-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path404.html
More file actions
686 lines (624 loc) · 114 KB
/
404.html
File metadata and controls
686 lines (624 loc) · 114 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
<!DOCTYPE html><html lang="en" data-critters-container><head>
<meta charset="utf-8">
<title>Jasper Baes</title>
<meta name="description" content="I'm Jasper Baes, a Microsoft Cloud Security Consultant at Toreon">
<meta name="keywords" content="Jasper Baes, security, cybersecurity, Conditional Access Blueprint, Microsoft, compliance, M365, Defender, Blueprint, Toreon, The Collective, Conditional Access, Security Office Portal, Group analyzer, UX, UI, design, portfolio">
<meta name="author" content="Jasper Baes">
<meta name="robots" content="index, follow">
<meta property="og:title" content="Jasper Baes">
<meta property="og:description" content="I'm Jasper Baes✌🏼a Microsoft Cloud Security Consultant">
<base href="/">
<!-- Google Tag Manager -->
<!-- <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-NPNKJ5W');</script> -->
<!-- End Google Tag Manager -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/x-icon" href="/assets/favicon.ico">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<style>@font-face{font-family:'Poppins';font-style:italic;font-weight:100;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiAyp8kv8JHgFVrJJLmE0tDMPKzSQ.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:100;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiAyp8kv8JHgFVrJJLmE0tMMPKzSQ.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:100;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiAyp8kv8JHgFVrJJLmE0tCMPI.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:200;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmv1pVFteOcEg.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:200;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmv1pVGdeOcEg.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:200;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmv1pVF9eO.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:300;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm21lVFteOcEg.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:300;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm21lVGdeOcEg.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:300;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiGyp8kv8JHgFVrJJLucXtAKPY.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiGyp8kv8JHgFVrJJLufntAKPY.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiGyp8kv8JHgFVrJJLucHtA.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmg1hVFteOcEg.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmg1hVGdeOcEg.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmg1hVF9eO.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmr19VFteOcEg.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmr19VGdeOcEg.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmy15VFteOcEg.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmy15VGdeOcEg.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLmy15VF9eO.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:800;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm111VFteOcEg.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:800;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm111VGdeOcEg.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:800;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm111VF9eO.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:italic;font-weight:900;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm81xVFteOcEg.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:italic;font-weight:900;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm81xVGdeOcEg.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:italic;font-weight:900;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiDyp8kv8JHgFVrJJLm81xVF9eO.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:100;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiGyp8kv8JHgFVrLPTucXtAKPY.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:100;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiGyp8kv8JHgFVrLPTufntAKPY.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:100;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiGyp8kv8JHgFVrLPTucHtA.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:200;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLFj_Z11lFc-K.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:200;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLFj_Z1JlFc-K.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:200;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:300;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDz8Z11lFc-K.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:300;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:300;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJbecmNE.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJnecmNE.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z11lFc-K.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLEj6Z11lFc-K.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z11lFc-K.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:800;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDD4Z11lFc-K.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:800;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDD4Z1JlFc-K.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:800;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}@font-face{font-family:'Poppins';font-style:normal;font-weight:900;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLBT5Z11lFc-K.woff2) format('woff2');unicode-range:U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+20F0, U+25CC, U+A830-A839, U+A8E0-A8FF, U+11B00-11B09;}@font-face{font-family:'Poppins';font-style:normal;font-weight:900;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLBT5Z1JlFc-K.woff2) format('woff2');unicode-range:U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}@font-face{font-family:'Poppins';font-style:normal;font-weight:900;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2) format('woff2');unicode-range:U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;}</style>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-icons/1.8.1/font/bootstrap-icons.min.css">
<script>
// Check local storage for dark mode preference and apply it immediately
document.addEventListener('DOMContentLoaded', () => {
const darkMode = localStorage.getItem('isDarkMode');
if (darkMode && JSON.parse(darkMode)) {
document.body.classList.add('dark-mode');
} else {
document.body.classList.add('light-mode');
}
});
</script>
