Peter Lorenzen
@theheatdk.bsky.social
Azure cloud architect from Denmark
We finally have some news. PowerShell 7.4 support is schedule for June 15 - github.com/PowerShell/P...
April 17 2025 Community Call · PowerShell PowerShell · Discussion #25057
Agenda: 7.6 preview release @SydneyhSmith Docker updates @SydneyhSmith PSGallery updates @SydneyhSmith Docs update @sdwheeler PSSummit recap @psjamessp Upcoming conferences @StevenBucher98 @kilasui...
github.com
April 19, 2025 at 11:59 AM
We finally have some news. PowerShell 7.4 support is schedule for June 15 - github.com/PowerShell/P...
I assume Policy.Read.ApplicationConfiguration is the reason.
The not supported for Delegated (work or school account) confuses me? :-)
The not supported for Delegated (work or school account) confuses me? :-)
March 14, 2025 at 10:13 AM
I assume Policy.Read.ApplicationConfiguration is the reason.
The not supported for Delegated (work or school account) confuses me? :-)
The not supported for Delegated (work or school account) confuses me? :-)
March 14, 2025 at 10:11 AM
Application Administrator or Cloud Application Administrator...
March 14, 2025 at 9:54 AM
Application Administrator or Cloud Application Administrator...
merill.net - After using Update-MgPolicyDefaultAppManagementPolicy on 6 tenants multiple times my conclusion is that the documentation is wrong :-)
You need Security Administrator + Application Administrator for it to work. If you only have Security Administrator you get an 403 error.
You need Security Administrator + Application Administrator for it to work. If you only have Security Administrator you get an 403 error.
March 14, 2025 at 9:42 AM
merill.net - After using Update-MgPolicyDefaultAppManagementPolicy on 6 tenants multiple times my conclusion is that the documentation is wrong :-)
You need Security Administrator + Application Administrator for it to work. If you only have Security Administrator you get an 403 error.
You need Security Administrator + Application Administrator for it to work. If you only have Security Administrator you get an 403 error.
Ok. Thanks for answering :-)
March 8, 2025 at 2:42 PM
Ok. Thanks for answering :-)
Sorry I missed the blue box :-( Thanks for answering!
March 6, 2025 at 8:34 PM
Sorry I missed the blue box :-( Thanks for answering!
Thanks, @merill.net - Is the Global Admin role required to update the tenant app management policy, or will some other role suffice?
March 5, 2025 at 10:15 PM
Thanks, @merill.net - Is the Global Admin role required to update the tenant app management policy, or will some other role suffice?
Congrats. Any tips for good prep material?
March 2, 2025 at 3:43 PM
Congrats. Any tips for good prep material?
December 3, 2024 at 3:04 PM
Ok. Thanks for taking time to answer 👍
November 16, 2024 at 5:58 AM
Ok. Thanks for taking time to answer 👍
I get that it is possible to steal tokens so if the role is active for 1 hour and somebody steals the MFA tokens they have one hour with access but that is the same for cloud only account.
We have a lot of discussions around this a the moment, so I would very much like to understand it! :-)
We have a lot of discussions around this a the moment, so I would very much like to understand it! :-)
November 15, 2024 at 9:19 PM
I get that it is possible to steal tokens so if the role is active for 1 hour and somebody steals the MFA tokens they have one hour with access but that is the same for cloud only account.
We have a lot of discussions around this a the moment, so I would very much like to understand it! :-)
We have a lot of discussions around this a the moment, so I would very much like to understand it! :-)
Sorry if I am a little dense :-) Users are in AD. In Entra they have MFA configured. The PIM setting require them to sign-in and use MFA when a role is activated. If they are compromised on-prem only their password is compromised not their MFA method. So how can anybody get around the MFA policy?
November 15, 2024 at 9:16 PM
Sorry if I am a little dense :-) Users are in AD. In Entra they have MFA configured. The PIM setting require them to sign-in and use MFA when a role is activated. If they are compromised on-prem only their password is compromised not their MFA method. So how can anybody get around the MFA policy?
Hi Jef,
I am surprised about this. If you on PIM role activation require reauthentication via CA authentication context so users has to do sign-in + MFA every time they activate a privilege Entra role, why is it still a non-no to use synced users?
I am surprised about this. If you on PIM role activation require reauthentication via CA authentication context so users has to do sign-in + MFA every time they activate a privilege Entra role, why is it still a non-no to use synced users?
November 15, 2024 at 8:38 PM
Hi Jef,
I am surprised about this. If you on PIM role activation require reauthentication via CA authentication context so users has to do sign-in + MFA every time they activate a privilege Entra role, why is it still a non-no to use synced users?
I am surprised about this. If you on PIM role activation require reauthentication via CA authentication context so users has to do sign-in + MFA every time they activate a privilege Entra role, why is it still a non-no to use synced users?