THE TOLKIEN BLACK GUY

The Sum of the Whole is Greater Than the Sum of its Parts I won’t pretend this is the norm, but I’ve noticed in different circles professionally and on some corners of the internet that imply certain identity controls are redundant or unnecessary because another control is already in place: “If we have phishing-resistant MFA, do we really need PIM? This seems like overkill and not a necessary control” ~A SharePoint Administrator for one of my clients. “If we use PIM, why can

Why Enforcement Can Appear Inconsistent for SSO-Integrated SaaS Applications You’ve set your Sign-In Frequency to 12 hours, but users stay signed in for much longer. You lower it and see the same thing. At first, it looked like a bug. Maybe Conditional Access isn’t enforced properly, or the policy isn’t being evaluated at all. In reality, Sign-In Frequency (SiF) is working exactly as designed. It just doesn’t behave the way most people expect. Once you understand how the Prim

Microsoft just made a long-requested improvement: you can now manage application policies  for Entra ID applications directly in the portal. Things like certificate and secret age restrictions - previously the domain of the Graph API only - are now exposed in a friendly UI as seen here in many of wonderful blog posts . That’s good news. But before you start tightening lifespans on certificates, let me share a gotcha I haven’t seen mentioned anywhere else yet. The Error You’ll

Most administrators in the public sector are probably used to the concept of Personal Identity Verification (PIV) or Common Access Card...

In Microsoft Entra ID (formerly Azure AD), break glass accounts serve as your emergency access path when normal administrative channels...

Introduction Many PowerShell developers and IT administrators rely heavily on Where-Object to filter data, often without considering its...