<style>@charset "UTF-8";body.light-mode{background:linear-gradient(to bottom,#f4f3f3 0% 10%,#fff 25% 100%)!important;font-family:Segoe UI;box-sizing:border-box;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}p,div,.btn{font-family:Poppins,sans-serif;font-weight:300;font-style:normal}.poppins-regular{font-family:Poppins,sans-serif;font-weight:400;font-style:normal}.poppins-medium{font-family:Poppins,sans-serif;font-weight:500;font-style:normal}strong,.poppins-bold{font-family:Poppins,sans-serif;font-weight:700;font-style:normal}.text-lightorange{color:#ffdbb9!important}.bg-grey{background-color:#ebebeb!important}.bg-lightgrey{background-color:#f7f7f7!important}.hover-bg-darker:hover{background:linear-gradient(to bottom right,#fffdf8,#f0f0f0)!important}.hover-lighter:hover{color:#646464!important}.pointer{cursor:pointer!important}main{width:100%;min-height:100%;display:flex;justify-content:center;align-items:center;padding:1rem}.content{width:100%;max-width:1000px;margin-bottom:3rem}:root,[data-bs-theme=light]{--bs-blue: #0d6efd;--bs-indigo: #6610f2;--bs-purple: #6f42c1;--bs-pink: #d63384;--bs-red: #dc3545;--bs-orange: #fd7e14;--bs-yellow: #ffc107;--bs-green: #198754;--bs-teal: #20c997;--bs-cyan: #0dcaf0;--bs-black: #000;--bs-white: #fff;--bs-gray: #6c757d;--bs-gray-dark: #343a40;--bs-gray-100: #f8f9fa;--bs-gray-200: #e9ecef;--bs-gray-300: #dee2e6;--bs-gray-400: #ced4da;--bs-gray-500: #adb5bd;--bs-gray-600: #6c757d;--bs-gray-700: #495057;--bs-gray-800: #343a40;--bs-gray-900: #212529;--bs-primary: #e3935a;--bs-secondary: #27374d;--bs-success: #198754;--bs-info: #3980e2;--bs-warning: #ffc107;--bs-danger: #dc3545;--bs-light: #f8f9fa;--bs-dark: #212529;--bs-primary-rgb: 227, 147, 90;--bs-secondary-rgb: 39, 55, 77;--bs-success-rgb: 25, 135, 84;--bs-info-rgb: 57, 128, 226;--bs-warning-rgb: 255, 193, 7;--bs-danger-rgb: 220, 53, 69;--bs-light-rgb: 248, 249, 250;--bs-dark-rgb: 33, 37, 41;--bs-primary-text-emphasis: #052c65;--bs-secondary-text-emphasis: #2b2f32;--bs-success-text-emphasis: #0a3622;--bs-info-text-emphasis: #055160;--bs-warning-text-emphasis: #664d03;--bs-danger-text-emphasis: #58151c;--bs-light-text-emphasis: #495057;--bs-dark-text-emphasis: #495057;--bs-primary-bg-subtle: #cfe2ff;--bs-secondary-bg-subtle: #e2e3e5;--bs-success-bg-subtle: #d1e7dd;--bs-info-bg-subtle: #cff4fc;--bs-warning-bg-subtle: #fff3cd;--bs-danger-bg-subtle: #f8d7da;--bs-light-bg-subtle: #fcfcfd;--bs-dark-bg-subtle: #ced4da;--bs-primary-border-subtle: #9ec5fe;--bs-secondary-border-subtle: #c4c8cb;--bs-success-border-subtle: #a3cfbb;--bs-info-border-subtle: #9eeaf9;--bs-warning-border-subtle: #ffe69c;--bs-danger-border-subtle: #f1aeb5;--bs-light-border-subtle: #e9ecef;--bs-dark-border-subtle: #adb5bd;--bs-white-rgb: 255, 255, 255;--bs-black-rgb: 0, 0, 0;--bs-font-sans-serif: system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--bs-font-monospace: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;--bs-gradient: linear-gradient(180deg, rgba(255, 255, 255, .15), rgba(255, 255, 255, 0));--bs-body-font-family: var(--bs-font-sans-serif);--bs-body-font-size: 1rem;--bs-body-font-weight: 400;--bs-body-line-height: 1.5;--bs-body-color: #212529;--bs-body-color-rgb: 33, 37, 41;--bs-body-bg: #fff;--bs-body-bg-rgb: 255, 255, 255;--bs-emphasis-color: #000;--bs-emphasis-color-rgb: 0, 0, 0;--bs-secondary-color: rgba(33, 37, 41, .75);--bs-secondary-color-rgb: 33, 37, 41;--bs-secondary-bg: #e9ecef;--bs-secondary-bg-rgb: 233, 236, 239;--bs-tertiary-color: rgba(33, 37, 41, .5);--bs-tertiary-color-rgb: 33, 37, 41;--bs-tertiary-bg: #f8f9fa;--bs-tertiary-bg-rgb: 248, 249, 250;--bs-heading-color: inherit;--bs-link-color: #0d6efd;--bs-link-color-rgb: 13, 110, 253;--bs-link-decoration: underline;--bs-link-hover-color: #0a58ca;--bs-link-hover-color-rgb: 10, 88, 202;--bs-code-color: #d63384;--bs-highlight-color: #212529;--bs-highlight-bg: #fff3cd;--bs-border-width: 1px;--bs-border-style: solid;--bs-border-color: #dee2e6;--bs-border-color-translucent: rgba(0, 0, 0, .175);--bs-border-radius: .375rem;--bs-border-radius-sm: .25rem;--bs-border-radius-lg: .5rem;--bs-border-radius-xl: 1rem;--bs-border-radius-xxl: 2rem;--bs-border-radius-2xl: var(--bs-border-radius-xxl);--bs-border-radius-pill: 50rem;--bs-box-shadow: 0 .5rem 1rem rgba(0, 0, 0, .15);--bs-box-shadow-sm: 0 .125rem .25rem rgba(0, 0, 0, .075);--bs-box-shadow-lg: 0 1rem 3rem rgba(0, 0, 0, .175);--bs-box-shadow-inset: inset 0 1px 2px rgba(0, 0, 0, .075);--bs-focus-ring-width: .25rem;--bs-focus-ring-opacity: .25;--bs-focus-ring-color: rgba(13, 110, 253, .25);--bs-form-valid-color: #198754;--bs-form-valid-border-color: #198754;--bs-form-invalid-color: #dc3545;--bs-form-invalid-border-color: #dc3545}*,*:before,*:after{box-sizing:border-box}@media (prefers-reduced-motion: no-preference){:root{scroll-behavior:smooth}}body{margin:0;font-family:var(--bs-body-font-family);font-size:var(--bs-body-font-size);font-weight:var(--bs-body-font-weight);line-height:var(--bs-body-line-height);color:var(--bs-body-color);text-align:var(--bs-body-text-align);background-color:var(--bs-body-bg);-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:rgba(0,0,0,0)}h3,h1{margin-top:0;margin-bottom:.5rem;font-weight:500;line-height:1.2;color:var(--bs-heading-color)}h1{font-size:calc(1.375rem + 1.5vw)}@media (min-width: 1200px){h1{font-size:2.5rem}}h3{font-size:calc(1.3rem + .6vw)}@media (min-width: 1200px){h3{font-size:1.75rem}}p{margin-top:0;margin-bottom:1rem}strong{font-weight:bolder}small,.small{font-size:.875em}a{color:rgba(var(--bs-link-color-rgb),var(--bs-link-opacity, 1));text-decoration:underline}a:hover{--bs-link-color-rgb: var(--bs-link-hover-color-rgb)}img{vertical-align:middle}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button{text-transform:none}button,[type=button]{-webkit-appearance:button}button:not(:disabled),[type=button]:not(:disabled){cursor:pointer}.img-fluid{max-width:100%;height:auto}.img-thumbnail{padding:.25rem;background-color:var(--bs-body-bg);border:var(--bs-border-width) solid var(--bs-border-color);border-radius:var(--bs-border-radius);max-width:100%;height:auto}:root{--bs-breakpoint-xs: 0;--bs-breakpoint-sm: 576px;--bs-breakpoint-md: 768px;--bs-breakpoint-lg: 992px;--bs-breakpoint-xl: 1200px;--bs-breakpoint-xxl: 1400px}.row{--bs-gutter-x: 1.5rem;--bs-gutter-y: 0;display:flex;flex-wrap:wrap;margin-top:calc(-1 * var(--bs-gutter-y));margin-right:calc(-.5 * var(--bs-gutter-x));margin-left:calc(-.5 * var(--bs-gutter-x))}.row>*{flex-shrink:0;width:100%;max-width:100%;padding-right:calc(var(--bs-gutter-x) * .5);padding-left:calc(var(--bs-gutter-x) * .5);margin-top:var(--bs-gutter-y)}.col{flex:1 0 0%}.col-2{flex:0 0 auto;width:16.66666667%}.col-4{flex:0 0 auto;width:33.33333333%}.col-10{flex:0 0 auto;width:83.33333333%}.col-12{flex:0 0 auto;width:100%}.gy-3{--bs-gutter-y: 1rem}@media (min-width: 576px){.col-sm-4{flex:0 0 auto;width:33.33333333%}.col-sm-8{flex:0 0 auto;width:66.66666667%}.col-sm-12{flex:0 0 auto;width:100%}}@media (min-width: 768px){.col-md-4{flex:0 0 auto;width:33.33333333%}.col-md-5{flex:0 0 auto;width:41.66666667%}.col-md-6{flex:0 0 auto;width:50%}.col-md-7{flex:0 0 