Jef Kazimer
@JefTek
Followers
5,058
Following
3,024
Media
1,658
Statuses
24,423
Principal Product Manager @Microsoft #MicrosoftEmployee #Microsoft #Entra #Identity #EntraID - Tweets are my own
Chicago, IL
Joined February 2007
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Rebecca Cheptegei
• 73670 Tweets
Win Hashtag Legend TH
• 70979 Tweets
Michel Barnier
• 57909 Tweets
OST JACK JOKER X TATTOO
• 54503 Tweets
#サッカー日本代表
• 48424 Tweets
#GoodSoBad3rdWin
• 34206 Tweets
Port
• 33762 Tweets
中国代表
• 31299 Tweets
Macron
• 21678 Tweets
MGA ALBUM NI PABLO
• 20271 Tweets
Bahrain
• 18851 Tweets
ZB1 FIRST MCD WIN
• 17961 Tweets
伊東純也
• 17192 Tweets
D-6 SB19 KALAKAL MV
• 16364 Tweets
#daihyo
• 16080 Tweets
RIZIN
• 13676 Tweets
4M900K WITH YOU GULF🩷
• 12388 Tweets
البحرين
• 11031 Tweets
#素のまんま
• 10342 Tweets
Pinned Tweet
The more experience you get in your field, and the more senior you become in your role, the best skill that you improve is knowing when you need to ask others for help.
When you help others grow, you are also helping yourself so a reminder that when someone asks for help please
4
2
27
Stop using per-user MFA for
#AzureAD
MFA. "Don't enable or enforce per-user Azure AD Multi-Factor Authentication if you use Conditional Access policies."
9
92
297
Just a reminder when focusing on
#security
for your
#office365
and
#azuread
tenants one of the key attack vectors comes from your on-premises environment. If you have not read and implemented the guidance in you should & read this thread. 1/7
#identity
4
92
283
In case you were not aware, if you are using
#PowerShell
with
#AzureAD
, the teams have been creating cmdlets for common tasks using
#MSGraphAPI
module and publishing them in the MSIdentityTools module on the
#PowerShell
Gallery here!
#identity
@merill
7
71
238
Are you monitoring your
#azureAd
tenant for external users the business invites but are not actually redeemed? Here is a quick example
#powershell
cmdlet using MS Graph API to enumerate them by creation date and either delete or disable them as you wish
4
56
237
MFA prompt grinding users to approve is real. I recommend enabling MFA Code match and additional notification context to help end users make better decisions if you are using
#azuread
or
#office365
and want to upgrade from other MFA solutions.
#security
11
62
231
I wanted to highlight a new Preview feature in Entra:
Report Suspicious Activity can elevate User Risk!
When you enable this feature, if an end user chooses to report fraud/suspicious activity during an MFA prompt, you can raise their user risk so you can take additional
10
66
208
If you are using
#azuread
conditional access policies do this and get visibility to gaps in your security posture and close them.
1️⃣ Enable the Identities CA policy templates in report only mode
2️⃣ Enable and use the CA insights workbook
3️⃣ Review scenarios, gaps, and remediate
7
57
205
Pro tip for IT Pros:
✅ - Install
#PowerShell
7.x and upgrade from Windows PowerShell 5.1
✅ - Use VS Code and upgrade form Windows PowerShell ISE
✅ - Use GitHub for PS code
✅ - Use Windows Terminal
12
41
161
Chrome Browser added native CloudAP support for
#AzureAD
SSO in version 111.
I am curious if anyone has started enabling this in their organization yet?
Are you replacing the previous Chrome extension so your users get SSO to all the services you have in AzureAD?
14
41
125
The on-premises hybrid components when not properly designed or deployed with security in mind can be a large attack surface to compromise your cloud environment.
In addition to what
@DrAzureAD
highlights below I would recommend all hybrid customers read and implement the
A "good" example of gaining initial access to cloud by using
#AADInternals
to export Azure AD Connect credentials. To prevent:
▪️ Treat all hybrid components as Tier-0!
▪️ If you have used DirSync for synchronisation, make sure the sync account doesn't have "Global
5
51
177
1
30
122
This is very exciting. MacOS users will finally get an improved experience by using
#azuread
credentials at machine logon instead of another local logon credential. Have you already deployed the enterprise SSO plugin for MacOS so users get SSO to apps and services in AzureAD?
Platform single sign on is coming to macOS!
What does this mean? Users can now sign into a mac with their AD/Azure AD credentials just like Windows users.
Users will then get single sign on to ALL THE APPS with a PRT token just like on Windows.
