SECURITY

Hi All,

Two days ago, Microsoft has released a new Version of Entra Connect Sync.

It’s only downloadable via the Microsoft Entra Admin Center

• Microsoft Entra Connect: Version release history

Download

Download is only availabel in Entra Admin Portal and is now not as hidden anymore

Entra Admin Center > Identity > Entra Connect > Entra Connect Sync Download the latest Entra Connect Sync Version

If you click on the Download Link you have to click on the “Accept terms & download” Button. It will download AzureAdConnect.msi 😂

Hi All,

I have already written a few Articles about Entra Verified ID

• Microsoft Entra Verified ID
• Verified ID Advanced Setup
• Entra Verifiable credentials Admin API with PowerShell

Overview

Today we want to dig deeper into Face Check.

Prerequisits:

• Microsoft Entra Verified ID setup completed before using Face Check
• Azure Subscription / Resource Group
• User that sets up Face Check has Contributor role for the Azure subscription / Resource Group

Costs:

Hi All,

Just a few days ago, Microsoft has announced that the updated Hybrid configuration Wizard (HCW) now supports the Configuration of the Dedicated Hybrid App.

• Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions
• CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

Microsoft has also announced some block Tests. As the Adoption of Dedicated Hybrid App does not seem at the Level Microsoft is expecting.

Hi All,

Just a few days ago, Microsoft has released a new Version of Entra Connect Sync.

It’s only downloadable via the Microsoft Entra Admin Center

• Microsoft Entra Connect: Version release history

There is also a new Article (or at least new to me) about the diffrent Stages for Identity Cloud transformation

• Cloud transformation posture

Download

Download is only availabel in Entra Admin Portal and is now not as hidden anymore

Hi All,

Recently i have been stumbled upon a new Version of the Microsoft Purview Information Protection client

• Microsoft Purview Information Protection client

• Microsoft Purview Information Protection client - Release management and supportability

Installation of the *.msi file

Started the Information Protection Viewer client

List commands from the PowerShell Module PurviewInformationProtection

Get-Command -Module PurviewInformationProtection

Regards
Andres Bohren

Hi All,

A few days ago, i did publish the Article Installing ADFS on Windows Server 2025. That gave me the opportunity, to test some scenarios with Exchange and Active Directory Federation Services (ADFS).

ADFS Server

Let’s start the ADFS MMC

C:\Windows\ADFS\Microsoft.IdentityServer.msc

Create relying party trusts in AD FS for Outlook on the web and the EAC

As you can see, the Relying Party Trusts are empty

Create Relying Party Trust for Outlook on the Web (owa)

Hi All,

For a Project i had to test something with ADFS. That’s why i have set up an Active Directory Federation Server/Service (ADFS) on a Windows Server 2025.

To be clear: I don’t advocte for installing ADFS. In contrary i still recommend to use Entra ID instead of ADFS and get rid of Federated Domain in M365.

Install Windows Feature

Install-WindowsFeature ADFS-Federation -IncludemanagementTools

Certificate

There are many ways on how to get a public Certificate. These two ways i have documented with Blog Articles. But there are many more…

Hi All,

In my professional Life, i have architected and implemented many Exchange Hybrid Organizations.

Most of the Time the MX Records still point to the OnPrem Mailgateway or a 3rd Party Service for AntiMalware, Antispam, AntiPhishing. These Systems have well designed Rules for preventing Malware and unwanted Mails.

But customers forget, that with Exchange Online by default comes two MX Records to your Tenant, where someone potentially can bypass all these checks from the OnPrem Mailgateway and deliver Mails directly to Exchange Online Protection (EOP).

Hi All,

Just a few days ago, Microsoft has released a new Version of Entra Connect Sync.

It’s only downloadable via the Microsoft Entra Admin Center

• Microsoft Entra Connect: Version release history

It’s really hidden: Entra Admin Center > Identity > Hybrid Management > Microsoft Entra Connect > Get started > Manage > Download Connect Sync Agent

If you click on the Download Link you have to click on the “Accept terms & download” Button. It will download AzureAdConnect.msi 😂

Hi All,

I’ve released an updated Version of my Conditional Access HTML Export PowerShell Script on my GitHub Repo.

It’s always a Pain to document Conditional Access Policies. So i’ve forked and modified the Script from https://github.com/dougsbaker/CA-Export to match my needs.

Recently i saw the new “Network” Section in the Conditional Access Policies. I Like when the Sections match the HTML Output

• Users
• Target resources
• Network
• Conditions
• Grant
• Session

The Script requires the Microsoft.Graph PowerShell Modules and the following Permissions