auto;width:58.33333333%}.col-md-8{flex:0 0 auto;width:66.66666667%}.col-md-12{flex:0 0 auto;width:100%}}.btn{--bs-btn-padding-x: .75rem;--bs-btn-padding-y: .375rem;--bs-btn-font-family: ;--bs-btn-font-size: 1rem;--bs-btn-font-weight: 400;--bs-btn-line-height: 1.5;--bs-btn-color: var(--bs-body-color);--bs-btn-bg: transparent;--bs-btn-border-width: var(--bs-border-width);--bs-btn-border-color: transparent;--bs-btn-border-radius: var(--bs-border-radius);--bs-btn-hover-border-color: transparent;--bs-btn-box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 1px rgba(0, 0, 0, .075);--bs-btn-disabled-opacity: .65;--bs-btn-focus-box-shadow: 0 0 0 .25rem rgba(var(--bs-btn-focus-shadow-rgb), .5);display:inline-block;padding:var(--bs-btn-padding-y) var(--bs-btn-padding-x);font-family:var(--bs-btn-font-family);font-size:var(--bs-btn-font-size);font-weight:var(--bs-btn-font-weight);line-height:var(--bs-btn-line-height);color:var(--bs-btn-color);text-align:center;text-decoration:none;vertical-align:middle;cursor:pointer;-webkit-user-select:none;user-select:none;border:var(--bs-btn-border-width) solid var(--bs-btn-border-color);border-radius:var(--bs-btn-border-radius);background-color:var(--bs-btn-bg);transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion: reduce){.btn{transition:none}}.btn:hover{color:var(--bs-btn-hover-color);background-color:var(--bs-btn-hover-bg);border-color:var(--bs-btn-hover-border-color)}.btn:focus-visible{color:var(--bs-btn-hover-color);background-color:var(--bs-btn-hover-bg);border-color:var(--bs-btn-hover-border-color);outline:0;box-shadow:var(--bs-btn-focus-box-shadow)}:not(.btn-check)+.btn:active,.btn:first-child:active{color:var(--bs-btn-active-color);background-color:var(--bs-btn-active-bg);border-color:var(--bs-btn-active-border-color)}:not(.btn-check)+.btn:active:focus-visible,.btn:first-child:active:focus-visible{box-shadow:var(--bs-btn-focus-box-shadow)}.btn:disabled{color:var(--bs-btn-disabled-color);pointer-events:none;background-color:var(--bs-btn-disabled-bg);border-color:var(--bs-btn-disabled-border-color);opacity:var(--bs-btn-disabled-opacity)}.btn-primary{--bs-btn-color: #000;--bs-btn-bg: #e3935a;--bs-btn-border-color: #e3935a;--bs-btn-hover-color: #000;--bs-btn-hover-bg: #e7a373;--bs-btn-hover-border-color: #e69e6b;--bs-btn-focus-shadow-rgb: 193, 125, 77;--bs-btn-active-color: #000;--bs-btn-active-bg: #e9a97b;--bs-btn-active-border-color: #e69e6b;--bs-btn-active-shadow: inset 0 3px 5px rgba(0, 0, 0, .125);--bs-btn-disabled-color: #000;--bs-btn-disabled-bg: #e3935a;--bs-btn-disabled-border-color: #e3935a}.btn-outline-primary{--bs-btn-color: #e3935a;--bs-btn-border-color: #e3935a;--bs-btn-hover-color: #000;--bs-btn-hover-bg: #e3935a;--bs-btn-hover-border-color: #e3935a;--bs-btn-focus-shadow-rgb: 227, 147, 90;--bs-btn-active-color: #000;--bs-btn-active-bg: #e3935a;--bs-btn-active-border-color: #e3935a;--bs-btn-active-shadow: inset 0 3px 5px rgba(0, 0, 0, .125);--bs-btn-disabled-color: #e3935a;--bs-btn-disabled-bg: transparent;--bs-btn-disabled-border-color: #e3935a;--bs-gradient: none}.fade{transition:opacity .15s linear}@media (prefers-reduced-motion: reduce){.fade{transition:none}}.fade:not(.show){opacity:0}.badge{--bs-badge-padding-x: .65em;--bs-badge-padding-y: .35em;--bs-badge-font-size: .75em;--bs-badge-font-weight: 700;--bs-badge-color: #fff;--bs-badge-border-radius: var(--bs-border-radius);display:inline-block;padding:var(--bs-badge-padding-y) var(--bs-badge-padding-x);font-size:var(--bs-badge-font-size);font-weight:var(--bs-badge-font-weight);line-height:1;color:var(--bs-badge-color);text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:var(--bs-badge-border-radius)}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-close{--bs-btn-close-color: #000;--bs-btn-close-bg: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23000'%3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e");--bs-btn-close-opacity: .5;--bs-btn-close-hover-opacity: .75;--bs-btn-close-focus-shadow: 0 0 0 .25rem rgba(13, 110, 253, .25);--bs-btn-close-focus-opacity: 1;--bs-btn-close-disabled-opacity: .25;--bs-btn-close-white-filter: invert(1) grayscale(100%) brightness(200%);box-sizing:content-box;width:1em;height:1em;padding:.25em;color:var(--bs-btn-close-color);background:transparent var(--bs-btn-close-bg) center/1em auto no-repeat;border:0;border-radius:.375rem;opacity:var(--bs-btn-close-opacity)}.btn-close:hover{color:var(--bs-btn-close-color);text-decoration:none;opacity:var(--bs-btn-close-hover-opacity)}.btn-close:focus{outline:0;box-shadow:var(--bs-btn-close-focus-shadow);opacity:var(--bs-btn-close-focus-opacity)}.btn-close:disabled{pointer-events:none;-webkit-user-select:none;user-select:none;opacity:var(--bs-btn-close-disabled-opacity)}.modal{--bs-modal-zindex: 1055;--bs-modal-width: 500px;--bs-modal-padding: 1rem;--bs-modal-margin: .5rem;--bs-modal-color: ;--bs-modal-bg: var(--bs-body-bg);--bs-modal-border-color: var(--bs-border-color-translucent);--bs-modal-border-width: var(--bs-border-width);--bs-modal-border-radius: var(--bs-border-radius-lg);--bs-modal-box-shadow: var(--bs-box-shadow-sm);--bs-modal-inner-border-radius: calc(var(--bs-border-radius-lg) - (var(--bs-border-width)));--bs-modal-header-padding-x: 1rem;--bs-modal-header-padding-y: 1rem;--bs-modal-header-padding: 1rem 1rem;--bs-modal-header-border-color: var(--bs-border-color);--bs-modal-header-border-width: var(--bs-border-width);--bs-modal-title-line-height: 1.5;--bs-modal-footer-gap: .5rem;--bs-modal-footer-bg: ;--bs-modal-footer-border-color: var(--bs-border-color);--bs-modal-footer-border-width: var(--bs-border-width);position:fixed;top:0;left:0;z-index:var(--bs-modal-zindex);display:none;width:100%;height:100%;overflow-x:hidden;overflow-y:auto;outline:0}.modal-dialog{position:relative;width:auto;margin:var(--bs-modal-margin);pointer-events:none}.modal.fade .modal-dialog{transition:transform .3s ease-out;transform:translateY(-50px)}@media (prefers-reduced-motion: reduce){.modal.fade .modal-dialog{transition:none}}.modal-dialog-scrollable{height:calc(100% - var(--bs-modal-margin) * 2)}.modal-dialog-scrollable .modal-content{max-height:100%;overflow:hidden}.modal-dialog-scrollable .modal-body{overflow-y:auto}.modal-dialog-centered{display:flex;align-items:center;min-height:calc(100% - var(--bs-modal-margin) * 2)}.modal-content{position:relative;display:flex;flex-direction:column;width:100%;color:var(--bs-modal-color);pointer-events:auto;background-color:var(--bs-modal-bg);background-clip:padding-box;border:var(--bs-modal-border-width) solid var(--bs-modal-border-color);border-radius:var(--bs-modal-border-radius);outline:0}.modal-header{display:flex;flex-shrink:0;align-items:center;padding:var(--bs-modal-header-padding);border-bottom:var(--bs-modal-header-border-width) solid var(--bs-modal-header-border-color);border-top-left-radius:var(--bs-modal-inner-border-radius);border-top-right-radius:var(--bs-modal-inner-border-radius)}.modal-header .btn-close{padding:calc(var(--bs-modal-header-padding-y) * .5) calc(var(--bs-modal-header-padding-x) * .5);margin:calc(-.5 * var(--bs-modal-header-padding-y)) calc(-.5 * var(--bs-modal-header-padding-x)) calc(-.5 * var(--bs-modal-header-padding-y)) auto}.modal-title{margin-bottom:0;line-height:var(--bs-modal-title-line-height)}.modal-body{position:relative;flex:1 1 auto;padding:var(--bs-modal-padding)}@media (min-width: 576px){.modal{--bs-modal-margin: 1.75rem;--bs-modal-box-shadow: var(--bs-box-shadow)}.modal-dialog{max-width:var(--bs-modal-width);margin-right:auto;margin-left:auto}}.text-bg-dark{color:#fff!important;background-color:RGBA(var(--bs-dark-rgb),var(--bs-bg-opacity, 1))!important}.d-block{display:block!important}.d-flex{display:flex!important}.d-none{display:none!important}.position-relative{position:relative!important}.position-absolute{position:absolute!important}.top-0{top:0!important}.start-100{left:100%!important}.end-0{right:0!important}.translate-middle{transform:translate(-50%,-50%)!important}.border{border:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-white{--bs-border-opacity: 1;border-color:rgba(var(--bs-white-rgb),var(--bs-border-opacity))!important}.w-50{width:50%!important}.w-100{width:100%!important}.flex-column{flex-direction:column!important}.justify-content-end{justify-content:flex-end!important}.justify-content-center{justify-content:center!important}.align-items-center{align-items:center!important}.align-items-stretch{align-items:stretch!important}.align-self-end{align-self:flex-end!important}.m-0{margin:0!important}.m-3{margin:1rem!important}.mx-auto{margin-right:auto!important;margin-left:auto!important}.my-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-0{margin-top:0!important}.mt-1{margin-top:.25rem!important}.mt-2{margin-top:.5rem!important}.mt-3{margin-top:1rem!important}.mt-4{margin-top:1.5rem!important}.mt-5{margin-top:3rem!important}.me-2{margin-right:.5rem!important}.me-3{margin-right:1rem!important}.me-5{margin-right:3rem!important}.mb-0{margin-bottom:0!important}.mb-1{margin-bottom:.25rem!important}.mb-2{margin-bottom:.5rem!important}.mb-3{margin-bottom:1rem!important}.mb-4{margin-bottom:1.5rem!important}.ms-3{margin-left:1rem!important}.p-0{padding:0!important}.p-2{padding:.5rem!important}.p-3{padding:1rem!important}.py-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.pt-3{padding-top:1rem!important}.pt-4{padding-top:1.5rem!important}.pe-0{padding-right:0!important}.pe-1{padding-right:.25rem!important}.pe-4{padding-right:1.5rem!important}.pb-3{padding-bottom:1rem!important}.ps-1{padding-left:.25rem!important}.ps-2{padding-left:.5rem!important}.ps-3{padding-left:1rem!important}.fs-3{font-size:calc(1.3rem + .6vw)!important}.fs-4{font-size:calc(1.275rem + .3vw)!important}.fs-5{font-size:1.25rem!important}.lh-sm{line-height:1.25!important}.text-center{text-align:center!important}.text-decoration-underline{text-decoration:underline!important}.text-primary{--bs-text-opacity: 1;color:rgba(var(--bs-primary-rgb),var(--bs-text-opacity))!important}.text-light{--bs-text-opacity: 1;color:rgba(var(--bs-light-rgb),var(--bs-text-opacity))!important}.text-dark{--bs-text-opacity: 1;color:rgba(var(--bs-dark-rgb),var(--bs-text-opacity))!important}.text-muted{--bs-text-opacity: 1;color:var(--bs-secondary-color)!important}.text-black-50{--bs-text-opacity: 1;color:#00000080!important}.text-dark-emphasis{color:var(--bs-dark-text-emphasis)!important}.bg-white{--bs-bg-opacity: 1;background-color:rgba(var(--bs-white-rgb),var(--bs-bg-opacity))!important}.rounded-circle{border-radius:50%!important}.rounded-pill{border-radius:var(--bs-border-radius-pill)!important}@media (min-width: 576px){.d-sm-block{display:block!important}.d-sm-none{display:none!important}}@media (min-width: 1200px){.fs-3{font-size:1.75rem!important}.fs-4{font-size:1.5rem!important}}
</style><link rel="stylesheet" href="styles-R4RKLGAS.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles-R4RKLGAS.css"></noscript><style ng-app-id="ng">#arrow-icon[_ngcontent-ng-c864111055]{display:inline-block;margin-left:5px;animation:_ngcontent-ng-c864111055_moveDown 1s infinite}@keyframes _ngcontent-ng-c864111055_moveDown{0%,to{transform:translateY(0)}50%{transform:translateY(5px)}}#arrow-icon-right[_ngcontent-ng-c864111055]{display:inline-block;margin-left:5px;animation:_ngcontent-ng-c864111055_moveRight 1s infinite}@keyframes _ngcontent-ng-c864111055_moveRight{0%,to{transform:translate(0)}50%{transform:translate(5px)}}</style></head>
<body class="light-mode"><!--nghm-->
<!-- Google Tag Manager (noscript) -->
<!-- <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NPNKJ5W"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> -->
<!-- End Google Tag Manager (noscript) -->
<app-root _nghost-ng-c1536842746 ng-version="18.2.13" ngh="1" ng-server-context="ssg"><router-outlet _ngcontent-ng-c1536842746></router-outlet><app-portfolio _nghost-ng-c864111055 ngh="0"><main _ngcontent-ng-c864111055 class="main"><div _ngcontent-ng-c864111055 class="content"><div _ngcontent-ng-c864111055 class="content position-relative"><i _ngcontent-ng-c864111055 class="bi fs-3 position-absolute top-0 end-0 m-3 pointer bi-lightbulb-fill text-lightorange"></i></div><div _ngcontent-ng-c864111055 class="row d-block d-sm-none d-flex align-items-center justify-content-center"><div _ngcontent-ng-c864111055 class="p-0 mt-4 position-relative border border-white bg-white" style="border-radius: 1.5rem; width: 85%;"><div _ngcontent-ng-c864111055 class="d-flex justify-content-center position-absolute w-100" style="top: -2rem;"><img _ngcontent-ng-c864111055 src="assets/images/jasper.webp" alt="Jasper Baes" class="rounded-circle" style="width: 40%;"></div><div _ngcontent-ng-c864111055 class="col-10 col-xs-10 col-sm-8 col-md-8 py-4 mx-auto text-center mt-5"><h3 _ngcontent-ng-c864111055 class="mt-5 mb-0"><strong _ngcontent-ng-c864111055>I'm Jasper Baes✌🏼 a <span _ngcontent-ng-c864111055 class="text-primary">Microsoft Cloud Security Consultant</span> from Belgium</strong></h3><p _ngcontent-ng-c864111055 class="mt-3 mb-1">I secure organizations with my expertise in:</p><span _ngcontent-ng-c864111055 class="badge text-dark rounded-pill bg-grey p-2 me-2">Microsoft Cloud Security</span><span _ngcontent-ng-c864111055 class="badge text-dark rounded-pill bg-grey p-2 me-2 mt-1">Security Compliance</span><span _ngcontent-ng-c864111055 class="badge text-dark rounded-pill bg-grey p-2 me-2 mt-1">Building Security Tools</span><a _ngcontent-ng-c864111055 href="#work" class="btn btn-primary btn mt-4 me-2 text-light ps-2"><i _ngcontent-ng-c864111055 id="arrow-icon" class="bi bi-arrow-down m-0 me-2"></i><strong _ngcontent-ng-c864111055>Discover my work</strong></a><a _ngcontent-ng-c864111055 href="/posts#work" class="btn btn-outline-primary btn mt-4 me-2 text-primary ps-2"><strong _ngcontent-ng-c864111055>Blog</strong></a><a _ngcontent-ng-c864111055 href="https://www.linkedin.com/in/jasper-baes/" target="_blank"><img _ngcontent-ng-c864111055 src="assets/images/linkedin-logo.webp" alt="Logo LinkedIn" class="ms-3 mt-4" style="width: 1.5rem;"></a></div></div></div><div _ngcontent-ng-c864111055 class="position-relative"><div _ngcontent-ng-c864111055 class="row d-none d-sm-block d-flex align-items-center justify-content-center mt-2"><div _ngcontent-ng-c864111055 class="col-12 d-flex justify-content-center"><div _ngcontent-ng-c864111055 class="row p-0 mt-5 my-auto border border-white bg-white" style="border-radius: 1.5rem; width: 85%;"><div _ngcontent-ng-c864111055 class="col-4 align-self-end ps-1 pe-0" style="position: relative; z-index: 1;"><img _ngcontent-ng-c864111055 src="assets/images/jasper-transparant.webp" alt="Jasper Baes" class="w-100" style="margin-top: -50px;"></div><div _ngcontent-ng-c864111055 class="col pt-4 pb-3 pe-4"><h3 _ngcontent-ng-c864111055 class="mt-1 mb-0 poppins-regular"><strong _ngcontent-ng-c864111055>I'm Jasper Baes✌🏼a <span _ngcontent-ng-c864111055 class="text-primary">Microsoft Cloud Security Consultant</span> from Belgium</strong></h3><p _ngcontent-ng-c864111055 class="mt-3 mb-0">I secure organizations with my expertise in:</p><span _ngcontent-ng-c864111055 class="badge text-dark rounded-pill bg-grey p-2 me-2 mt-1">Microsoft Cloud Security</span><span _ngcontent-ng-c864111055 class="badge text-dark rounded-pill bg-grey p-2 me-2 mt-1">Security Compliance</span><span _ngcontent-ng-c864111055 class="badge text-dark rounded-pill bg-grey p-2 me-2 mt-1 mb-2">Building Security Tools</span><a _ngcontent-ng-c864111055 href="#work" class="btn btn-primary btn mt-3 me-2 text-light ps-2"><i _ngcontent-ng-c864111055 id="arrow-icon" class="bi bi-arrow-down m-0 me-2"></i><strong _ngcontent-ng-c864111055>Discover my work</strong></a><a _ngcontent-ng-c864111055 href="/posts" class="btn btn-outline-primary btn mt-3 me-2 text-primary ps-2"><strong _ngcontent-ng-c864111055>Blog</strong></a><a _ngcontent-ng-c864111055 href="https://www.linkedin.com/in/jasper-baes/" target="_blank"><img _ngcontent-ng-c864111055 src="assets/images/linkedin-logo.webp" alt="Logo LinkedIn" class="ms-3 mt-3" style="width: 1.3rem;"></a></div></div></div></div></div><div _ngcontent-ng-c864111055 class="mt-5 d-flex flex-column align-items-center justify-content-center"><p _ngcontent-ng-c864111055 class="mt-5 fs-4 text-center">Here’s the spread of my <span _ngcontent-ng-c864111055 class="text-black-100">core skills</span>:</p><div _ngcontent-ng-c864111055 class="d-block d-sm-none p-3 mt-3 text-center" style="border-radius: 1.5rem;"><img _ngcontent-ng-c864111055 alt="Jasper Baes skills" class="w-100" style="border-radius: 1.3rem;" src="assets/images/skills-vertical.webp"></div><div _ngcontent-ng-c864111055 class="d-none d-sm-block p-3 mt-3 text-center" style="border-radius: 1.5rem;"><img _ngcontent-ng-c864111055 alt="Jasper Baes skills" class="w-100" style="border-radius: 1.3rem;" src="assets/images/skills.webp"></div></div><div _ngcontent-ng-c864111055 id="work" class="mt-5 d-flex flex-column align-items-center justify-content-center"><p _ngcontent-ng-c864111055 class="mt-5 fs-4 text-center">Enough high-level stuff. Discover some of my key work:</p><div _ngcontent-ng-c864111055 class="row mt-3 gy-3 w-100"><div _ngcontent-ng-c864111055 class="col-12 col-sm-12 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="row p-0 m-0 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><div _ngcontent-ng-c864111055 class="col-12 col-md-7 pt-3 ps-3 pb-3 pe-1"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2025</strong></p><p _ngcontent-ng-c864111055 class="mt-4 mb-0 poppins-bold">Entra ID Attack Paths and privilege escalations</p><p _ngcontent-ng-c864111055 class="mb-3 lh-sm text-dark-emphasis">I build a website that visualizes attack paths and privilege escalations for Entra ID and Graph API. It also allows to run security assessments to view the actual status of Entra roles and Graph API permissions on a Microsoft tenant.</p><a _ngcontent-ng-c864111055 href="/attack-paths" target="_blank" class="btn btn-outline-primary mt-0 me-2 ps-2"><i _ngcontent-ng-c864111055 id="arrow-icon-right" class="bi bi-arrow-right m-0"></i></a></div><div _ngcontent-ng-c864111055 class="col-12 col-md-5 d-flex align-items-center justify-content-end m-0 p-0"><div _ngcontent-ng-c864111055 class="col-2 col-md-0"></div><div _ngcontent-ng-c864111055 class="col-10 col-md-12"><img _ngcontent-ng-c864111055 src="/assets/images/timeline/entra-id-attack-paths.webp" alt="Mockup Microsoft Cloud Group Analyzer" class="w-100" style="border-bottom-right-radius: 1.5rem;"></div></div></div></div><div _ngcontent-ng-c864111055 class="col-12 col-sm-8 d-flex align-items-stretch"><div _ngcontent-ng-c864111055 class="row p-0 m-0 w-100 bg-lightgrey" style="border-radius: 1.5rem;"><div _ngcontent-ng-c864111055 class="col-12 col-md-4 d-flex align-items-center justify-content-end m-0 p-0"><img _ngcontent-ng-c864111055 src="/CAF/images/1.png" alt="Mockup Security Office Portal Toreon" class="w-100" style="border-bottom-right-radius: 1.5rem;"></div><div _ngcontent-ng-c864111055 class="col-12 col-md-7 pt-3 ps-3 pb-3 pe-1"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2024</strong></p><p _ngcontent-ng-c864111055 class="mt-4 mb-0 poppins-bold">Conditional Access Blueprint</p><p _ngcontent-ng-c864111055 class="mb-3 lh-sm text-dark-emphasis">I created a framework: 4 tools to streamline the creation and validation of organization's access strategy and policies</p><a _ngcontent-ng-c864111055 href="/Conditional-Access-Blueprint" target="_blank" class="btn btn-outline-primary mt-0 me-2 ps-2"><i _ngcontent-ng-c864111055 id="arrow-icon-right" class="bi bi-arrow-right m-0"></i></a></div></div></div><div _ngcontent-ng-c864111055 data-bs-toggle="modal" data-bs-target="#modalIgnite" class="col-12 col-sm-4 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="p-3 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2024</strong></p><img _ngcontent-ng-c864111055 src="/assets/images/timeline/microsoft-logo.png" alt="Logo Microsoft" class="mt-3 mb-3" style="width: 6rem;"><p _ngcontent-ng-c864111055 class="mt-3 mb-0 poppins-bold">I was at Microsoft Ignite ✨</p><p _ngcontent-ng-c864111055 class="mb-1 lh-sm text-dark-emphasis">Exploring the latest Microsoft security innovations in Chicago!