Azure AD vs Entra ID: what’s changed in 2025 for Small Businesses?

Microsoft Entra is now an umbrella identity platform that includes:

  • Entra ID (formerly Azure AD)

  • Entra Permissions Management

  • Entra Verified ID

  • Entra ID Governance (enterprise-level)

For most SMBs, Entra ID is the primary concern — the backbone of user authentication for Microsoft 365, Teams, Intune, and even third-party apps.

 Free vs Paid Plans: 2025 Breakdown

Feature Free Entra ID P1 Entra ID P2
Single Sign-On (SSO)
User/Group Management
Security Defaults (MFA on all users)
Conditional Access Policies
Self-Service Password Reset (SSPR) ✅ (for cloud-only)
Hybrid Join (on-prem AD)
Identity Protection (risk-based MFA)
Privileged Identity Management (PIM)
Access Reviews
Pricing (2025 est.) Free ~6 USD/user/month ~9 USD/user/month

The Free plan is still surprisingly useful for small teams using Microsoft 365:

  • Cloud-based user accounts

  • Basic MFA via Security Defaults

  • Integration with up to 10 third-party SSO apps

  • Admin portal with user logs

However, it lacks Conditional Access, so you can’t enforce more granular policies like:

“Block access unless user is in Romania and on a compliant device.”

Entra ID P1 is often the sweet spot for SMBs in 2025. It unlocks:

  • Conditional Access policies (location, device, risk)

  • Hybrid AD Join (sync on-prem Active Directory)

  • Self-service group management

  • Intune + Entra integration for device compliance

 Example use case: An SMB wants to allow Teams logins only from managed mobile devices — P1 is required.

This tier is usually overkill for SMBs, unless:

  • You manage multiple administrators and need PIM (just-in-time access)

  • You require Identity Protection to detect risky sign-ins and automate blocking

  • You need Access Reviews for compliance (ISO 27001, HIPAA)

It’s most useful for MSPs or SMBs working in finance, healthcare, or government sectors.

Licensing Notes (April 2025)

  • Microsoft 365 Business Premium now includes Entra ID P1

  • Microsoft is testing per-group conditional access licensing, expected late 2025

  • A new SMB-specific bundle (with Defender for Endpoint and Intune) is in preview.

[mai mult...]

Windows 11 24H1: what IT Admins need to know

24H1 is the first half-yearly feature update of 2025, building on the previous 23H2 release with enhancements focused on:

  • AI-powered workflows

  • Security hardening

  • User experience refinements

  • Integration with Microsoft 365 and Entra ID (formerly Azure AD)

This update is available to both Home and Pro editions, but enterprise environments using Windows 11 Enterprise and Education should expect additional features via their servicing channels.

1. New Group Policies

Microsoft has introduced and deprecated several GPO settings:

New:

  • EnableCopilotChat – Allows or blocks AI assistant Copilot per user/device

  • ForceWindowsUpdatesAIRecommendations – Enable AI-powered update suggestions

  • HideMicrosoftAccountRequirement – (for Pro) optional control over OOBE flow

 Deprecated:

  • DoNotShowWelcomeExperience is now replaced with a new onboarding flow

  • Older Edge GPOs for legacy InPrivate restrictions

 Tip: Use the latest Administrative Templates (ADMX) to reflect these changes in your GPMC.

2. Changes to Out-of-Box Experience (OOBE)

Microsoft continues its push toward cloud-based accounts and AI onboarding.
The default OOBE flow now requires an internet connection and pushes for Microsoft accounts — even on Windows 11 Pro.

Workaround: Use tools like Rufus to pre-modify the ISO or use unattend XML scripts with local account presets for enterprise imaging.