See
25
164
507
6
22
109
Has your enterprise deployed Windows 10/11 and you are still using passwords because you have yet to deploy WHFB? Have I got a treat for you!
#security
#passwordless
9
38
108
Are you running
#PowersShell
scripts to automate tasks in managing
#ExchangeOnline
? There is a great new doc how you can update those scripts to use managed
#identity
and
#AzureAutomation
!
#O365
#AzureAD
#Office365
Check out
1
21
91
If you are looking to do more
#powershell
automation for
#AzureAD
,
#Office365
, I would highly recommend using the MS Graph PowerShell SDK Module which uses the
#MSGraphAPI
across the services. I see there is a new
#MSlearn
module to help get you started
0
20
91
Well look what showed up on in docs today ....
7
31
91
Have you tried this yet? If not, would a walkthrough video of the
#PowerShell
script in the AzureADToolkit module to help you identify users with elevated roles who are either not registered for/using MFA be useful?
#azuread
#identity
#security
6
10
85
❓Are you using a MacOS device today?
❓Are you or your company using O365/Entra AzureAD today?
⁉️ Are you supporting VIPs in your orgs who use MacOS devices today?
🔥Deploy the SSO plug-in for Apple Devices!
The docs are updated for the Microsoft Enterprise SSO plug-in for
6
21
86
If you focus on
#security
in the enterprise for
#azuread
or
#office365
for your org, why would you NOT require MFA for 100% administrator privileged users all the time? I can't think of a reasonable answer of why you wouldn't, but if you have one I'd like to hear it.
#enablemfa
19
13
80
✅ Create M365 Groups in the Cloud!
✅ Manage group assignments with Access Packages, Policies and Access Reviews!
✅ Enable writeback of Groups to on-premises to use for access
🔥 Manage all your cloud and on-prem group membership for access in one place using
#azuread
!
2
17
75
@GregoryMcFadden
This is less than impressive.. I would be expecting the blue line on the ground like it's leading me to turn in a quest to an NPC. Not like the ghost of Rand McNally hovering in front of me.
1
1
65
Temporary Access Pass (TAP) feature in the Entra
#AzureAD
platform is now GA!
🔥 OOBE setup for AADJ + setup WHFB without password!
✅ Enroll FIDO2 or setup Phone Sign-In!
Have you started upgrading to
#passwordless
yet? Why not?
@tim_c_larson
's post
1
23
66
Reading about the Dragos event where they added increased verification after the event, I am reminded of this graphic from which explains why it is part of the process to verify the onboarded user before providing credentials for access.
When I talk to
4
13
61
If you are using HAADJ today what are the reasons you have not yet moved to AADJ for windows devices? So many benefits and still get onprem enterprise SSO when you are on the intranet.
22
10
59
KQL is a skill that is always on my list of 'get better with'. Over the past week or so I really dove into creating an
#azureworkbook
to help customers visualize specific activity in their
#azuread
tenants that will end up here soon
2
14
58
I am excited to see that
#AzureAD
cross-tenant access settings are now public preview! Inbound/Outbound controls and ability to trust claims from your external collaboration partners using AzureAD!
#identity
#security
#o365
#sharepoint
#microsoftteams
4
17
59
Want to know more about how the
#Windows10
Primary Refresh Token (PRT) works with
#AzureAD
to provide enterprises with single sign-on (SSO)? Then this doc is for you!
3
15
56
I know many have been waiting for this, but it's here!
Read about the new improvements in
#Microsoft
Authenticator.
#identity
#security
#azuread
1
9
53
Here is a great overview video to learn more about Azure Active Directory for customers that was announced this week.
#azuread
#identity
#microsoft
1
13
51
Just Published: Manage emergency access accounts in Azure AD - guidance for planning and monitoring
#azuread
#identity
#microsoft
#microsoftidentity
1
21
48
ADFS once was the way,
But now Azure AD is here to stay.
With seamless access and single sign-on,
Migrating your apps will never be wrong.
No more servers to maintain and update,
Azure AD will keep your security first-rate.
So make the switch without hesitation,
And enjoy the
4
9
46
New Year, New Projects! Join the
#Microsoft
Identity Product Group chat on
#twitterspaces
to share your new projects and get your
#azuread
questions answered to get moving!
#identity
#cloud
#Security
Set a reminder for our upcoming Space!
0
15
42
Do you want to learn more about Microsoft Entra?
I often share info about security and identity but where do you begin if you are just starting out and want to learn more?
Maybe you just purchased Office365 or Azure and want know where to start.
