Comprehensive Guide to Configuring Advanced Auditing
Comprehensive Guide to Configuring Advanced Auditing
This post provides everything you need to ensure Advanced Auditing is fully configured and auditing everything we possibly can for both existing and new users. I recently shared guidance for this via social media (see below), and it felt like a perfect time to revisit my previous posts and combine everything into one comprehensive guide :) You likely aren't collecting all available events to the Unified Audit Log First, not all events are enabled or retained optimally. Consider creating this policy in the Purview portal (leave users and record types blank to collect everything). Retention is based on license... pic.twitter.com/IEKKfrkpI8
Managing Restricted Groups with Access Packages
Managing Restricted Groups with Access Packages
👮 Restricted Management Admin Units (RMAU) in #EntraID Hackers HATE This Hidden Entra ID Feature Most Admins Never Use@NathanMcNulty breaks it down for us 👇 🎧 Get the full podcast episode at https://t.co/gnvH23WorW pic.twitter.com/nxBwCQ6BwS — Merill Fernando (@merill) March 29, 2025 I recently had a chance to discuss Restricted Management Administrative Units (RMAUs) with Merill, and one of my favorite uses for these is to protect groups that are used in Conditional Access policies so they aren’t accidentally modified or deleted. I’m also a big fan of using Access Packages to control membership of these groups for things like exclusions from geofencing policies, user action policies, blocking policies, etc.
Entra Chat with Merill Fernando
Entra Chat with Merill Fernando
It was such an honor to join Merill Fernando on Entra Chat, and I hope to join him again in the future. Be sure to check out Entra Chat: https://entra.news/p/operational-groups-in-entra-with
Trimarc Happy Hour
Trimarc Happy Hour
I had a great time hanging out and talking about a little bit of everything with some of the Trimarc folks. Thanks to Brandon for inviting me on! :)
Lab - Certificate Authority Setup
Lab - Certificate Authority Setup
This step-by-step tutorial is ideal for those looking to experiment with Certificate Authority setups in a lab environment. Learn how to configure an offline CA using OpenSSL, use it to sign an Enterprise ADCS Intermediate CA, and publish CRLs in an Azure Static Web App.
Intune - Microsoft Tunnel VPN Gateway
Intune - Microsoft Tunnel VPN Gateway
Note This article was last updated on 01/30/2025 for readability and updated URLs. I am working on updating this for the UI changes that have been made to Intune :)
Azure Automation - Device Cleanup v2
Azure Automation - Device Cleanup v2
Note This article was last updated on 01/30/2025 for readability and updated URLs. We no longer need to manually load modules as shown, and this article will be completely overhauled to include backup of LAPS passwords and BitLocker keys to Azure Key Vault as well :)
Intune - Discover Defender AV exclusions using Proactive Remediation
Intune - Discover Defender AV exclusions using Proactive Remediation
Note This article was last updated on 01/30/2025 for readability and updated URLs. I am working on updating this for the UI changes that have been made to Intune :)
Intune - Block mounting of ISO files
Intune - Block mounting of ISO files
Note This article was last updated on 01/30/2025 for readability and updated URLs
AWS - Integrating PIM with Azure AD SSO for AWS Single-Account Access
AWS - Integrating PIM with Azure AD SSO for AWS Single-Account Access
Note This article was last updated on 01/30/2025 for readability and updated URLs
AWS - Integrating PIM with Azure AD SSO for AWS IAM Identity Center
AWS - Integrating PIM with Azure AD SSO for AWS IAM Identity Center
Note This article was last updated on 01/30/2025 for readability and updated URLs
Azure - Securing Subscriptions
Azure - Securing Subscriptions
Note This article was last updated on 01/30/2025 for readability and updated URLs