Finally - the new Microsoft Entra Connect v2.6.79.0 is just released!
▲ 67 r/SysAdminBlogs+1 crossposts

Finally - the new Microsoft Entra Connect v2.6.79.0 is just released!

Finally - the new Microsoft Entra Connect v2.6.79.0 is just released!

This blog post has been in the works for quite some time, and finnaly I can publish it! It have also been a fun experience collaborating with the product team behind it at Microsoft again again!

It contains also some undisclosed security fixes, and Microsoft also recommends updateing it soon as possible.

On the other side, it finally introduces support for FIDO2-based authentication - a feature many have been waiting for! 🔒

In my latest blog post here: https://blog.sonnes.cloud/microsoft-entra-connect-sync-passwordless-authentication-now-supported/ I take a deep dive into how it works and what you need to know - and sorry for the length of the article, but it includes some great insights from the development process, along with bugs, fixes, and discoveries I encountered along the way - you all know me, #TheBugHunter 😂

Take a look at the blog and learn more about this exciting update!

#Microsoft #EntraID #Identity #Security #TheHubHunter #EntraIDConnect #Updates #Passwordless #FIDO2 #IdentitySecurity #ZeroTrust #Microsoft365 #HybridIdentity #ITPro #Cloud #MVP #MVPBuzz

u/michaelmsonne — 13 days ago

Managed Identity Permission Manager v1.1.0.5 us out!

I'm excited to announce the latest release of my Managed Identity Permission Manager tool!

Back then, it was started as a "fun" community project, but has now grown beyond anything I expected! And thanks to all of you, my tool has now 6,700+ downloads from GitHub and 130+ stars! 🤯❤️

This release continues my mission of making it easier to manage API permissions for Azure/Entra ID Managed Identities without the complexity and manual work that many of us face daily.

The tool helps administrators and engineers quickly view, assign, remove, and audit permissions across Managed Identities through a simple interface - and with all operations and logging performed locally on your own machine! 🔒

A huge thank you to everyone who has downloaded the tool, submitted feedback, reported issues, tested new features or shared ideas. The community support has been incredible and is the reason the project continues to evolve.

Read about the latest release:
https://blog.sonnes.cloud/managed-identity-permission-manager-v1-1-0-5-is-here/

And the changes for the recent releases also, I forgot to share them - sorry! 🤣

Download the tool from GitHub here:
https://github.com/michaelmsonne/ManagedIdentityPermissionManager

And as always, feedback, feature requests, and suggestions are welcome!

reddit.com
u/michaelmsonne — 24 days ago

Managed Identity Permission Manager v1.1.0.5 us out!

I'm excited to announce the latest release of my Managed Identity Permission Manager tool!

Back then, it was started as a "fun" community project, but has now grown beyond anything I expected! And thanks to all of you, my tool has now 6,700+ downloads from GitHub and 130+ stars! 🤯❤️

This release continues my mission of making it easier to manage API permissions for Azure/Entra ID Managed Identities without the complexity and manual work that many of us face daily.

The tool helps administrators and engineers quickly view, assign, remove, and audit permissions across Managed Identities through a simple interface - and with all operations and logging performed locally on your own machine! 🔒

A huge thank you to everyone who has downloaded the tool, submitted feedback, reported issues, tested new features or shared ideas. The community support has been incredible and is the reason the project continues to evolve.

Read about the latest release:
https://blog.sonnes.cloud/managed-identity-permission-manager-v1-1-0-5-is-here/

And the changes for the recent releases also, I forgot to share them - sorry! 🤣

Download the tool from GitHub here:
https://github.com/michaelmsonne/ManagedIdentityPermissionManager

And as always, feedback, feature requests, and suggestions are welcome!

u/michaelmsonne — 24 days ago
▲ 13 r/entra

Managed Identity Permission Manager v1.1.0.5 us out!

I'm excited to announce the latest release of my Managed Identity Permission Manager tool!

Back then, it was started as a "fun" community project, but has now grown beyond anything I expected! And thanks to all of you, my tool has now 6,700+ downloads from GitHub and 130+ stars! 🤯❤️

This release continues my mission of making it easier to manage API permissions for Azure/Entra ID Managed Identities without the complexity and manual work that many of us face daily.

The tool helps administrators and engineers quickly view, assign, remove, and audit permissions across Managed Identities through a simple interface - and with all operations and logging performed locally on your own machine! 🔒

A huge thank you to everyone who has downloaded the tool, submitted feedback, reported issues, tested new features or shared ideas. The community support has been incredible and is the reason the project continues to evolve.

