Useful SharePoint search expressions Wednesday, September 4, 2024 4:00 PM Toni Pohl When working with files in SharePoint document libraries, there are many ways to filter files. Since I keep forgetting the syntax for the search queries, I have summarized the most important filter expressions here. English | Microsoft365 | Office365 | SharePoint Mediumlink | Permalink | Comments (0) | Post RSS mehr
Unlocking Secrets: The Key Vault Role You Need Monday, August 26, 2024 2:00 PM Martina Grom In my use of Azure Key Vault with code and flows with Managed Identities, I moved to role-based access control (RBAC) to manage access to secrets and certificates. However, I encountered a problem when using the Key Vault Reader” role as it denied me the required access to secret content. This experience highlighted the importance of understanding the specific roles within Azure Key Vault, and I want to share this insight to help others avoid similar pitfalls. Azure | App | English | Microsoft | Security Mediumlink | Permalink | Comments (0) | Post RSS mehr
Use Delegate365 with Privileged Identity Management (PIM) Monday, August 19, 2024 4:00 PM Toni Pohl In today's digital landscape, managing privileged access to applications is crucial for maintaining security and compliance. Microsoft Entra Privileged Identity Management (PIM) offers a robust solution to manage, control, and monitor access within your organization. In this guide, we'll walk you through the process of configuring Microsoft Entra PIM for your application, Delegate365, ensuring that only authorized users can access it through a security group.Delegate365 is equipped with robust security features and offers seamless integration with Microsoft Entra Privileged Identity Management right out of the box. This integration ensures that administrators can only access Delegate365 using their standard work accounts when the PIM role is activated. Without activating the PIM role, access to Delegate365 is denied.This article provides a guide on configuring PIM for Delegate365. You can find out details about PIM at What is Microsoft Entra Privileged Identity Management?Requirements for using PIMPlease note that you can only use Microsoft Entra Privileged Identity Management (PIM) if you have one of the following licenses:Azure Active Directory (AD) Premium P2: This is available as a standalone add-on license. Microsoft 365 Enterprise E5: This includes the necessary PIM features. Microsoft 365 Education A5: Suitable for educational institutions. Enterprise Mobility + Security (EMS) E5: This bundle also includes PIM capabilities.These licenses grant you full access to PIM features, enabling you to effectively manage, control, and monitor privileged access.Configure PIM for Delegate365First, we create a new security group with eligible members for PIM. Then, we allow only PIM activated group members access to the Delegate365 App. Follow these steps:Open the Azure portal, and sign-in as Global Administrator of your M365 tenant.Navigate to Entra ID - Groups and click on New group.Create a new security group. Here, we name this group "Delegate365-PIM-Group", and click on Create.Do not add members here. We will do this later in the following steps with eligible PIM members.When the group has been created, open it, and click on Activity / Privileged Identity Management menu. Click on the button "Enable PIM for this group" as here.Now we add members to the eligible PIM settings. Click on Eligible assignments and then click on Add assignments.in the Add assignments page, select the role Member, and add the users that shall get access. In this sample, we add the users admin, and AdeleV. When done, click on Next.Configure the assignment type to Eligible and the time frame as needed. Confirm with the Assign button.The assignment is made. In our sample, the two users can activate the group membership.The group is now ready to use. We have to configure the Delegate365 Sign-In app toOpen the Micrtosoft Entra ID module, and navigate to Manage / Enterprise applications.In the Enterprise applications, search for "Delegate", and set the filter Application type to All Applications to see all apps. Click on the "Delegate 365 Multitenant" app. This app is used for the login process.You can find more information about the apps under Delegate365 Applications.Note: If you find multiple apps named "Delegate 365", you can find the current app in Delegate365, in Administration / App settings menu as here. In this sample, we