Maybe you have been
1
9
47
I am glad we have the new
#AzureAD
recommendations feature now in public preview. In my lab tenant I had forgotten to disable per-user MFA for some accounts, and it surfaced them to remind me to use CA policies instead! 😍😍 Have you checked your tenant recommendations yet?
2
10
47
@paulsanders87
As always I highly recommend the guidance here for all hybrid organizations as a refresher on how to help secure your cloud environment from the on-premises attack surface
0
7
46
I always save this link since Ramiro in our Identity Architecture team has a list of Entra Identity papers his team publishes since I often reference them, so I thought you should have it too...Share it!
#entra
#identity
#security
#microsoft
1
6
46
Now that you can trust your partners managed device state when accessing your resources in
#AzureAD
are you going to update your CA policies to require compliant/Hybrid join devices for external user access? Let's discuss why you would or why you wouldn't.
2
11
44
Deeper dive walkthrough video of the
#AzureAD
configuration for enabling secure Auth Method registration to enable Passwordless user onboarding.
Have you enabled it yet?
#identity
#security
#passwordless
4
10
42
Over the weekend I did some testing of the new
#MSGraph
SDK PowerShell module v2 preview using managed identity for automating identity tasks such as cleaning up unredeemed invited B2B users and wrote it up here.
#azuread
#identity
#powershell
0
14
43
How do you manage devices when they go Entra Joined moving from traditional domain joined? Join the team as they talk about Microsoft Entra Joined + Intune for a deeper dive beyond the basics on the
@425Show
#intune
#entra
#microsoft
0
6
44
1 - Provision Admin accounts
2 - Enroll Admins w FIDO2 keys to be passwordless -
3 - Set upto 256char random passwords on admin accounts
4 - Enable CA policies requiring MFA for admins
5 - Sleep better at night for helping your org
Password reuse across orgs.
If you work as an admin/have access to domain/global admin at company X, then you leave company X to work at company Y,
WHY would you reuse the same domain/global admin creds? Don't do this my goodness.
AlexW is right, passwords don't matter.
3
1
13
3
10
41
If your organization is one of the 91.8% with admins without MFA, then you really need to go watch
@markmorow
and
@rohinigo
's
#MSIgnite
session "Shut the door to cybercrime with identity-driven security"
#Identity
#security
#MSIgnite2019
2
18
41
@AGoldmund
Someone please do an expose on how much money these types of videos make. The 'don't cap me' nut guy, and the 'break my mouse' reset guy. Also the 'scare me while I sleep' videos. It seems like they are on 24/7
2
0
36
Wrapped up another
#adfs2aad
workshop where customers still using
#ADFS
learned why they should move to
#azuread
& the tools and guidance to make it easy in doing so! Still using ADFS? register for the upcoming sessions of the FREE workshop at
#Office365
2
9
40
A common pattern in modern Merger and Acquistion activity is to do day 1 access enablement via Entra ID B2B to Entra resources, and later do the account migration as things progress. You can now convert those external B2B users to internal users with this new API now in Preview!
3
7
40
@nunu10000
Wait till you hear how we worked together to better secure MacOS devices with Platform SSO integration into Entra ID for Passwordless authentication!
2
0
38
How often do you audit and review if you have CA policy gaps in your organization to meet best practices?
See best practices and report here:
#microsoft
#security
#entra
#entraid
#azuread
#o365
#office365
#conditionalaccess
#cloudsecurity
Never
23
Monthly
14
Quarterly
12
Yearly
12
4
5
38
@janbakker_
.All. I remember working with a customer who was granting this for all their apps by default via CICD process until I asked them to read the docs on the permission of what this grants the application. A good reason why I recommend using the Entra portal
3
7
39
@Collab_Seth
Indeed!
1 - Generate TAP and Provide TAP to end user
2 - Download Microsoft Authenticator
3 - Setup Microsoft Authenticator for MFA & Passwordless by signing in with TAP all at once
4 - Go to Password Reset page
5 - Reset Password w/ MFA Push Notification
See 3rd video here:
2
6
38
I would recommend to only manage CA exclusion groups via entitlement management so you have governance of WHY, non persistant, and traceability of the approval/review of exclusion and put those groups in restricted admin units so only EM can change membership.
1
1
37
Today has been a rough day to see such amazing people learn they no longer have a position across different roles. If you are looking for some awesome people who know identity products and services reach out so I can hopefully help connect people connect some dots.
