Azure Entra Security Copilot: How It’s Changing Identity Protection
Overview Azure Entra Security Copilot is revolutionizing how organizations approach identity protection. By combining the power of generative AI with Microsoft’s deep security insights, it enables faster threat detection, smarter policy recommendations, and simplified incident response. Hands-On Experience After integrating Security Copilot into our Azure Entra environment, here’s what stood out: Natural Language Queries: You can ask things like “Show me risky sign-ins from last week” and get instant, actionable insights. Automated Investigations: It correlates signals across Entra ID, Defender, and Sentinel to surface threats. Policy Recommendations: Based on your environment, it suggests Conditional Access policies to reduce risk. Use Cases 1. Breach Detection Detects anomalies like impossible travel, unfamiliar sign-in patterns, and token theft. Automatically flags high-risk users and suggests remediation steps. 2. Policy Optimization Recommends Conditional Access policies tailored to your org’s risk profile. Helps reduce over-permissive access and enforce least privilege. 3. Incident Response Generates incident summaries and timelines. Suggests next steps and integrates with Microsoft Sentinel for deeper investigation. Comparison with Traditional SIEM Workflows Discussion Starter Have you tried Security Copilot in your environment yet? What use cases have you explored? How does it compare with your existing SIEM or XDR tools? Let’s share insights and build a stronger identity protection strategy together!
Custom permission to enable diagnostic setting in Entra ID
Custom permissions doesnt works when tried to enable diagnostic settings, in Microsoft Entra ID portal. Error: "does not have authorisation to perform action 'microsoft.aadiam/diagnosticSettings/write' over scope '/providers/microsoft.aadiam/diagnostic Settings/resourcename" Selective permissions that I applied to user account. My approach is to use custom role specific permissions. Appreciate your help to knows the right permission required. Regards, Rajkumar
User Authentication Method last used date
We have an issue with our users getting the latest iPhone and never notifying IT that they have turned in the old one. This means that the old device is still registered in our system as a valid MFA method for the user. I would like to run a script that would tell me per user, their MFA methods and the last time they used it, Or even better the last time that device checked in. The goal would be to delete any devices that have not been used or checked in for over a year as a starting point. Running Get-MgBetaUserAuthenticationMethod -Userld $UserID I Select • -ExpandProperty AdditionalProperties There is only Create date / Time not usage. Do I need to be looking anywhere else?
Get AzADGroupMembers from nested groups
Hi, I'm trying to get all members of a group (including nested groups members) to add to a teams private channel. We have a script to add members of a group to a private channel, but it will not add nested groups members. $members = Get-AzADGroupMember -ObjectId 'source_groupID_here' | select mail $tal = 0 foreach ($member in $members) { $User = $member.mail Add-TeamChannelUser -GroupId 'teams_groupID_here' -DisplayName 'Private_channel_name' -user $User $tal += 1 } $tal Is there a way to add those who are members of the nested groups without having to add each nested group individually?Retain the same email address value across two objects in Azure AD (Guest and Local)
Howdy Techies! This might sound stupid but thought to throw it here anyway to see if anyone managed to work around this in any possible alternative ways. I have a very specific need to retain the same email address across two Azure AD accounts. One is a guest and the other is a local account in the same tenancy. The purpose is to allow one of the SaaS app to use the local account while the other Guest Account will be used to access Teams channel. I have tried to create a separate accounts and some other workarounds but failed due to conflicts. Why not a single account for both purposes!, you may ask. Its a very specific scenario and could not afford to use a single account due to multiple business reasons. Really appreciate any thoughts/ideas !! Thank you! Manoj KAzure AD SSPR for Admins
Hi Folks, SSPR is enabled for Admins by default (via Administrator policy) and yet it doesn't seem to work as expected ? Anyone else experiencing this behavior or have your configured the service differently ? Current setup has the Admin policy enabled and SSPR is targeted for a specific group only (with licensed users without admins) Have we done anything differently from Microsoft's explanations ? Any insights would be great. Thank you!Setting up Password Hash with Seamless Sign On to access Azure hosted apps
Hello, We have an Environment, where ADFS 3.0 and SSO is setup for a domain. This is used to access Office 365 as well as Azure hosted apps & Legacy Apps. Password Hash/Sync is already in place. Requirement is to use Seamless Sign On to access Azure Based Apps. Is it possible? How? If someone can outline the steps, it would be highly appreciated. Note: All workstations are joined to Azure AD already. We want to keep ADFS alive to access legacy Apps. However, we are ready to change Domain Authentication type to Managed from Feder
