Is it really bad to expose your infrastructure to the Internet?

by vanyurikhin

Probably you heard a phrase “Don’t expose your server to Internet!” and some even used that to tell others what they should not do. And we all understand that it is something bad and all industry standards are against that.  However, during my conversations with some project teams I heard questions “What is going to … Continue reading Is it really bad to expose your infrastructure to the Internet?

How users can evade Conditional Access policies and how you can stop it.

by vanyurikhin

Do you know that if your Conditional Access (CA) policies were poorly designed, your users can evade them with just a couple of clicks? And the title of this post is not a “clickbait”, let me show you how it can be done, why this is happening and how to avoid this. First, I’m going … Continue reading How users can evade Conditional Access policies and how you can stop it.

Azure AD Application Proxy – expose your internal applications without piercing network.

by vanyurikhin

In my years of working with Azure I always find that Azure AD Application Proxy is a some kind of a hidden gem. Not everyone heard about that and even less people worked with it. What is the Azure AD Application Proxy? It is a service which expose your internal/on-premises application through Azure services with … Continue reading Azure AD Application Proxy – expose your internal applications without piercing network.

What is Report-Only mode in Azure AD Conditional Access policies, and how to use it.

by vanyurikhin

In old times Azure AD Conditional Access policies could be only enabled or disabled. That means that policy deployment have to be tested and planned very carefelly and still, you might face some issues with use cases you didn’t accounted for and as a consequence to have an impact on end users. But fortunately we … Continue reading What is Report-Only mode in Azure AD Conditional Access policies, and how to use it.

What is BlueBleed and why you need to think about it? And how to protect your Storage Accounts.

by vanyurikhin

If you are working with Azure, you probably heard about recent “security breach” happened with Microsoft. And Microsoft even responded: In a nutshell, SOCRadar discovered misconfigured Azure Blob Storage which was publicly exposed. Unfortunately, it had A LOT of sensitive data inside. Right now this situation is going into discussions around impact and if SOCRadar … Continue reading What is BlueBleed and why you need to think about it? And how to protect your Storage Accounts.

How to deploy any application to macOS device using Intune.

by vanyurikhin

If you are managing macOS devices with Intune, you probably noticed that there are few limitations in Intune related to applications deployment. This is happening because Intune uses MDM channel to manage macOS devices and only .pkg files is supported, while a lot of apps are using .app or even .dmg files. But last year … Continue reading How to deploy any application to macOS device using Intune.

iOS native mail app, OAuth and Conditional access

by vanyurikhin

On week of November 5th Microsoft released new functionality in iOS email configuration – Support for iOS 12 OAuth in iOS email profiles. Why it is important? Because before you had no option to enforce Modern authentication to iOS native mail app, which is still more preffered by any customers, and you had only option … Continue reading iOS native mail app, OAuth and Conditional access