identify the Multi tenant app with the Application Id "5f3ff...".In the app settings, open the Properties menu. Set Assignment required to Yes. Click on Save.Open the Users and Groups menu and click on Add user/group.Click on the link None selected below Users and groups. Search for the group "Delegate365-PIM-Group" and select it. When done, click on Select.Confirm by clicking on the Assign button.Now we have configured the Delegate 365 Multitenant app to be only accessible for members of that group. The configuration is completed.Try it out without PIMNow let's try it out. Try to open Delegate365 with a user, here with the account "admin". Open a browser in In-Private mode, and open the Delegate365 URL. After the sign-in process, we get an error:"Your administrator has configured the application Delegate 365 Multitenant ('5f3ff1c7...) to block users unless they are specifically granted ('assigned') access to the application. The signed in user 'admin@M365....onmicrosoft.com' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application."So, the user cannot get access with the user to Delegate365.Activate PIM and open Delegate365Now let´s activate our group with PIM and sign-in. Follow the steps here, or see the article at Activate a Microsoft Entra role in PIM.Open https://portal.azure.com with your user and sign-in.Search for "Privileged Identity Management ". Click on Tasks / My roles.Click on Activities / Groups. In Eligible assignments, the group "Delegate365-PIM-Group" should show up. Click on the Action Activate on the right side to activate the membership for this group.Enter the duration and a justification for the activation of the group membership.PIM is now activating the role. This process can take a minute or so.When done, the Active assignment is shown as here.Now open another browser tab, and open the Delegate365 URL. With activated PIM, the Delegate365 portal opens and grants access to it´s functions.Delegate365 can now only be used by authorized users with an active PIM role for the "Delegate365-PIM-Group".When the PIM role has expiredIf an activity occurs in Delegate365 and the PIM role has expired, a notification message will appear indicating that no PIM is activated. At this point, Delegate365 will become unusable. The role is only provisioned for the requested duration and must be re-requested each time you need to use Delegate365.SummaryIn conclusion, implementing Microsoft Entra Privileged Identity Management (PIM) for Delegate365 is a crucial step in enhancing your organization's security and compliance. PIM provides a robust framework for managing, controlling, and monitoring privileged access, ensuring that only authorized users can perform critical tasks. By leveraging PIM, you can enforce just-in-time access, reduce the risk of unauthorized access, and maintain a secure environment for your applications.If you haven't already configured PIM for Delegate365, now is the perfect time to do so. Follow the steps outlined in this guide to set up PIM and take control of your privileged access management. Secure your application, protect your data, and ensure compliance with regulatory requirements by integrating PIM into your Delegate365 environment today. Delegate365 | English | Microsoft365 | Office365 | Security | atwork | Cloud Mediumlink | Permalink | Comments (0) | Post RSS mehr
Why Only Users Can Apply Sensitivity Labels in Microsoft 365 Thursday, August 15, 2024 2:00 PM Toni Pohl Sensitivity labels in Microsoft 365 are a crucial feature for organizations to protect and manage their data. These labels allow organizations to classify and safeguard sensitive information based on its level of confidentiality. By applying sensitivity labels, organizations can control access, encrypt data, apply policies, and track and monitor on sensitive information. Users can apply sensitivity labels to classify and protect their data. However, applications unfortunately cannot currently assign sensitivity labels. Developer | English | Graph | Microsoft365 | Office365 Mediumlink | Permalink | Comments (0) | Post RSS mehr
Grant permissions to the GT365 app Wednesday, August 7, 2024 3:00 PM Toni Pohl Our Governance Toolkit 365 (GT365) provides information and automation solutions for a Microsoft 365 tenant. In order to use the functions, this app must be approved by an administrator. In addition, new solutions are constantly being added. Some of these also require new permissions. You can find out how you as an administrator can grant and renew these permissions here. Azure | English | GT365 | Compliance | Entra | Microsoft365 | Office365 | Tools | Security | atwork Mediumlink | Permalink | Comments (0) | Post RSS mehr
