Introduction Hardening data plane access for a storage account is a common practice to enhance security. However, when using Azure resources with virtual network (VNET) integration or accessing storage endpoints from private IPs or other tenants, authorization errors can occur if the source is not properly whitelisted. This article explores common scenarios that lead to … Read more
Adding a virtual network from another tenant to an Azure Storage account firewall is a common scenario for testing connectivity, sharing files securely, or enabling collaboration between partners. This ensures data access is restricted to specific networks without exposing the storage account to all networks. In this guide, we’ll focus on achieving this goal using PowerShell and Azure … Read more
When managing application permissions in Microsoft environments, users may occasionally grant consent to an app when administrative consent was required instead. Thankfully, Microsoft provides an easy way to revoke user consent via the My Apps portal. This guide walks you through the steps to revoke user-consented permissions and ensure the app is properly reconfigured. Why Revoke User … Read more
Overview Many organizations have asked if it’s possible to determine whether a user has completed Multi-Factor Authentication (MFA) based on claims in a security token, such as a SAML response or OAuth token. In this article, I’ll explain how Entra ID (formerly Azure AD) includes this information in security tokens and how you can verify … Read more