Entra ID Archives - Azure Security Architect

Device Restrictions using Conditional Access Policies in Azure Entra ID

anuj — Wed, 27 Nov 2024 18:13:19 +0000

Now, there’s a policy that allows you to restrict which devices get into your Azure subscriptions. The compliant devices policy requires you to list CIDR ranges/devices that are permitted. You can also make exceptions for specific devices if you need to.

The exact error

The portal encountered an issue while attempting to retrieve access tokens. We suggest attempting to sign in again, or alternatively, continuing without access tokens, although this may result in a suboptimal user experience. Additional details: invalid_grant: AADSTS530004: AcceptCompliantDevice setting isn’t configured for this organization. The admin needs to configure this setting to allow external users access to protected resources. Trace ID: af449c59-5668-4e01-9c12-6148328d6500 Correlation ID: e0318484-7e18-4c0f-b7a9-a678a9bc8cfd Timestamp: 2024-11-27 17:58:53Z.

The post Device Restrictions using Conditional Access Policies in Azure Entra ID appeared first on Azure Security Architect.

Letting in vendors to your Entra Tenant

anuj — Sat, 23 Nov 2024 00:26:33 +0000

Use Case

Let in a set of Vendor Engineers into your Azure Subscription (typically with GLOBAL READER permissions)

Steps in Entra and in Azure

Set up SSO using the vendor’s email id as the UUID.
Grant them GUEST User licenses – into your Entra Tenant
Put all these VENDOR GUESTS into a single AAD User Group.
Now use RBAC to grant this user group Azure resource permissions.

The post Letting in vendors to your Entra Tenant appeared first on Azure Security Architect.

P2 licenses – Use Case – SSO Authentication and MFA – no mailbox

anuj — Fri, 22 Nov 2024 20:36:46 +0000

Use Case – SSO Authentication and MFA – no mailbox

P2 licenses – Cloud Only Authentication (not federated)

The post P2 licenses – Use Case – SSO Authentication and MFA – no mailbox appeared first on Azure Security Architect.