Azure AD Admin & PIM Account Email Forwarding
Do you have administrative accounts without a mailbox and still want to receive notifications in your primary mailbox? - Here is how it works!
Best practice is to create and use dedicated administrative accounts to manage Azure and Microsoft 365. These accounts should be authorized by an RBAC concept and PIM (Privileged Identity Management) and should not have a mailbox (Exchange Online) license to minimize the attack surface.
However, there is a requirement that the notification e.g. PIM or other alerts must be sent to the user.
To implement this, you can use the Exchange format "+" (plus addresses) to implement this requirement.
The following example shows the functionality and configuration of the feature.
Start situation / Example scenario
Our IT employee Alex Wilber "AlexW@M365x57.OnMicrosoft.com" has a user account in the company with a corresponding Microsoft 365 license and a mailbox.
Furthermore our IT employee Alex Wilber has another Azure AD Admin Account "adm.AlexW@m365x57487439.onmicrosoft.com".
This admin user "adm.AlexW@m365x57487439" has no licenses assigned as described, so no mailbox is provided. Also, in this example, the "Global Administrator" role was assigned to the user via PIM.
Configuration Notification forwarding - Plus addresses
To forward the notification from our admin account "adm.AlexW@m365x57487439.onmicrosoft.com" to our user primary mailbox "AlexW@M365x57487439.OnMicrosoft.com", we configure the admin account in Azure AD as below.
Open the user administration in Azure AD and edit the corresponding admin user. If you try to add the email address of your default user ("AlexW@M365x57.OnMicrosoft.com"), you will get an error message ("Update would cause the user to have a proxy address already present on another directory object.").
At this point the email format plus addresses is used. Extend your email address to which the mails will be forwarded with for example "+ADM".
Email Admin Account: "AlexW+ADM@M365x57487439.OnMicrosoft.com"
::blog-image{alt"Azure AD User Settings" src"posts/azuread-admin-notification-and-mail-forwarding/20220919200941.png"} ::
Exchange Online resolves the email address "AlexW+ADM@M365x57487439.OnMicrosoft.com" without the "+" and associated tag ("+ADM") so that the notification is sent to AlexW@M365x57487439.OnMicrosoft.com. If we then enable the PIM role Global Administrator of the admin account "adm.AlexW@m365x57487439.onmicrosoft.com", we will receive the notification in our user mailbox.
In the past, it was possible for email addresses to contain "+" characters. But Microsoft has enabled plus addressing by default in all Exchange Online organization at the beginning of 2022.
This configuration can be checked using PowerShell and customized as described below.
Set-OrganizationConfig -AllowPlusAddressInRecipients <$true | $false>
Azure Sentinel Introduction
Azure Sentinel is Microsoft's security information and event management (SIEM) and security orchestration, automation and response (SOAR) offering for modern SecOps. Now with the announced General Availability of Azure Sentinel, we will take a look and the current features, what changed from the preview and where there is still room for improvement.
Form Recognizer - Cognitive Service and integration in Office 365
In Azure, Microsoft already offers a variety of cognitive services such as Voice and Face Recognition for language, face, emotion, age and more recognitions. With the Cognitive Service Form Recognizer, Microsoft has extended it's portfolio and offers the possibility to accelerate existing business processes through automation.