Peter Lorenzen's Avatar

Peter Lorenzen

@theheatdk.bsky.social

Azure cloud architect from Denmark

56 Followers  |  231 Following  |  15 Posts  |  Joined: 11.11.2024  |  1.5664

Latest posts by theheatdk.bsky.social on Bluesky

Have you installed Microsoft.Graph.Authentication 2.27.0? Could you run Get-MgUser or Get-MgGroup now?
#PowerShell

19.04.2025 17:37 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
April 17 2025 Community Call Β· PowerShell PowerShell Β· Discussion #25057 Agenda: 7.6 preview release @SydneyhSmith Docker updates @SydneyhSmith PSGallery updates @SydneyhSmith Docs update @sdwheeler PSSummit recap @psjamessp Upcoming conferences @StevenBucher98 @kilasui...

We finally have some news. PowerShell 7.4 support is schedule for June 15 - github.com/PowerShell/P...

19.04.2025 11:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

I assume Policy.Read.ApplicationConfiguration is the reason.

The not supported for Delegated (work or school account) confuses me? :-)

14.03.2025 10:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

learn.microsoft.com/en-us/powers...

14.03.2025 10:11 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Application Administrator or Cloud Application Administrator...

14.03.2025 09:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

merill.net - After using Update-MgPolicyDefaultAppManagementPolicy on 6 tenants multiple times my conclusion is that the documentation is wrong :-)
You need Security Administrator + Application Administrator for it to work. If you only have Security Administrator you get an 403 error.

14.03.2025 09:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Ok. Thanks for answering :-)

08.03.2025 14:42 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Sorry I missed the blue box :-( Thanks for answering!

06.03.2025 20:34 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Thanks, @merill.net - Is the Global Admin role required to update the tenant app management policy, or will some other role suffice?

05.03.2025 22:15 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
App Management Policies are now in the Entra ID FREE Tier!! So what are app management policies? How can they be used to secure your tenant?

App Management Policies are now in the Entra ID FREE Tier!! So what are app management policies? How can they be used to secure your tenant?

This doesn't happen everyday folks!!

Entra ID application management policies no longer require a Workload ID Premium license! πŸ‘πŸŽπŸΎπŸ₯³πŸŽŠ

This change happened back in October last year and I somehow missed it.

Here's a complete walkthrough πŸ§΅πŸ‘‡

✳️ Bookmark this.

04.03.2025 09:15 β€” πŸ‘ 47    πŸ” 12    πŸ’¬ 3    πŸ“Œ 1

Congrats. Any tips for good prep material?

02.03.2025 15:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

CC: @alexandair.bsky.social, @jeftek.com

03.12.2024 15:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Ok. Thanks for taking time to answer πŸ‘

16.11.2024 05:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I get that it is possible to steal tokens so if the role is active for 1 hour and somebody steals the MFA tokens they have one hour with access but that is the same for cloud only account.
We have a lot of discussions around this a the moment, so I would very much like to understand it! :-)

15.11.2024 21:19 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Sorry if I am a little dense :-) Users are in AD. In Entra they have MFA configured. The PIM setting require them to sign-in and use MFA when a role is activated. If they are compromised on-prem only their password is compromised not their MFA method. So how can anybody get around the MFA policy?

15.11.2024 21:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Hi Jef,
I am surprised about this. If you on PIM role activation require reauthentication via CA authentication context so users has to do sign-in + MFA every time they activate a privilege Entra role, why is it still a non-no to use synced users?

15.11.2024 20:38 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Starter pack

12.11.2024 15:20 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@theheatdk is following 20 prominent accounts