All posts in category EntraID

Delegating LAPS password retrieval at device level

Poor man’s EPM – delegate access to the LAPS password on a device basis.
(this alternative title is inspired by Jan Bakker’s “Poor man’s IGA” blog series)

by Daniel Kovacs on February 22, 2026 • Permalink

Posted in EntraID, GraphAPI

Tagged EntraID, LAPS

Posted by Daniel Kovacs on February 22, 2026

https://f12.hu/2026/02/22/delegating-laps-password-retrieval-at-device-level/

Entra App instance property lock vs SAML signing certificate – an uncommon way of self-sabotage

Recently I tried to set up ClaimXRay NG with the guidance of DSInternals, learned things, failed here and there and stumbled upon a totally-not-helpful error message: “There was an error in the uploading the private certificate and password. Please try again or contact support.” To cut to the chase: This message appeared when I was […]

by Daniel Kovacs on January 29, 2026 • Permalink

Posted in AzureAD, EntraID, GraphAPI

Tagged AzureAD, EntraID

Posted by Daniel Kovacs on January 29, 2026

https://f12.hu/2026/01/29/entra-app-instance-property-lock-vs-saml-signing-certificate-an-uncommon-way-of-self-sabotage/

Multitenant organization “cheat” to add group(s) to the default sync scope

Back in the days when M365 MTO was in preview, it was possible to add group(s) to the default sync scope – today, the documentation states that if you want to sync groups, “you must configure cross-tenant synchronization directly in Microsoft Entra ID”. It doesn’t say “it is impossible to add groups to the default […]

by Daniel Kovacs on January 12, 2026 • Permalink

Posted in AzureAD, EntraID, M365, PowerShell

Tagged AzureAD, EntraID, M365, PowerShell

Posted by Daniel Kovacs on January 12, 2026

https://f12.hu/2026/01/12/multitenant-organization-cheat-to-add-groups-to-the-default-sync-scope/

Archives
Categories
- AlwaysOn VPN
- Android
- AOVPN
- App configuration policy
- AzureAD
- Bitlocker
- Conditional Access
- Defender
- Edge
- Entra Workload Identities
- EntraID
- Exchange
- Exchange Online
- GPO
- GraphAPI
- Intune
- KQL
- M365
- MDI
- PowerShell
- SCCM
- SharePoint Online
- Uncategorized
- Windows Hello for Business
Disclaimer

The information on this website is provided for informational purposes only and I make no warranties, either express or implied. Information in these documents, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user.

The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of my employer.
Social

LinkedIn

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Recent Posts

Recent Comments

Delegating LAPS password retrieval at device level

Entra App instance property lock vs SAML signing certificate – an uncommon way of self-sabotage

Multitenant organization “cheat” to add group(s) to the default sync scope

Archives

Categories

Disclaimer

Social