Azure AD Fundamentals

 What are Access Reviews in Azure AD 

June 5, 2023
Introduction  Azure Active Directory (Azure AD)’s access reviews are an essential part of identity governance. In order to prevent unauthorized access to sensitive data, organizations conduct access reviews to ensure that users and groups have the appropriate level of access to resources. This article will provide an overview of how Azure AD access reviews work, their role in identity…
Read more
Active Directory FundamentalsActive Directory PoliciesUncategorized

Role-based access control (RBAC) in Azure

December 19, 2025
Azure RBAC is the authorization system used to control who can do what across Azure resources. It is designed to keep access granular, auditable, and aligned to real operational responsibilities—without turning permissions into a messy pile of one-off exceptions. In practice, Azure RBAC works best when it is treated as an operating model, not a one-time configuration task: define roles clearly…
Read more
Active Directory Policies

Using groups for access to shared drives and resources

October 17, 2025
Shared drives and file shares look simple on the surface: “give Finance access to \\FS1\Finance.” In reality, they become one of the fastest-growing sources of permission sprawl, audit pain, and accidental overexposure—especially in environments with multiple file servers, legacy shares, and hybrid identity. The most reliable way to keep access stable over…
Read more
Active Directory Policies

Role-based access control (RBAC) using AD groups

October 17, 2025
Role-based access control (RBAC) using AD groups Role-based access control (RBAC) is the idea that people don’t get permissions because of who they are, but because of what they do. In Windows environments, Active Directory (AD) groups are the most common “glue” used to map job roles to permissions across file shares, apps, databases…
Read more
Azure Active DirectoryAzure AD Security

Role-based access control in Microsoft Entra

May 24, 2024
Role-based access control (RBAC) in Microsoft Entra is a robust unified identity and access management suite from Microsoft for simplifying access management and ensuring that users have access only to the resources necessary for their roles. Abiding by the principle of least privilege, this robust security practice helps safeguard your digital assets from unauthorized access and potential…
Read more
Azure Active DirectoryAzure AD Management

Managing guest access safely with Microsoft Entra

April 27, 2024
Businesses often require several partners, organizations, and customers to collaborate and exchange data. Microsoft Entra allows these external entities to access your IT environment seamlessly without compromising on security. Guest access can be managed through Microsoft Entra ID and Microsoft Entra ID Governance. Guest access management with Microsoft Entra ID  Here’s how you can manage…
Read more
Azure Active DirectoryAzure AD Management

Azure AD Application Proxy for remote access to on-premises apps

April 27, 2023
Introduction  Organizations are increasingly moving their workloads to the cloud, but they still need to access their on-premises applications. Azure AD Application Proxy allows external users to access these applications securely without a VPN connection. If you are interested in finding the difference between on-prem AD and Azure AD, check this article. The purpose of this article is to…
Read more
Active Directory Fundamentals

Tracking privilege escalation in Azure AD

December 19, 2025
Tracking Privilege Escalation in Azure AD (Microsoft Entra ID) Privilege escalation in Microsoft Entra ID (formerly Azure AD) rarely looks like a single “hacker flips a switch” moment. In real environments, it’s usually a chain of small, legitimate-looking changes—role assignments, consent grants, group membership edits, Conditional Access exceptions, or…
Read more
Active Directory Fundamentals

Zero Trust architecture with Entra at the core

December 19, 2025
Zero Trust Architecture with Microsoft Entra at the Core Zero Trust is not a product you “turn on.” It’s an operating model for security where every access request is treated as hostile until proven otherwise. The big shift is psychological and architectural: you stop trusting network location (VPN, office LAN, “inside”) and you start trusting verified identity +…
Read more