https://blue-sky-041ab6803.azurestaticapps.net/Azure, Mikrotik,powershell, scripts, openHAB, SmartHome. 2026-03-16T23:53:16+01:00 Gudszent Otto https://blue-sky-041ab6803.azurestaticapps.net/ Jekyll © 2026 Gudszent Otto /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-03-01T07:00:00+01:00 2026-03-01T07:00:00+01:00 https://blue-sky-041ab6803.azurestaticapps.net/posts/Limit-SPN-tenant/ gudszent

In Preview, Microsoft just presented a new feature to restrict SPN access to specific tenants. If you’ve ever managed a multi-tenant app, you know the struggle. Usually, “multi-tenant” is an all-or-nothing deal—either the whole world can try to sign in, or nobody can. To lock it down to just your partners, you usually had to write custom code to check the “Issuer” claim. Well, those days are (...

2026-02-20T07:00:00+01:00 2026-02-20T07:00:00+01:00 https://blue-sky-041ab6803.azurestaticapps.net/posts/GSA-Private-network/ gudszent

I beleive, one of the most important things the good userexperience. We should build the world best architected solutions, but if the user experience is bad, nobody will use it. When I build a solution, I always try to make it as simple as possible for the users and maximize the user experience. Just like with GSA, if I want to reach my private endpoints, I want to reach them on the shortest wa...

2026-01-26T07:00:00+01:00 2026-01-26T07:00:00+01:00 https://blue-sky-041ab6803.azurestaticapps.net/posts/Direct-open-tenant/ gudszent

Time to time I loose access to different tenants. We finish projects, we move on to other projects, and sometime I forget that tenant my default tenant. So when I open the Azure portal, I am in a loop of “You don’t have access to this tenant”, and that not allow me to switch to the tenant I want to work with. So I have to open the tenant directly, and then I can switch to the tenant I want to w...

2026-01-20T07:00:00+01:00 2026-03-16T21:46:26+01:00 https://blue-sky-041ab6803.azurestaticapps.net/posts/MFA-Reg-Trusted-Device/ gudszent

To restrict Multifactor Authentication (MFA) registration so it can only be completed from managed, trusted devices, create a Microsoft Entra Conditional Access policy that targets the “Register security information” user action and requires devices to be marked as compliant (Intune). This prevents users from enrolling authentication methods from unmanaged or non-compliant devices. Why this he...

2026-01-10T07:00:00+01:00 2026-03-16T21:46:26+01:00 https://blue-sky-041ab6803.azurestaticapps.net/posts/Azure-Device-registration-Dif/ gudszent

I always have to start with a quick recap when discussing Entra device join types with colleagues or customers, so I decided to write it down as a blog post for future reference. This article compares the three common Entra device states: Entra ID Joined, Entra ID Registered (workplace-registered), and Hybrid Entra Join. It explains when to use each, requirements, licensing considerations and ...