Pretty excited to share a new post on a lesser known Intune feature! :)

Microsoft Tunnel can do full device or per-app tunneling on iOS and Android, providing access to on-prem resources, restricted cloud resources, or ensuring access to SaaS apps come from a known, trusted set of IPs 🔥

https://blog.nathanmcnulty.com/intune-microsoft-tunnel-vpn-gateway/

#NathansBlog

Just published my follow up post for setting up Azure AD SSO to AWS for Single-Account access, also using PIM for Groups :)

This one is really cool because of this regex used to create the SAML claim:
AWS-(?'accountid'[\d]{12})-(?'role'[\w])

Even if you don't use AWS, this technique can be applied to other apps that use Roles in SAML claims, like Splunk

https://blog.nathanmcnulty.com/aws-pim-single-account-access/

#NathansBlog

Just published a new blog post on setting up AWS SSO with Azure AD leveraging Privileged Access Groups to provide just-in-time access and approval workflows

This concept can be used for any Azure app, so it's still an interesting read even without AWS :)

https://blog.nathanmcnulty.com/aws-pim-iam-identity-center/

#NathansBlog

If you manage Windows Servers, I'm starting a new series on Azure Arc that you might be interested in :)

Arc is a growing platform that provides a lot of newer capabilities, like update management that replaces WSUS or SSH to on-prem Linux servers using Azure AD identities!

In this first post, I'm providing a detailed walkthrough of the onboarding process using Group Policy because I think it's one of the most common but least clear methods if you try to use the documentation :)

As always, I love feedback, so let me know if you see anything that can be improved!

https://blog.nathanmcnulty.com/azure-arc-onboarding-servers-with-group-policy/

#NathansBlog

"In the end, it cost just under $1,700 for a server that has 2x 14-core 2.4 GHz CPUs, 384 GB RAM, 8x 1.2 TB 10K RPM drives, and 3x 1TB NVMe 3500MB/S SSDs. I have been running 3 labs totaling 62 VMs, with Server 2022 + Hyper-V as the host, mostly due to integration with Azure for work related scenarios :)"

I just published a post on building my home lab in hopes that it helps others out there!

https://blog.nathanmcnulty.com/lab-server-build/

I have a couple of friends who are just getting started, and as I was gathering the information, I thought it might be helpful to put it into a blog format and share it.

Let me know if you have any questions :)

#NathansBlog

Hey all, I just published an article on using Azure AD's Access Packages to enable end user device enrollment in Microsoft Intune

https://blog.nathanmcnulty.com/intune-using-access-packages-to-enable-user-device-enrollment/

If you have Azure AD P2 licensing and haven't seen Access Packages, welcome to your new obsession :)

There are a ton of other use cases for these, and I'm hoping to have some future posts to showcase great ways to use them from a security standpoint!

#Intune
#AccessPackages
#NathansBlog