3. File Explorer & Taskbar Behavior

  • New File Explorer with tab grouping and context-aware previews

  • Taskbar now integrates Copilot by default, unless disabled via GPO

  • Recent bug reports indicate slow navigation on systems with mapped network drives — a known issue being patched in KB5037543

4. New Security Defaults

  • Smart App Control is now enabled by default on clean installs

  • Support for Pluton Security Processor (on new laptops)

  • Improved credential isolation via LSA Protection auto-enabled

Be prepared to adjust hardening policies in organizations using legacy apps or unsigned drivers.

Compatibility Notes

Many legacy tools and monitoring agents might not behave well with new AI APIs and Copilot overlays. Common issues have been reported with:

  • Older endpoint security tools

  • Custom automation scripts that rely on deprecated Shell hooks

  • RDP clients using TLS 1.0 (which is now blocked)

Recommendation: Run a pilot deployment on non-critical endpoints before full rollout.

Deployment & Update Best Practices

  • WSUS/SCCM: 24H1 is available as Feature Update via WSUS

  • Intune: Compatible with Intune version 2403+. Enables AI settings at deployment

  • Media Creation Tool: Use only for non-domain endpoints or manual testing.

[mai mult...]

How to Install Windows 11 without a Microsoft Account using Rufus

With the latest versions of Windows 11, Microsoft is pushing harder than ever to require a Microsoft account during installation—especially on Home and Pro editions. For users who prefer a local account, this can be frustrating.

Rufus is a free and lightweight utility for creating bootable USB drives. As of recent updates, Rufus allows you to modify Windows installation media to skip several annoying setup requirements, including:

  • The need to sign in with a Microsoft account

  • TPM 2.0 and Secure Boot checks

  • The 4GB RAM minimum

1. Download the Latest Version of Rufus

Go to the official Rufus website: https://rufus.ie
Download either the portable version or the installer

2. Download the Official Windows 11 ISO

You can get the official ISO directly from Microsoft:

Save the file locally.

3. Plug in a USB Drive

Insert a USB stick with at least 8GB of storage. Make sure to back up any data on it, as it will be erased.

4. Open Rufus and Select the ISO

  1. Launch Rufus

  2. Under Device, select your USB drive

  3. Click SELECT and choose the Windows 11 ISO file

  4. Rufus will analyze the ISO and detect that it’s a Windows image.

5. Customize the Installation (The Magic Step)

Once you select the ISO, Rufus will prompt you with a new window titled:

“Windows User Experience”

Here, you can check the following boxes:

Remove requirement for an online Microsoft account
Remove requirement for TPM 2.0
Remove requirement for Secure Boot
Remove requirement for 4GB+ RAM and 64GB+ disk

You can choose all or just the account-related ones, depending on your needs.

Click OK to continue.

6. Start the Installation Process

Once you’ve configured the options, click START in Rufus.
It will:

  • Format your USB drive

  • Copy the modified Windows files

  • Make the USB bootable.

[mai mult...]

How to encrypt your mobile traffic for better Security and Privacy

1. Use a VPN (Virtual Private Network)

A VPN encrypts all internet traffic between your device and the VPN server, making it difficult for hackers, ISPs, or governments to monitor your activities. Choose a reputable VPN provider with strong encryption protocols such as WireGuard, OpenVPN, or IKEv2/IPSec.

2.Websites using HTTPS encrypt your data in transit.

  • Use browser extensions like HTTPS Everywhere (available for Chrome and Firefox) to force HTTPS on all supported sites.

3. Use Encrypted Messaging Apps

Instead of SMS, use end-to-end encrypted apps like:

  • Signal (Best for privacy)
  • Telegram (Secret Chats)
  • WhatsApp (Owned by Meta but still provides strong encryption)

4. Enable DNS over HTTPS (DoH) or DNS over TLS (DoT)

DNS queries are usually unencrypted, allowing ISPs and attackers to monitor websites you visit. You can:

  • Use Cloudflare’s 1.1.1.1 app
  • Enable Google’s Private DNS (Android)
  • Use Apple’s Encrypted DNS (iOS)

5. Encrypt Your Wi-Fi Traffic

  • Always connect to secure, password-protected Wi-Fi.
  • Use a VPN when on public Wi-Fi.
  • Disable auto-connect to open Wi-Fi networks.