Read about the latest release:
https://blog.sonnes.cloud/managed-identity-permission-manager-v1-1-0-5-is-here/

And the changes for the recent releases also, I forgot to share them - sorry! 🤣

Download the tool from GitHub here:
https://github.com/michaelmsonne/ManagedIdentityPermissionManager

And as always, feedback, feature requests, and suggestions are welcome!

https://preview.redd.it/fem0ifwbdo6h1.png?width=966&format=png&auto=webp&s=fc4d5596acceedfc4bb30860113fec68ab4ba152

https://preview.redd.it/zhvkffwbdo6h1.png?width=1282&format=png&auto=webp&s=56bf1ea30b2664131e79a7e582d59ef15e0b30e1

reddit.com
u/michaelmsonne — 25 days ago
▲ 55 r/entra+1 crossposts

Azure Role-based access control (RBAC) now possible via Access Packages!

Just to tell it to you all about htis new add, a very nice and missed new feature 😍

You can now assign Azure Role-based access control (RBAC) directly through Access Packages. No more relying on group-based workarounds for Azure resource access!

What's new?

> Assign Azure RBAC roles at Management Group, Subscription, or Resource Group scope.

> Support for both Active and Eligible assignments, integrating with PIM for just-in-time access!

> Works with built-in AND custom Azure roles!

> Approved users automatically receive the required Azure permissions through the access package lifecycle.

Why this is a need:

> This brings Azure resource permissions into the same governance model as apps, groups, SharePoint sites and Teams (I hope you useing it 😉)

> Improves visibility of who has access to what.

> Strengthens least-privilege and access lifecycle management.

> Simplifies onboarding, reviews, and removal of Azure resource access.

A nice step toward for a centralized access governance platform for both identity and Azure resource permissions 🫡

Read the docs here: https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-azure-role-assignments?wt.mc_id=MVP_353010

#Microsoft #EntraID #Azure #IdentityGovernance #CyberSecurity #PIM #AzureRBAC #ZeroTrust #IAM #Cloud #Security #MVP #MVPBuzz

u/michaelmsonne — 1 month ago
▲ 22 r/entra

The new Microsoft Global Secure Access client for Windows is now out, and I enjoy working together with the team behind it in the Product Teams, and it´s a honor to help shareping the product sense the early days, before the public know anything about it! 😉🙏

The new Windows client 2.28.96 (for x64 and ARM) is available to download from Entra portal or direct here from the aka.ms/GlobalSecureAccess-windows

Version 2.28.96 have the following functional changes vs. last  2.26.108 releaese:

> The Sign Out button shows by default only on Microsoft Entra-registered devices. For Microsoft Entra-joined devices, the option is hidden and you can show it by setting a registry key. For details, see Hide or unhide system tray menu buttons here: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-install-windows-client#hide-or-unhide-system-tray-menu-buttons?wt.mc_id=MVP_353010

> The Sign Out button is now in the user interface in the account control in the main Global Secure Access client window. It's no longer available in the system tray menu.

> A user can sign out from the Global Secure Access client and sign in as a different user in a different tenant onboarded to Global Secure Access.

> When the client is signed out, the Sign In button replaces Sign Out in the account control in the main Global Secure Access client window.

> Traffic logs in the Microsoft Entra admin center include the device join type, cross-tenant access type, and home tenant ID.

> Enhancement to Intelligent Local Access: supports the ability to assign (in the portal) a private application to multiple private networks.

> Enhancement to Intelligent Local Access: adds Private Networks section to the Forwarding profile tab in the Advanced diagnostics tool.

Other changes includes:
> Internal internet connection test no longer requires access to msn[.]com (this change removes a dependency on an external website introduced in version 2.26.108). Note: the connection test still requires access to www.msftconnecttest\[.\]com.

> Advanced log collection includes Kerberos logs and the output of gpresult.
Log collection includes the list of the device's root Certificate Authorities (CAs).

> New telemetries are available.

> Miscellaneous bug fixes and improvements.

https://preview.redd.it/g21tifr2r2yg1.jpg?width=1197&format=pjpg&auto=webp&s=45d087a6cc0cd0ea326ca6c9aebb92b611729d41

reddit.com
u/michaelmsonne — 2 months ago

Help push Microsoft to align the Microsoft Graph, Microsoft 365 Admin APIs & Entra ID APIs and other API´s for Consistent Access - it´s needed

A bit hard to find the "right" place, so I try here in a general one as it´s "cover" it all almost.

Currently, there is a significant misalignment between Microsoft Graph, Microsoft 365 Admin Portal APIs, Entra ID APIs, and other related endpoints. Many critical configuration and reporting settings are only available through:

These APIs can typically only be accessed via user tokens (delegated context) and often require Global Administrator rights, even for simple read-only (GET) requests. Application permissions via service principals (App Registrations) are often not supported, making automation at scale nearly impossible.

Help us to see if we can get the Microsoft Graph API better here: https://feedbackportal.microsoft.com/feedback/idea/1b538889-b084-f011-8151-7c1e529deacc

All support is welcome - as of now, the top 1 on the feedback portal, but we can get a highter number.

reddit.com
u/michaelmsonne — 3 months ago