This site aims to give insights, best practices and tips & tricks into the Microsoft stack with a particular focus on Identity, although I will no doubt drift into Entra ID, On-Premises, Microsoft 365, Google and Azure. Having been in the Microsoft stack for a long time and with a development background in my early years, you will see PowerShell, Graph and perhaps even some C# code. I have collated the blogs into Categories (which are shown in the menu on the left)(which are shown in the hamburger menu above) and Tags (which are shown in the tag cloud in the bottom left)(which are shown in the tag cloud at the bottom) I hope you enjoy the site, please feel free to comment on any post. If you want a regular update sent to you summarising the recently added posts, then please subscribe to the newsletter.
Here is a list of the most recent blogs:
This blog post provides a technical overview of how Microsoft 365 and Microsoft Entra ID (formerly Azure Active Directory) use the special Kerberos realm kerberos.microsoftonline.com for single sign-on (SSO), cloud Kerberos trust, and enabling Entra-joined (Azure AD–joined) devices to access on-premises resources. It explains how the system works, what is...
Read MoreWhen building a Software as a Service (SaaS) or any application that serves multiple organisations, you often need a single identity platform to handle authentication and authorisation on behalf of each customer. Entra ID (formerly Azure Active Directory) allows you to register a single application in a “home” tenant, which...
Read MorePublic key infrastructure (PKI) secures everything from server certificates and device authentication to encrypted communications. When designing—or modernising—a PKI, you face a key decision: Microsoft cloud PKI or on-premises PKI. While Microsoft cloud PKI offers certain advantages—particularly for Intune-managed devices—it also has limitations that may not suit all organisations. Below,...
Read MorePublic key infrastructure (PKI) upgrades can be daunting—especially when juggling offline root CAs, policy CAs, and issuing CAs. Yet maintaining a healthy PKI is essential for strong security, regulatory compliance, and smooth certificate-based operations. In this blog, we’ll explore the fundamental considerations of upgrading a PKI, discuss the side-by-side method...
Read MoreHere is the final blog of our series on authentication. In our previous post, we explored Single Sign On deployed in various authentication protocols This blog summaries the previous blogs and provides recommendations and best practices around securing the recommended authentication protocols. When it comes to securing your systems, it’s...
Read MoreHere is the next part of our series on authentication. In our previous post, we talked about authentication protocols passwordless: how this is the next step in the evolution of authentication and how they avoid a lot of the problems that plague passwords, hashes and credential storage. This blog explores...
Read MoreHere is the next part of our series on authentication. In our previous post, we talked about passwordless: how this is the next step in the evolution of authentication and how they avoid a lot of the problems that plague passwords, hashes and credential storage. This blog explores authentication protocols...
Read MoreHere is the next part of our series on authentication. In our previous post, we talked about MFA: how this is used to strengthen the use of credentials, and the different methods available to secure user accounts and identities. In this post, we’ll dive deep into how passkeys work, how...
Read MoreWelcome back after Ignite, to the next part of our series on authentication. In our previous post, we talked about credentials: what they are and how they are stored. In this blogs we will step back and look at Multi Factor Authentication (MFA) and how this is used to strengthen...
Read MoreAs someone who has been going to Microsoft conferences for a very long time starting with TechEd in Auckland back in the 1990s, I had been looking forward to Microsoft Ignite 2024 for many months. This blog talks about that journey to Ignite where we were attendees, presenters and sponsors....
Read More