6. Use Tor for Anonymity

  • The Tor Browser routes your traffic through multiple encrypted layers.
  • Orbot (Android) allows routing all device traffic through Tor.
  • Note: Tor may slow down your connection.

7. Secure your Email with Encryption

  • Use encrypted email services like ProtonMail or Tutanota.
  • Enable PGP encryption for email communication.

8. Use an Encrypted Cloud Storage

  • Store sensitive data in services like Sync.com, Tresorit, or MEGA, which offer zero-knowledge encryption.

9. Encrypt Your Local Storage

  • Enable full-disk encryption on your device.
    • Android: Settings → Security → Encryption
    • iOS: Enabled by default when a passcode is set

10. Disable Unnecessary Tracking

  • Disable location tracking when not in use.
  • Use privacy-focused browsers like Brave or DuckDuckGo.
  • Block third-party trackers with apps like Blokada (Android).
[mai mult...]

How to encrypt your home Internet traffic for enhanced security

1. Use a VPN (Virtual Private Network)

One of the most effective ways to encrypt your home internet traffic is by using a VPN (Virtual Private Network). A VPN encrypts all the data sent between your device and the VPN server, protecting it from prying eyes.

  • How it works: When you connect to the internet via a VPN, all your internet traffic is first routed through the VPN server. The data is encrypted before it leaves your device, ensuring that any intermediary (like your Internet Service Provider or public Wi-Fi networks) cannot see or access your online activities. Once the traffic reaches the VPN server, it’s decrypted and sent to its destination.

  • Why use a VPN: VPNs provide encryption that protects your browsing, online communications, and any sensitive data you transmit. They are particularly useful when using public or unsecured networks, like Wi-Fi in cafes or airports. A VPN also masks your IP address, making it harder for websites or malicious actors to track your online activity.

  • Choosing the right VPN: It’s essential to select a reputable VPN provider that offers strong encryption protocols like AES-256 (Advanced Encryption Standard) and uses modern VPN protocols like OpenVPN or WireGuard. Avoid free VPN services, as they may compromise your privacy by logging your data or using weaker encryption.

2. Enable HTTPS Everywhere

While a VPN provides encryption at the network level, HTTPS encrypts data on the application layer. To ensure your traffic is encrypted while browsing, you should always use HTTPS websites whenever possible.

  • What is HTTPS?: HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP that encrypts the communication between your browser and the website’s server using SSL/TLS protocols. This ensures that the data exchanged between your device and the website is secure from hackers and third parties.

  • How to ensure HTTPS: Most modern browsers, such as Google Chrome and Mozilla Firefox, will automatically try to connect to websites using HTTPS if available. You can also use browser extensions like HTTPS Everywhere to force websites to use HTTPS even if you manually type “http://” in the address bar.

3. Use DNS over HTTPS (DoH) or DNS over TLS (DoT)

The DNS (Domain Name System) is responsible for translating website addresses (e.g., www.example.com) into IP addresses that your device can connect to. By default, DNS queries are sent in plaintext, meaning that anyone with access to your network can see which websites you’re visiting.

  • DNS over HTTPS (DoH) and DNS over TLS (DoT) are encryption protocols that protect your DNS queries by sending them through encrypted channels. This means that your DNS traffic is secured and hidden from anyone monitoring your network.

  • How to enable DoH/DoT: You can configure your router or device to use DNS servers that support DoH or DoT, such as those provided by Cloudflare (1.1.1.1) or Google DNS (8.8.8.8). Some operating systems and browsers, like Firefox and Android, offer built-in support for DNS over HTTPS.

4. Encrypt Your Wi-Fi Network

If you’re encrypting your internet traffic, it’s important to ensure your home Wi-Fi network is secure as well. A weak or open Wi-Fi network can be an entry point for attackers to intercept your traffic.

