In cloud environments, private endpoints are often used to connect to services securely and privately. While this is a powerful feature, like any tool, it can become a threat if you don’t fully und...

Continuing the previous post, where I showed how to check the local Administrators group on Windows clients with Intune, now I will show another way to do that with Microsoft Defender. This method ...

The client Administrators group is a local group on Windows clients that grants administrative rights to users. This group is essential for managing Windows clients, as it allows users to install s...

Sometimes, you need to merge an on-premises user with a cloud-only user. This situation often arises in small or medium-sized companies. They may have initially adopted cloud services, such as mail...

The permission democratization is a great things, but it can also be a security risk if not used properly. You can disable self-service purchase for Microsoft 365 Copilot to prevent users from purc...

Until we deal with IT security, we have to restrict the use of Recall in Windows 11 24H2. Microsoft designed Recall to act as a photographic memory for your PC, more here: Recall. Recall is a featu...

In this post, I will show you how to send mail with an Azure Automation Account with the Graph API. This is a very simple solution, but it is very useful when you have to send mail from a script wi...

A simple username and password are not enough in our world. Most services, when you register there, require some kind of MFA, so why not protect RDP as well? Of course, it is always a challenge to ...

In a large environment, it’s always a challenge to find the IP address of a specific resource or use IP ranges. Azure Resource Graph is a powerful tool for querying Azure resources. In this post, I...

When we use some Azure DevOps services, we need to have some agents to run our pipelines. These agents can be self-hosted or Microsoft-hosted. Both of them have pro/cont, Microsoft-hosted agents ar...