Retrieve User PIM Role Assignments and History with Microsoft Graph REST API Saturday, August 3, 2024 2:00 PM Toni Pohl Microsoft Entra Privileged Identity Management (PIM) allows administrators to manage role assignments efficiently, ensuring that users have the necessary permissions only when needed. By following a few simple steps, administrators can make users eligible for specific roles, activate roles as required, and manage both built-in and custom roles. This process enhances security by minimizing the duration and scope of privileged access, making it a crucial tool for maintaining a secure and compliant environment. In this article, we explore how to read a user's Microsoft Entra roles and history using PIM and the Microsoft Graph REST API. Azure | Cloud | Developer | English | Graph | Microsoft | Microsoft365 | Office365 | Security Mediumlink | Permalink | Comments (0) | Post RSS mehr
Delegate365-Disable MFA Legacy Monday, July 29, 2024 8:00 AM Toni Pohl In Delegate365, there exist two methods to configure Multi Factor Authentication (MFA) for users: the functions Authentication methods (MFA)”, and MFA (Legacy)”. See the difference here, and how to disable the MFA (Legacy)” feature. Delegate365 | English | Microsoft365 | Office365 | Tools | atwork Mediumlink | Permalink | Comments (0) | Post RSS mehr
Impact of the CrowdStrike Windows 10 BSOD Friday, July 19, 2024 12:00 PM Martina Grom As reported in most media, we would like to inform you about a global outage caused by a erroneous software update from cybersecurity company CrowdStrike today, on July 19th. This Endpoint security solution is used in many organizations that caused Windows 10 computers to crash. See how to resolve this if your Windows computer is affected by the CrowdStrike update. atwork | English | Microsoft | Security | Windows Mediumlink | Permalink | Comments (0) | Post RSS mehr
List Flows as Admin V2 API endpoint Sunday, July 14, 2024 12:00 PM Toni Pohl A year ago, Microsoft announced the Transition to List Flows as Admin V2 action from deprecated List Flows as Admin action” for Power Automate. Well, we were using the old API endpoint until it stopped working recently. It took some time until we found workarounds or a successor. Also the PnP modules still are using the old API, and the endpoint address is currently not documented on any Microsoft website. Find it here! App | Azure | Cloud | Developer | English | Microsoft365 | Office365 | Power Platform | PowerApps Mediumlink | Permalink | Comments (0) | Post RSS mehr
Enhance your Copilot with Graph Connector relevance tuning Wednesday, June 5, 2024 12:00 PM Martina Grom Utilizing Graph connectors simplifies the process of incorporating your data into Microsoft 365 search and Microsoft 365 Copilot, enhancing your experience with seamless integration. A fresh addition to Copilot’s capabilities is the Relevance Tuning feature, that significantly enhances Copilot's functionality. Cloud | Copilot | Developer | English | Graph | Microsoft | Microsoft365 | Office365 | SharePoint Mediumlink | Permalink | Comments (0) | Post RSS mehr
Azure Logic Apps Toolbox 10-Dynamic access to keys and values in a JSON object Saturday, June 1, 2024 8:00 AM Toni Pohl In Azure Logic Apps, looping through objects is a common requirement. When we have prior knowledge of an object’s properties, the process is straightforward. However, things get more challenging when attempting to access properties dynamically. See a method to access data in a JSON object dynamically here. Azure | App | Logic apps | Tools | English | Flow Mediumlink | Permalink | Comments (0) | Post RSS mehr
Working with Microsoft Entra ID Applications - Part 2 Tuesday, May 14, 2024 10:00 AM Toni Pohl In Part 2 of this series we look into setting up and managing applications in a Microsoft 365 tenant. In Part 1, I focused on how Azure AD applications can be used to provide secure access control to data and services. I demonstrated how to create an Azure AD application in the home tenant and the importance of integrating with Azure AD for centralized app registration, management, and security measures. Azure | App | Cloud | Developer | English | Governance | Microsoft | Microsoft365 | Office365 | Security Mediumlink | Permalink | Comments (0) | Post RSS mehr