  • Set up strong Wi-Fi encryption: Make sure your Wi-Fi is encrypted using the latest security protocols, such as WPA3 (Wi-Fi Protected Access 3). If your router only supports WPA2, it’s still secure but less robust than WPA3. Avoid using outdated protocols like WEP, which is vulnerable to attacks.

  • Change default passwords: Many routers come with default usernames and passwords that are easy to guess. Change these immediately to something more secure, and consider enabling the router’s firewall for additional protection.

5. Use Two-Factor Authentication (2FA)

Although 2FA doesn’t directly encrypt your internet traffic, it adds an extra layer of security to your online accounts, ensuring that even if someone intercepts your traffic, they cannot easily access your accounts.

  • How it works: With 2FA enabled, logging into an online service requires not only your username and password but also a secondary piece of information (such as a code sent to your phone or an authentication app). This means that even if your login details are exposed, attackers will still need the second factor to access your account.

  • Enable 2FA: Enable 2FA on important accounts such as email, banking, and social media services. Most major online platforms, including Google, Facebook, and Apple, offer 2FA as a security feature.

6. Keep your Devices and Software Updated

Regularly updating your operating system, software, and firmware ensures that your devices are protected from known vulnerabilities. Many updates include patches for security flaws that could be exploited by attackers to bypass encryption or intercept your traffic.

  • How to stay updated: Set your devices to automatically update or check for updates regularly. This ensures that you’re always protected with the latest security patches.
[mai mult...]

How encrypted is the traffic in the WWW environment?

1. HTTP vs. HTTPS: The Basics of Web Traffic Encryption

  • HTTP (Hypertext Transfer Protocol): In the past, most websites relied on HTTP, which transmits data in plaintext, meaning that sensitive information can be intercepted and read by third parties. This is a serious vulnerability, especially on unsecured networks.

  • HTTPS (Hypertext Transfer Protocol Secure): Today, the majority of websites have moved to HTTPS, a secure version of HTTP. HTTPS uses SSL/TLS encryption to protect the data being transmitted between the user’s browser and the website’s server. This means that, with HTTPS, your data is encrypted, ensuring confidentiality and reducing the risk of interception.

2. SSL/TLS Encryption: How it Works

  • SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption is the backbone of HTTPS. When you visit a website with HTTPS, the connection is secured using a cryptographic protocol that encrypts data in transit. This makes it much harder for anyone, including hackers, to eavesdrop on your traffic.

  • The encryption process relies on public and private keys: the server sends its public key to the browser, which encrypts the data, and only the server can decrypt it with its private key. This ensures that the data remains secure during transmission.

3. The State of SSL/TLS Implementation

While SSL/TLS encryption is generally considered secure, its effectiveness depends on how it is implemented. Websites that use outdated versions of SSL or improperly configured certificates can still be vulnerable to attacks. For instance, some older SSL versions are known to have security flaws that can be exploited. It’s important for websites to implement the latest version of TLS (currently TLS 1.2 or 1.3) to ensure the highest level of security.

4. End-to-End Encryption (E2E): A Higher Level of Protection

  • End-to-End Encryption (E2E) ensures that only the sender and the recipient can access the data, meaning that even the service provider or the server handling the data cannot read it. This type of encryption is commonly used in messaging platforms like WhatsApp and Signal, where protecting the confidentiality of messages is critical.

  • However, in the context of web browsing, end-to-end encryption is not always implemented. HTTPS encrypts traffic between your browser and the server, but the server itself may still have access to your data. This makes E2E encryption particularly important for applications that handle sensitive personal information.

5. VPNs and Encryption on Public Networks

  • When using a VPN (Virtual Private Network), your data is encrypted between your device and the VPN server. This adds an extra layer of security, especially on public Wi-Fi networks, where eavesdropping is more likely.

  • Once the traffic passes through the VPN server and enters the internet, the level of encryption depends on the HTTPS protocol of the websites you visit. If you’re on a website that doesn’t use HTTPS, the data remains unencrypted, even if you’re using a VPN.