2
6
37
Since
#azuread
Group Writeback v2 is in public preview I wrote some
#powershell
automation to get the current values & set the desired writeback settings on groups. If YT will let me live stream it I might do a quick stream from 0 to
#msgraph
cmdlet tommorow if there is interest
2
3
37
So let's talk about why you REALLY want to enable the use of the PRT.
You really should be requiring MFA for ALL token request for ALL applications ALL the time. I fully understand that it may take time to get there, and you should take into account the user experience while
3
5
37
Do you know the difference between a service account and a service principal? If not, come join as we talk workload identities this week on
#microsoftidentitypgchat
spaces!
#identity
#azuread
#security
Join
@markmorow
@BaileyBercik
@jeftek
and others
0
15
35
🎉Is your org using
#ADFS
and want to use
#AzureAD
for ALL your apps? We have a series of FREE workshops to help your learn>plan>execute your migration to improve security + user experience. Sign up here!
#microsoft
#office365
#identity
#security
0
24
34
I would agree, all
#azuread
customers should look at using Authenticator for
#MFA
Push Notifications with Number Match + Context to help inform users about the prompt. It's a great step on your path to
#passwordless
too.
#Security
I've seen a lot tweets about blogs for enabling number-matching for
#passwordless
auth, but tl;dr: here's where to do it in
#AzureAD
. Top switch. Do it to get the upper hand on
#MFA
exhaustion. Requesting app in public preview is also a Very Good Idea.
0
2
10
2
6
33
If you are using Entra ID today, how are you doing your reporting? For Activity reporting you are likely exporting it to your SIEM and reporting there.
But what about your object and configuration state reporting? Do you want to compare things between snap shots of data?
2
12
34
@lukasberancz
We did a 400 level deep dive on the 425show on Conditional Access I would highly recommend watching
0
6
33
@SwiftOnSecurity
@JorgeALopez
This thread is golden.
✅ Requiring MFA for all authentication is NOT the same as interrupting SSO to prompt a user to respond to MFA challenge on every authentication request
More MFA prompts does NOT equal more security. They should be a sometimes thing as needed.
1
3
33
Well here is a great Sunday Treat!
I finally encouraged
@markmorow
that he has LOTS of great content he has published and helped with to finally publish his own site to share it on so others can discover it centrally.
Go check it out at
#identity
2
10
33
@el_jasoon
I prefer generating the Temporary Access Pass (TAP), providing it to the end user who uses it to register Authenticator App for MFA and Passwordless auth. They can the use SSPR to reset a password as needed. The unique part is getting the TAP to them with some customers
1
2
33
We just updated the Microsoft Entra ID Governance docs based on feedback to link to the detailed features across the Entra license skus. This should make it easier to learn about each feature for managing access.
#microsoft
#entra
#identity
#security
3
14
32
Have you upgraded your CA policies to use specific Authentication Strengths yet or are you still using the MFA control? Highly recommend deploying phishing resistant authentication methods AND enforcing they be used via CA policies
Excited to share my latest research on phishing Windows Hello for Business by way of a downgrade attack, using EvilGinx.
Looking forward to your thoughts.
Read it here:
4
57
162
1
9
31
Did you know that
@merill
has a Discord server for Entra News? See to join the server. I was asked the other day for more Entra focused communities so I thought I would share.
#entra
#microsoft
#identity
#Security
3
7
31
@NathanMcNulty
@SantasaloJoosua
My preferred way to deploy Conditional Access policies is to use the templates as your foundation, then go add custom policies as needed.
1 - enable ALL the identity based policies in report only mode - you now have a secure foundation to measure against.
0
5
31
When is the last time you checked out and replaced using a password with registering a passkey for services you use that support them?
If never, now is the time to start!
4
5
30
If you are focused on Identity and Security than you should register for this upcoming event!
Don't miss to join the event on June 20th: "Reimagine secure access with Microsoft Entra" to see the latest identity and access innovations in action!
Registrations are open at:
3
11
30
I know you love
#PowerShell
. And I hope you are using
#azuread
for
#identitygovernance
!
#identity
#security
Tutorial: Manage access to resources in Active Directory entitlement management using Microsoft Graph PowerShell
1
7
30
Want to learn more about the new Microsoft Entra ID Governance features with some short quick learn videos?
@markmorow
made some clips of last weeks
@425Show
on this list playlist:
#microsoft
#identity
#security
#entra
#entraid
#azuread
3
16
28
✅ No PKI to deploy
✅ No Certs to issue
✅ No On-Prem Key Writeback Delays
✅ No ADFS
😍Passwordless Phishing Resistant Authentication Methods
#security
#identity
#passwordless
#cloudsecurity
#microsoft
#AzureAD
2
11
30