</p></div></div><div _ngcontent-ng-c864111055 data-bs-toggle="modal" data-bs-target="#modalRSA" class="col-12 col-sm-4 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="p-3 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2024</strong></p><img _ngcontent-ng-c864111055 alt="Logo RSA Conference" class="mt-3 mb-3 w-50" src="/assets/images/timeline/rsa-logo-black.png"><p _ngcontent-ng-c864111055 class="mt-3 mb-0 poppins-bold">Hi San Francisco 👋</p><p _ngcontent-ng-c864111055 class="mb-1 mb-0 lh-sm text-dark-emphasis">I promoted my tools at RSA, one of the biggest security conferences in the world</p></div></div><div _ngcontent-ng-c864111055 data-bs-toggle="modal" data-bs-target="#modalGroupAnalyzer" class="col-12 col-sm-8 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="row p-0 m-0 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><div _ngcontent-ng-c864111055 class="col-12 col-md-6 pt-3 ps-3 pb-3 pe-1"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2024</strong></p><img _ngcontent-ng-c864111055 src="/assets/images/timeline/mcga-logo.webp" alt="Logo Microsoft Cloud Group Analyzer" class="mt-1" style="width: 4rem;"><p _ngcontent-ng-c864111055 class="mt-3 mb-0 poppins-bold">Microsoft Cloud Group Analyzer</p><p _ngcontent-ng-c864111055 class="mb-3 lh-sm text-dark-emphasis">I build a tool detecting where groups and users are configured within your Microsoft Cloud environment</p></div><div _ngcontent-ng-c864111055 class="col-12 col-md-6 d-flex align-items-center justify-content-end m-0 p-0"><div _ngcontent-ng-c864111055 class="col-2 col-md-0"></div><div _ngcontent-ng-c864111055 class="col-10 col-md-12"><img _ngcontent-ng-c864111055 src="/assets/images/timeline/mcga-mockup.webp" alt="Mockup Microsoft Cloud Group Analyzer" class="w-100"></div></div></div></div><div _ngcontent-ng-c864111055 data-bs-toggle="modal" data-bs-target="#modalSOP" class="col-12 col-sm-8 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="row p-0 m-0 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><div _ngcontent-ng-c864111055 class="col-12 col-md-6 pt-3 ps-3 pb-3 pe-1"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2023</strong></p><img _ngcontent-ng-c864111055 src="assets/images/toreon-logo.png" alt="Logo Toreon" class="mt-1" style="width: 1rem;"><p _ngcontent-ng-c864111055 class="mt-3 mb-0 poppins-bold">Security Office Portal</p><p _ngcontent-ng-c864111055 class="mb-1 lh-sm text-dark-emphasis">I build a security compliance scanning dashboard with 900+ checks, widely used by Toreon clients</p></div><div _ngcontent-ng-c864111055 class="col-12 col-md-6 d-flex align-items-center justify-content-end m-0 p-0"><div _ngcontent-ng-c864111055 class="col-2 col-md-0"></div><div _ngcontent-ng-c864111055 class="col-10 col-md-12"><img _ngcontent-ng-c864111055 src="/assets/images/timeline/sop-crop-1.webp" alt="Mockup Security Office Portal Toreon" class="w-100" style="border-bottom-right-radius: 1.5rem;"></div></div></div></div><div _ngcontent-ng-c864111055 data-bs-toggle="modal" data-bs-target="#modalGPT" class="col-12 col-sm-4 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="p-3 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2023</strong></p><p _ngcontent-ng-c864111055 class="mt-5 mb-0 poppins-bold">Business chatGPT ✨</p><p _ngcontent-ng-c864111055 class="mb-1 lh-sm text-dark-emphasis">I've created a chatGPT setup guide to interact with your ISMS policies, documentation or files</p></div></div><div _ngcontent-ng-c864111055 data-bs-toggle="modal" data-bs-target="#modalCA" class="col-12 col-sm-4 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="p-3 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2022</strong></p><img _ngcontent-ng-c864111055 src="assets/images/toreon-logo.png" alt="Logo Toreon" class="mt-1" style="width: 1rem;"><p _ngcontent-ng-c864111055 class="mt-3 mb-0 poppins-bold">Conditional Access Simulator</p><p _ngcontent-ng-c864111055 class="mb-1 lh-sm text-dark-emphasis">I made a tool simulating common and malicious access cases on your M365 environment</p></div></div><div _ngcontent-ng-c864111055 data-bs-toggle="modal" data-bs-target="#modalTOTY" class="col-12 col-sm-8 d-flex align-items-stretch pointer"><div _ngcontent-ng-c864111055 class="row p-0 m-0 w-100 bg-lightgrey hover-bg-darker" style="border-radius: 1.5rem;"><div _ngcontent-ng-c864111055 class="col-12 col-md-6 pt-3 ps-3 pb-3 pe-1"><p _ngcontent-ng-c864111055 class="mt-1 poppins-medium text-black-50"><strong _ngcontent-ng-c864111055>2022</strong></p><img _ngcontent-ng-c864111055 src="assets/images/toreon-logo.png" alt="Logo Toreon" class="mt-1" style="width: 1rem;"><p _ngcontent-ng-c864111055 class="mt-3 mb-0 poppins-bold">Toreonite of the Year</p><p _ngcontent-ng-c864111055 class="mb-1 lh-sm text-dark-emphasis">After just 1 year of working at Toreon, my colleagues awarded me as <span _ngcontent-ng-c864111055 class="text-decoration-underline">Toreonite of the Year</span></p></div><div _ngcontent-ng-c864111055 class="col-12 col-md-6 d-flex align-items-center justify-content-end m-0 p-0"><div _ngcontent-ng-c864111055 class="col-2 col-md-0"></div><div _ngcontent-ng-c864111055 class="col-10 col-md-12"><img _ngcontent-ng-c864111055 src="assets/images/toreoniteOfTheYear.webp" alt="Toreon Toreonite of the year Jasper Baes" class="w-100"></div></div></div></div></div><p _ngcontent-ng-c864111055 class="fs-4 mt-5 text-center">... and a bunch of other achievements you can find on my <a _ngcontent-ng-c864111055 href="/posts" class="text-decoration-underline position-relative pointer hover-lighter text-dark"> blog </a></p></div><div _ngcontent-ng-c864111055 class="mt-5 d-flex flex-column align-items-center justify-content-center"><p _ngcontent-ng-c864111055 class="fs-4 mt-3 text-center">If you'd like to learn more about me or my work, hit me up!</p><a _ngcontent-ng-c864111055 href="https://www.linkedin.com/in/jasper-baes/" target="_blank"><button _ngcontent-ng-c864111055 type="button" class="btn btn-primary btn me-2 text-light"><strong _ngcontent-ng-c864111055>LinkedIn</strong></button></a></div></div></main><app-modals _ngcontent-ng-c864111055 _nghost-ng-c1814281294 ngh="0"><div _ngcontent-ng-c1814281294 id="modalIgnite" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade" data-bs-theme="light"><div _ngcontent-ng-c1814281294 class="modal-dialog modal-dialog-centered modal-dialog-scrollable"><div _ngcontent-ng-c1814281294 class="modal-content"><div _ngcontent-ng-c1814281294 class="modal-header"><h1 _ngcontent-ng-c1814281294 id="exampleModalLabel" class="modal-title fs-5"><strong _ngcontent-ng-c1814281294>Hello Chicago 👋</strong></h1><button _ngcontent-ng-c1814281294 type="button" data-bs-dismiss="modal" aria-label="Close" class="btn-close"></button></div><div _ngcontent-ng-c1814281294 class="modal-body"><p _ngcontent-ng-c1814281294>Microsoft Ignite is an annual conference where Microsoft showcases its latest innovations, products, and services, and provides training and networking opportunities.</p><p _ngcontent-ng-c1814281294>Happy to be part of the event <small _ngcontent-ng-c1814281294 class="small text-muted">(Nov 18 - Nov 22, 2024)</small>! 🙌</p><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/rsa2024-2.