6. Risks and Limitations

  • Man-in-the-Middle Attacks: Despite the encryption provided by HTTPS, websites that are not properly secured or that use outdated certificates are still vulnerable to Man-in-the-Middle (MITM) attacks, where an attacker intercepts and alters communications between the user and the server.

  • Weak Encryption: Not all websites implement strong encryption. Some use outdated protocols or weak configurations, which can leave traffic susceptible to decryption by attackers.

[mai mult...]

How to change the Default Admin URL in Magento 2

Method 1: Change Admin URL via env.php

  1. Open the file:
    bash
    nano app/etc/env.php
  2. Find this section:
    php
    'backend' => [
    'frontName' => 'admin'
    ],
  3. Change 'admin' to your desired custom path, e.g., 'custom-admin':
    php
    'backend' => [
    'frontName' => 'custom-admin'
    ],
  4. Save and close the file (CTRL + X, then Y, then Enter).
  5. Flush Magento cache:
    php bin/magento cache:flush

Now, your admin panel will be accessible at:

arduino
https://yourdomain.com/custom-admin

Method 2: Change Admin URL via CLI

Run the following command:

bash
php bin/magento setup:config:set --backend-frontname="custom-admin"
php bin/magento cache:flush

This will update the admin URL to:

arduino
https://yourdomain.com/custom-admin

Method 3: Block Access to Default /admin in .htaccess or nginx

For Apache, edit .htaccess:

apache
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/admin [NC]
RewriteRule ^ - [L,R=404]

For Nginx, add this to your server block:

nginx
location /admin {
deny all;
return 404;
}

Restart the web server:

sudo systemctl restart apache2 # For Apache
sudo systemctl restart nginx # For Nginx
[mai mult...]

How to change the default Admin URL in Laravel

By default, Laravel applications use example.com/admin (or a similar route) for the admin dashboard. However, keeping this default URL can expose your site to attacks. Changing it can improve security by making it harder for attackers to find your admin panel.

1. Changing the Admin Route Prefix

Laravel routes are defined in routes/web.php. To change the default admin URL:

Before (Default Admin Route)

Route::get(‘/admin’, [AdminController::class, ‘index’])->name(‘admin.dashboard’);

This makes the admin panel accessible at example.com/admin.

After (Custom Admin Route)

Modify web.php to change /admin to something unique, like /dashboard-secret:

Route::prefix(‘dashboard-secret’)->group(function () {
Route::get(‘/’, [AdminController::class, ‘index’])->name(‘admin.dashboard’);
});

2. Protecting the Admin Route with Middleware

To prevent unauthorized access, apply authentication and role-based middleware:

Update web.php

Route::middleware(['auth', 'admin'])->prefix('dashboard-secret')->group(function () {
Route::get('/', [AdminController::class, 'index']);
});

Ensure Middleware is Set Up

  • auth ensures only logged-in users can access the route.
  • admin is a custom middleware that allows only admin users.

If you don’t have an admin middleware, create one:

php artisan make:middleware AdminMiddleware

Edit app/Http/Middleware/AdminMiddleware.php:

php
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;class AdminMiddleware
{
public function handle(Request $request, Closure $next)
{
if (Auth::check() && Auth::user()->is_admin) {
return $next($request);
}
return redirect(‘/’); // Redirect unauthorized users
}
}

Register the middleware in app/Http/Kernel.php:

php
protected $routeMiddleware = [
'admin' => \App\Http\Middleware\AdminMiddleware::class,
];
[mai mult...]

How to change the default WordPress Admin URL for better security

By default, WordPress allows access to the admin panel via example.com/wp-admin or example.com/wp-login.php. While this makes it easy for users, it also makes it an easy target for bots and hackers trying to brute-force their way into your site. Changing the default admin URL is a simple but effective way to improve security.

