Citrix DaaS with Entra ID b2b accounts.
Interested in learing how to let your external partner and users access your environment with their own credentials while still maintaining your wanted security. Want the users to be able to SSO from their own credentials into your environment? Then you will be interested in this post going through Entra ID b2b mixed with Citrix Cloud (DaaS)
Interested in learing how to let your external partner and users access your environment with their own credentials while still maintaining your wanted security. Want the users to be able to SSO from their own credentials into your environment? Then you will be interested in this post going through Entra ID b2b mixed with Citrix.
This post will show you how to set up your environment to support AzureAD joined devices authenticating with your on-prem resources. When devices are setup as pure azure ad joined, and not hybrid joined, devices we need to handle authentication to your on-prem resources in a better way. Your on-prem resources does not in itself understand the authentication from these devices. It will also add support for using Windows Hello for Business/biometrics, FIDO security keys
This post revolves around the e-mail concepts for SPF/DKIM and DMARC to increase your e-mail reputation as well as protecting your domain from being misused by others i.e impersonation. We will also go through the tool provided by Valimail to have this monitored, all integrated with your Azure AD for SSO.
LAPS – Local Admin Password Solution, has for a long time been one of those great tools to have in the toolbox when it comes to securing your devices from lateral movement from a potential attacker. And Microsoft LAPS have been around for quite some time already.
This tool was orginally available for deployment to server/desktop devices connected to a traditional domain (on-prem) setup.
This changed as of April 2023, and Microsoft have now introduced Microsoft LAPS (Preview) with support for configuration with Intune, and saving the passwords to Azure AD, giving us – once again – a native LAPS solution to handle the local admin account.
When it comes to managing anything within IT, it will always be a good thing to keep things organized, in one way or another. You should also make sure that the way you organize things, is made understandable for others as well (maybe you share the responsibility of management with a group, or may do so in the future).
Make it a habit to creating an organizational model that others can jump in or out of over time, that is logical and understandable by others than yourself. Document the logic/model that is defined, and make sure not to deviate from the actual definition as time goes by.
If you have kept up to date with the many announcements around 365 – spesifically Exchange Online, from Microsoft, you may remember that they announced that end of support for basic authentication were coming to various parts of Exchange Online in 365.
Subscribers of O/M365 should move to using modern authentication, as this is more secure and gives alot of other benefits.
The said date for this change was set to October 13 2020,
FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO allows users and organizations to leverage the standard to sign in to their resources without a username or password using an external security key or a platform key built into a device. Read the post to see how you can enable this for your Azure ad and windows 10 devices.
Here’s an example of a usecase where Citrix FAS comes into play.
If you are not familiar with Citrix FAS and the use of it you may find this useful to get some insight to the usecases.
[…]
This setup is great if you’re tired of ads when surfing the web, and don’t want to rely on browser plugins for ad blocking.
By using a – raspberry pi – in this example, you can get a network wide blocker to deal with this.
(Can also be set up on any computer if you have one laying around, but the guide here is for the Pi).
The result of this is less ads, less tracking, and also a faster web browsing experience since your pulling/sending less data to your screen.
Since it’s network wide, all devices, xbox, tablets and phones also reap the benefits with no work needed on the device itself. […]