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/ignite-thumb-2.png" alt="Microsoft Ignite" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/posts/jasper-baes_msignite-microsoft-ignite-activity-7264533908837253121-iBHZ?utm_source=share&utm_medium=member_desktop&rcm=ACoAACu1ctQBwrMlDr_Rk-HHWZ5I9zbYpP5Pztg" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-3 text-light"><strong _ngcontent-ng-c1814281294>Vlog pre-day</strong></button></a><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/posts/jasper-baes_msignite-microsoft-ignite-activity-7265007906641567744-7JRl?utm_source=share&utm_medium=member_desktop&rcm=ACoAACu1ctQBwrMlDr_Rk-HHWZ5I9zbYpP5Pztg" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-3 text-light"><strong _ngcontent-ng-c1814281294>Vlog day 1</strong></button></a><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/posts/jasper-baes_msignite-microsoft-ignite-activity-7265621574077104128-eb7Z?utm_source=share&utm_medium=member_desktop&rcm=ACoAACu1ctQBwrMlDr_Rk-HHWZ5I9zbYpP5Pztg" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-3 text-light"><strong _ngcontent-ng-c1814281294>Vlog day 2</strong></button></a></div></div></div></div><div _ngcontent-ng-c1814281294 id="modalRSA" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade" data-bs-theme="light"><div _ngcontent-ng-c1814281294 class="modal-dialog modal-dialog-centered modal-dialog-scrollable"><div _ngcontent-ng-c1814281294 class="modal-content"><div _ngcontent-ng-c1814281294 class="modal-header"><h1 _ngcontent-ng-c1814281294 id="exampleModalLabel" class="modal-title fs-5"><strong _ngcontent-ng-c1814281294>Hello San Francisco 👋</strong></h1><button _ngcontent-ng-c1814281294 type="button" data-bs-dismiss="modal" aria-label="Close" class="btn-close"></button></div><div _ngcontent-ng-c1814281294 class="modal-body"><p _ngcontent-ng-c1814281294>Where some innovative tool ideas and lots of focused work have taken me? ... RSA Conference San Francisco apperently! 🚀</p><p _ngcontent-ng-c1814281294>Together with Wouter Avondstondt, we're not only promoting our Microsoft Cloud Compliance tools, but also exploring new ways to enhance our Toreon services.</p><p _ngcontent-ng-c1814281294>You can discover the capabilities of the Compliance Manager and Conditional Access Simulator at the Flanders booth! 🙌</p><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/rsa2024-1.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/rsa2024-1.png" alt="RSA Conference" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/rsa2024-2.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/rsa2024-2.png" alt="RSA Conference" loading="lazy" class="img-fluid img-thumbnail mb-3"></a></div></div></div></div><div _ngcontent-ng-c1814281294 id="modalGroupAnalyzer" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade" data-bs-theme="light"><div _ngcontent-ng-c1814281294 class="modal-dialog modal-dialog-centered modal-dialog-scrollable"><div _ngcontent-ng-c1814281294 class="modal-content"><div _ngcontent-ng-c1814281294 class="modal-header"><h1 _ngcontent-ng-c1814281294 id="exampleModalLabel" class="modal-title fs-5"><strong _ngcontent-ng-c1814281294>Microsoft Cloud Group Analyzer</strong></h1><button _ngcontent-ng-c1814281294 type="button" data-bs-dismiss="modal" aria-label="Close" class="btn-close"></button></div><div _ngcontent-ng-c1814281294 class="modal-body"><p _ngcontent-ng-c1814281294>Many IT and security admins struggle to keep track of where their Entra ID Groups are used. This is often in multiple locations in their environment and configured by multiple admins. Without continuously updating documentation or syncing with other admins, they’re all using groups blindly, potentially causing <span _ngcontent-ng-c1814281294 class="text-decoration-underline">unintended security or user impact</span> through changes in group memberships.</p><p _ngcontent-ng-c1814281294>I’ve created a small script giving you these insights, and I use it almost daily! Feel free to use, and to reach out for feedback or suggestions!</p><p _ngcontent-ng-c1814281294>The script output:</p><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/feed/update/urn:li:activity:7157748584753319936/" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-5 text-light position-relative"><strong _ngcontent-ng-c1814281294>Open LinkedIn post</strong><span _ngcontent-ng-c1814281294 class="position-absolute top-0 start-100 translate-middle badge rounded-pill text-bg-dark"> 540+ 🤍 </span></button></a><a _ngcontent-ng-c1814281294 href="https://github.com/jasperbaes/Microsoft-Cloud-Group-Analyzer" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-3 text-light"><strong _ngcontent-ng-c1814281294>Open Github</strong></button></a><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/feed/update/urn:li:activity:7157748584753319936/" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/mcga-example-report.png" alt="Microsoft Cloud Group Analyzer" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/feed/update/urn:li:activity:7157748584753319936/" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/mcga.png" alt="Microsoft Cloud Group Analyzer" loading="lazy" class="img-fluid img-thumbnail mb-3"></a></div></div></div></div><div _ngcontent-ng-c1814281294 id="modalSOP" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade" data-bs-theme="light"><div _ngcontent-ng-c1814281294 class="modal-dialog modal-dialog-centered modal-dialog-scrollable"><div _ngcontent-ng-c1814281294 class="modal-content"><div _ngcontent-ng-c1814281294 class="modal-header"><h1 _ngcontent-ng-c1814281294 id="exampleModalLabel" class="modal-title fs-5"><strong _ngcontent-ng-c1814281294>Security Office Portal</strong></h1><button _ngcontent-ng-c1814281294 type="button" data-bs-dismiss="modal" aria-label="Close" class="btn-close"></button></div><div _ngcontent-ng-c1814281294 class="modal-body"><p _ngcontent-ng-c1814281294>I've started building the Toreon Security Office Portal in 2023. The Security Office Portal is an online, continuous compliance scanning dashboard for M365, Azure, AWS and local AD.</p><p _ngcontent-ng-c1814281294>I'm in the lead for development of this service. This tool is actively being used by clients of Toreon.</p><a _ngcontent-ng-c1814281294 href="https://security.toreon.com" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-3 text-light"><strong _ngcontent-ng-c1814281294>Open Security Office Portal</strong></button></a><a _ngcontent-ng-c1814281294 href="https://security.toreon.com" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/sop-2.png" alt="Toreon Security Office Portal" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="https://security.toreon.com" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/sop-3.png" alt="Toreon Security Office Portal" loading="lazy" class="img-fluid img-thumbnail mb-3"></a></div></div></div></div><div _ngcontent-ng-c1814281294 id="modalCA" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade" data-bs-theme="light"><div _ngcontent-ng-c1814281294 class="modal-dialog modal-dialog-centered modal-dialog-scrollable"><div _ngcontent-ng-c1814281294 class="modal-content"><div _ngcontent-ng-c1814281294 class="modal-header"><h1 _ngcontent-ng-c1814281294 id="exampleModalLabel" class="modal-title fs-5"><strong _ngcontent-ng-c1814281294>Conditional Access Simulator</strong></h1><button _ngcontent-ng-c1814281294 type="button" data-bs-dismiss="modal" aria-label="Close" class="btn-close"></button></div><div _ngcontent-ng-c1814281294 class="modal-body"><p _ngcontent-ng-c1814281294>With the Conditional Access Simulator, you can validate - in an automated way - what your access policies would permit or not in both common and more extraordinary situations - including potentially malicious access. This brings insights in your current attack surface and allows you to finetune existing policies. It can also help you to create new policies to fully suit your vision regarding access.