How to apply just-in-time access to Security & Compliance roles

I am often asked by clients how they can provide additional levels of controls to their Security and Compliance privileged roles to mitigate the risks of excessive, unnecessary, or misused access permissions to important resources.

Microsoft recommends the following best practice for managing privileged accounts:

  • Use least privileged access
  • Turn on multi-factor authentication for all your administrator accounts
  • Use Privileged Identity Management to grant just-in-time access with optional approvals
  • Configure recurring access reviews to revoke unneeded permissions over time

If you have Azure AD Premium 2 licensing you can use Azure AD Privilege Identity Management (PIM) to provide just-in-time access to privileged admin accounts. PIM only provides just-in-time access to Azure AD and Azure privileged roles. The issue with Security and Compliance roles is that they are managed in Security and Compliance admin Centers and not in Azure AD.

So how can we protect Security and Compliance roles with just-in-time access to mitigate the risks of excessive, unnecessary, or misused access permissions to important resources?

Read on to discover how to use Privileged Access Groups in PIM to indirectly provide just-in-time access to your Security & Compliance roles. In addition, this process will work with other non-Azure AD roles such as roles from Exchange or SharePoint.


Read More

How to track Microsoft Docs page updates in Microsoft To-do

How do you keep track of Microsoft Docs page updates?

Wouldn’t it be great if you could be notified when your favourite Microsoft Docs pages are updated rather than having to go to Microsoft Docs pages daily or relying on social media?

Read on and I will explain how you can create an RSS feed from Microsoft Search results to create a task in Microsoft To Do every time one of your favourite Microsoft Docs pages is updated.


Read More

How to use your Azure AD Premium 1 or 2 licencing to govern your Guest users

Have you enabled Guest users in your Microsoft 365 tenant? If your answer is yes then have you applied identity and access governance controls to your Guest users to help minimize security and compliance risks in your tenant?

Read on to find out how to use your existing Azure AD Premium 1 or Premium 2 licences to apply identity and access governance to your Guest users.


Read More

How to use Power Automate to manage Ownerless Teams (& Groups)

A Microsoft Team or Group without an owner is ungoverned and unmanaged. It is like a school classroom full of children without a teacher. You know it will end up in chaos.

So do you have an effective process for managing your ownerless Teams?

Microsoft recently added a process for managing ownerless Microsoft 365 groups and teams however this process just asks the members of the group of they wanted to become the owner.

Read on to find out how you can mitigate the issue by using Power Automate to automatically transfer ownership to another user.


Read More

Create a simple Teams creation workflow using Power Automate

Why do I need to build a Teams creation process using Power Automate? What’s wrong with the standard Team creation process?

When you create Microsoft Teams out of the box, there are only limited governance capabilities. For example:

  • Limited Teams naming convention
  • Duplicate Teams names
  • Only one owner required
  • No justification or approval process

This blog describes how to create Teams using Power Automate plus add governance steps to the workflow to include:

  • Apply a tailored Teams naming convention
  • Add an approval step
  • Stop duplicate Team names
  • Add multiple owners
  • Add sensitivity label to allow or block guests and external sharing
  • Capture additional metadata such as justification, Team type, or Team duration

Read on for my step-by-step guide on creating a Power Automate Flow for your Teams creation process.


Read More

How can I join my Microsoft Teams meeting from my mobile?

You don’t need to sit at your desk to join a Microsoft Teams meeting. The Teams mobile app allow you to join your Microsoft Teams meeting from wherever you are.

Whether this is going for a walk, just wanting to get away from your desk or needing to find a quiet place. Its so easy to join your Microsoft Teams meeting using the Teams mobile app on either your iOS or Android mobile device.

Here are my four top tips for joining a Microsoft Teams meetings from the Teams mobile app.


Read More

Use Power Automate to bulk export members from Microsoft Teams

How can I quickly export a list of all members in a specific Team? As a Microsoft Team’s owner you have probably come to the conclusion that managing your Team membership is not easy.

This blog is a two part blog. Read part one to see how you can use Power Automate to bulk add new members into a Microsoft Team.

Part two of the blog now explains how you can use Power Automate to automatically export a list of members from a Team into an Excel spreadsheet. With the added bonus of including several user attributes such as job title, mobile or office along side their name and email.


Read More

Use Power Automate to bulk add members into Microsoft Teams

How can I add many members into my Microsoft Teams quickly and easily? As a Microsoft Team’s owner then you have probably come to the conclusion that managing your Team membership is not easy.

This blog explains how you can use Power Automate to automatically bulk add members into any Microsoft Team that you own.

I will walk through four scenarios

  1. Automatically add members to a Team using email addresses.
  2. Automatically add members to a Team using their display names.
  3. Automatically add a list of managers to a Team as owners and their direct reports as members.
  4. Create a data entry field in the Power Automate flow to allow the owner to choose which Team to import the users into.

Read part two of the blog to see how you can use Power Automate to export members of a Team into an Excel spreadsheet.


Read More

Implementing Microsoft Teams governance to stop Teams sprawl

How to stop Microsoft Teams sprawl is one of the most common concerns from both end users and IT administrators. Questions such as:

  • We have too many Teams?
  • When do we create a new Team?
  • Why do we have duplicate Teams names?
  • When should we delete Teams?
  • Which Teams are inactive?
  • Why do we have ownerless Teams?

Do too many Teams really equate to Teams sprawl? No, not necessarily; active Teams are not sprawl. What you need to identify is your inactive teams that are just cluttering up the Teams menu and taking up storage space.

Inactive teams can be a result of limited or no training, limited user adoption, no user accountability and/ or no governance rules in place.

My blog addresses these questions and looks at both technical and business solutions for implementing Microsoft Teams governance to stop Teams sprawl.


Read More

Microsoft Teams governance is not a project, it’s a lifestyle

There is no doubt that Teams communications and collaboration is here to stay, with the home now the new branch office.

Now is the time to take a strategic look at Teams and implement the governance and controls required to answer the key question: ‘How can I optimize and secure my Teams environment while still empowering our end users to work effectively, with the fewest possible constraints?’.


Read More