domain controllers (DCs) have been around since Windows 2000. At that time, virtualization was in its infancy and almost every server was physical. And many of those servers weren’t even housed in a typical datacenter or server closet. Virtualization started to take off in the early to mid-2000s. It enabled the use

Virtual Machine Generation ID with Active Directory Domain Controllers Read More »

Deploying the eduPerson Schema to Active Directory

If you work in a higher education environment, there exists a set of standards that must be implemented to allow students and faculty to collaborate on projects at other schools or to use higher education specific services. One of these standards is the eduPerson schema, which provides storage for widely used education-specific attributes about a

Deploying the eduPerson Schema to Active Directory Read More »

Flattening Group Memberships to a Single Group

In previous blog posts (Part 1, Part 2), we discussed a powerful feature in Entra ID (formerly Azure Active Directory) known as dynamic membership rules. In short, Entra ID’s dynamic membership rules feature allows you to use any attributes from Entra ID’s base set or custom extension properties to construct groups that automatically add and

Flattening Group Memberships to a Single Group Read More »

Securing On-Premises Access Is Easier Than You Think: Utilizing the Entra Application Proxy

In a previous blog post , we discussed taking advantage of Entra (formerly Azure Active Directory) Application Proxies to allow access to on-premises applications without a dependency on traditional tools such as a VPN. That blog includes a few great points that should be highlighted again. For example, in most organizations an Entra Application Proxy:

Securing On-Premises Access Is Easier Than You Think: Utilizing the Entra Application Proxy Read More »

3 Components of Cloud Authentication: Enterprise SSO, Zero Trust, Passwordless

In the past few years, we’ve seen a rapid expansion in remote and remote-hybrid workforces. Remote employees primarily use cloud-native services to manage their daily workloads from the comfort of their home (or public) internet. This has caused a great deal of stress for IT departments, especially those that rely heavily on their internal infrastructure.  

3 Components of Cloud Authentication: Enterprise SSO, Zero Trust, Passwordless Read More »

How to Use Dynamic Group Memberships in Entra ID: Part 2

In Part 1 of this blog post, we looked at what goes into thinking about and designing your automated access policies. As discussed, we want to first think about our policies in “natural language” before we dive into the technical implementation. We also covered the dynamic membership rules feature in Entra ID (formerly Azure Active

How to Use Dynamic Group Memberships in Entra ID: Part 2 Read More »

How to Use Dynamic Group Memberships in Entra ID: Part 1

Many organizations control access to internal systems by simply relying on whether or not an account is enabled. However, users often change roles throughout their careers within a single organization. For example, a user might start as an intern in one department and then be hired full-time in another department. After a few years, they

How to Use Dynamic Group Memberships in Entra ID: Part 1 Read More »