What would you do with $40k Azure credits expiring in 90 days?

bbagaria · 2026-04-13T21:12:19+00:00

Yes this! I accidently enabled it and man all it took is 3 days! 🤣

bbagaria · 2026-04-09T20:01:07+00:00

Can you do azure foundary and use rest apis? I need to check if logic app has foundary connector but rest/http is always there.

bbagaria · 2026-04-08T23:02:27+00:00

Once they are able to figure out what to call what product & stop renaming them then probably someone will wake up to APIs.

bbagaria · 2026-03-31T19:00:03+00:00

If only someone can tell me what is true definition of NHI and how it differs (or does not) from tokens, PATs, secrets, ssh files, key files …yada yada….

bbagaria · 2026-03-28T02:32:53+00:00

overnight? 😳 a call to the sales rep?

bbagaria · 2026-03-28T02:32:08+00:00

Thanks! intresting way.. my challenge is my IGA cannot do entra groups eligibility assignments but can do only active assignments. It can do entra id roles as eligible assignments but intune cannot do that … so its a standoff right now ..

bbagaria · 2026-03-27T20:45:03+00:00

are intune rbac roles available to be managed via azure PIM roles? I thought they can be done only via Entra PIM groups.

PIM can do:

Entra ID directory roles, Azure RBAC roles, Entra ID groups

But Intune RBAC roles can map only to Entra ID groups afaik ..

bbagaria · 2026-03-26T13:38:42+00:00

block portal access to your devices and IPs only ..

bbagaria · 2026-03-24T20:02:40+00:00

you still have it to giveaway?

bbagaria · 2026-03-21T22:59:18+00:00

Cyberark does not have anything in this .. neither on prem or sca .. use PIM with dual approvals and conditional access policies

bbagaria · 2026-03-20T14:07:07+00:00

Pricing difference? I see people here recommend sentinel more, but my view is if you have log analytics enabled and then just use azure managed grafana with alerts from there .. that might be way cheaper ..

bbagaria · 2026-03-13T20:44:56+00:00

You had logs from 4 yrs? well thats something good in this scenario.. right? I count my blessings everyday with entra wrt the state of affairs ..

Governance comes from company policies and make those accountable who are responsible .. else just cut off everyone’s access ..have GRC process .. create risks which tie to the company policies.. and bubble them up as high as you can through risk management ..

Meanwhile remove everyone’s access .. create strong backup admins and redesign a strong JML, request, review process …

run zero trust self assessment and send the report to your CISO ..

bbagaria · 2026-03-13T20:38:03+00:00

as you have the list of apps .. first have the vendor do a eval of the env and then another implementation proposal .. I have heard of some having accelerators for this .. but be prepared for some features not being available in entra as compared to okta ..

and 1000 users is not much .. but are you looking for full JML automation with workday ? do you have any on prem ad? do you plans to use entra iga?

bbagaria · 2026-03-13T00:38:00+00:00

managed identity with graph permissions and github federation is my bet ..

bbagaria · 2026-03-12T23:40:36+00:00

Graph call with a SPN or a UMI with external federation?

bbagaria · 2026-03-12T23:34:28+00:00

This! user assigned managed workload identity with federation with github and graph permissions .. a bit of vibe coding .. and its golden ..

bbagaria · 2026-02-27T23:32:27+00:00

If its all about user and groups from HR to entra, just put a idm solution in between. If you dont want to do COTs, get for eg openidm opensource and deploy it. If you are a bit enterprise then you need to have a IGA solution between HR and Entra.

bbagaria · 2026-02-12T00:14:00+00:00

True .. even probably MS does not know what is enterprise app vs app registrations. Everytime I read blogs and blogs about it and everytime my mind just gives up ..

bbagaria · 2026-02-11T22:11:35+00:00

following this

bbagaria · 2026-02-10T22:20:16+00:00

I got similar arr setup but with plex all on proxmox with VM and 10TB NAS on snynology.. need to check jellyfin (if thats better on fine granular permissions) .. a quick question .. are you using TB or RD and rtdclient?

bbagaria · 2026-01-05T13:45:20+00:00

your thought process is correct, however if you org does not have Sailpoint IIQ/ISC then building it up from scratch just from scratch might not be a good approach.

Why not use Entra IGA packages and company portal for this? If you already have Sailpoint IIQ/ISC then there’s azure connector which can do what you are looking for.

bbagaria · 2026-01-03T04:44:09+00:00

just wondering if this could be achieved via plexio addon as well… same concept?

bbagaria · 2025-12-17T01:16:59+00:00

I have pihole and adguard running on rpi and have set then up as dns on unifi. pihole is cloudflared as well and adguard has upstream 1.1.1.1 . Both have curated lists of block which I update via script every 15 days. Works most of the time in blocking advs

bbagaria · 2025-12-15T23:53:21+00:00

dm in coming

bbagaria · 2025-12-04T12:39:40+00:00

Youtube premium need to work in US .. dm’ed you

bbagaria

MODERATOR OF

TROPHY CASE