Why change the default WordPress Admin URL?

The default /wp-admin and /wp-login.php URLs are well-known entry points, making them a primary target for attacks. Here are a few reasons why changing the login URL is a smart move:

Prevents brute-force attacks – Bots constantly scan websites for /wp-admin and try to guess login credentials.
Reduces bot traffic – Hiding the login page can help reduce unwanted server load.
Adds an extra layer of security – Even if someone finds your admin credentials, they won’t be able to log in without knowing the custom URL.

Method 1: Changing the Admin URL with a Plugin (Recommended)

The easiest way to change the WordPress admin URL is by using a plugin.

Best Plugins for Changing the Admin URL

  1. WPS Hide Login (Most popular and lightweight)
  2. iThemes Security (Includes additional security features)
  3. WP Hide & Security Enhancer (More advanced customization)

Steps to Change Admin URL Using WPS Hide Login

  1. Install and activate the WPS Hide Login plugin
  2. Go to Settings → General in your WordPress dashboard
  3. Scroll down to the WPS Hide Login section
  4. Enter your custom login URL (e.g., example.com/my-secret-login)
  5. Click Save Changes.

Important: Once you change the login URL, the default /wp-admin and /wp-login.php will no longer work. Bookmark your new URL to avoid getting locked out.

Method 2: Manually Changing the Admin URL Without a Plugin

If you don’t want to use a plugin, you can manually configure your .htaccess file (for Apache servers) or functions.php.

1. Change the Login URL Using .htaccess

For Apache-based WordPress sites, you can redirect the login page using .htaccess.

Steps:

  1. Edit your .htaccess file (found in the root of your WordPress installation).
  2. Add the following code at the bottom:
    apache
    RewriteEngine On
    RewriteRule ^my-secret-login$ wp-login.php [L]
  3. Replace my-secret-login with your desired admin URL.
  4. Save the file and test by visiting example.com/my-secret-login.

2. Restrict Access to the Default Login URL

To block direct access to wp-login.php, add this to .htaccess:

apache
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from YOUR_IP_ADDRESS
</Files>

Replace YOUR_IP_ADDRESS with your actual IP

[mai mult...]

Care este “pretul” unui VPN free

Un VPN “gratuit” vine cu un preț ascuns, care nu se reflectă în bani, ci în posibile riscuri pentru confidențialitatea și securitatea ta. Iată câteva dintre costurile ascunse ale utilizării unui VPN gratuit:

  1. Datele tale pot fi vândute:
    Majoritatea furnizorilor de VPN gratuit monetizează serviciile prin colectarea și vânzarea datelor utilizatorilor către terți, inclusiv agenții de publicitate.
  2. Securitate redusă:
    VPN-urile gratuite folosesc adesea protocoale de criptare mai slabe sau chiar lipsesc cu totul, ceea ce lasă traficul tău vulnerabil la interceptări.
  3. Performanță slabă:
    Serverele VPN gratuite sunt adesea supraîncărcate, rezultând viteze de conexiune scăzute și experiență frustrantă.
  4. Limitări stricte:
    Traficul lunar este adesea limitat, iar accesul la servere este restricționat, ceea ce reduce semnificativ utilitatea unui VPN gratuit.
  5. Posibile riscuri de malware:
    Unele aplicații VPN gratuite includ programe malware sau adware care compromit securitatea dispozitivului.
  6. Suport tehnic minim sau inexistent:
    În cazul problemelor, este puțin probabil să primești asistență eficientă.

Recomandare: Investiția într-un VPN de calitate

Un serviciu VPN plătit de încredere este o soluție mai sigură și mai eficientă. Deși implică un cost lunar sau anual, acesta asigură:

  • Criptare avansată.
  • Politici stricte de neînregistrare a datelor (no-logs).
  • Viteze rapide și acces la servere din întreaga lume.
  • Suport pentru multiple dispozitive și servicii suplimentare, precum blocarea reclamelor.
[mai mult...]