</p><p _ngcontent-ng-c1814281294>This service was years ahead of Microsoft and competitor tooling. Meanwhile, Microsoft is working on incorporating this method of validation into their own platform.</p><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/feed/update/urn:li:activity:7136017579634040832/" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-3 text-light"><strong _ngcontent-ng-c1814281294>Open Video</strong></button></a><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/feed/update/urn:li:activity:7136017579634040832/" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/ConditionalAccessSimulatorPreview.png" alt="CA Simulator" loading="lazy" class="img-fluid img-thumbnail mb-3"></a></div></div></div></div><div _ngcontent-ng-c1814281294 id="modalGPT" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade" data-bs-theme="light"><div _ngcontent-ng-c1814281294 class="modal-dialog modal-dialog-centered modal-dialog-scrollable"><div _ngcontent-ng-c1814281294 class="modal-content"><div _ngcontent-ng-c1814281294 class="modal-header"><h1 _ngcontent-ng-c1814281294 id="exampleModalLabel" class="modal-title fs-5"><strong _ngcontent-ng-c1814281294>Business chatGPT ✨</strong></h1><button _ngcontent-ng-c1814281294 type="button" data-bs-dismiss="modal" aria-label="Close" class="btn-close"></button></div><div _ngcontent-ng-c1814281294 class="modal-body"><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/chatgpt.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/chatgpt.png" alt="chatgpt" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><p _ngcontent-ng-c1814281294>Guess what? Blocking A.I. sites like ChatGPT doesn't stop your users from finding other ways to chat it up with the machines. Some of these alternatives might even be sketchier when it comes to protecting your (sensitive) data. But don't worry, this post got your back! 👇</p><p _ngcontent-ng-c1814281294>I've created up a simple guide that shows you how to create your very own private ChatGPT using Azure. No tech wizardry required – you can have it up and running in just 30 minutes! This setup makes sure your data takes a detour through a private AI model instance in Azure's OpenAI, so you're not sending your data through who-knows-where. Plus, authentication is provided with Azure AD. 🛡️</p><p _ngcontent-ng-c1814281294>💰When it comes to costs, you may consider downsizing to an Azure CosmosDB Free Tier and utilizing a free/B1 Azure App Service.</p><a _ngcontent-ng-c1814281294 href="https://www.linkedin.com/feed/update/urn:li:activity:7094269426161577985/" target="_blank"><button _ngcontent-ng-c1814281294 class="btn btn-primary mb-4 me-3 text-light"><strong _ngcontent-ng-c1814281294>Open post</strong></button></a><p _ngcontent-ng-c1814281294>Guide:</p><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/story-7-1.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/story-7-1.png" alt="story" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/story-7-2.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/story-7-2.png" alt="story" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/story-7-3.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/story-7-3.png" alt="story" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/story-7-4.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/story-7-4.png" alt="story" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/story-7-5.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/story-7-5.png" alt="story" loading="lazy" class="img-fluid img-thumbnail mb-3"></a><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/story-7-6.png" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/story-7-6.png" alt="story" loading="lazy" class="img-fluid img-thumbnail mb-3"></a></div></div></div></div><div _ngcontent-ng-c1814281294 id="modalTOTY" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade" data-bs-theme="light"><div _ngcontent-ng-c1814281294 class="modal-dialog modal-dialog-centered modal-dialog-scrollable"><div _ngcontent-ng-c1814281294 class="modal-content"><div _ngcontent-ng-c1814281294 class="modal-header"><h1 _ngcontent-ng-c1814281294 id="exampleModalLabel" class="modal-title fs-5"><strong _ngcontent-ng-c1814281294>Toreonite of the Year</strong></h1><button _ngcontent-ng-c1814281294 type="button" data-bs-dismiss="modal" aria-label="Close" class="btn-close"></button></div><div _ngcontent-ng-c1814281294 class="modal-body"><p _ngcontent-ng-c1814281294>At the Toreon Brainshare in October 2022, I received the award of <span _ngcontent-ng-c1814281294 class="text-decoration-underline">Intrapreneur of the year</span> and was elected as <span _ngcontent-ng-c1814281294 class="text-decoration-underline">Toreonite of the year</span> by my colleagues, which makes this even more special! 🥇</p><p _ngcontent-ng-c1814281294>Receiving such accolades from my colleagues after just one year of working truly means a lot to me.</p><a _ngcontent-ng-c1814281294 href="/assets/images/timeline/toty2022.jpg" target="_blank"><img _ngcontent-ng-c1814281294 src="/assets/images/timeline/toty2022.jpg" alt="Toreonite of the year 2022" loading="lazy" class="img-fluid img-thumbnail mb-3"></a></div></div></div></div></app-modals></app-portfolio><!----></app-root>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer">
</script>
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-144192848-2"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('set', 'anonymizeIp', true);
gtag('config', 'UA-144192848-2');
</script>
<!-- For SEO purposes -->
<!--
<div class="container">
<div class="container-fluid container-xxl mt-4 mb-5 text-center">
<div class="row mb-5">
<div class="col-12 position-relative">
<h1 class="mb-0 mt-5 text-center" [ngClass]="{'text-light': isDarkMode, 'text-dark': !isDarkMode}">
<strong>Conditional Access <span class="text-info bg-info-opacity rounded px-2 py-0">Blueprint</span></strong>
</h1>
<i (click)="toggleDarkMode()" class="bi fs-3 pointer position-absolute end-0 top-50 translate-middle-y m-3" [ngClass]="{'bi-lightbulb text-white': isDarkMode, 'bi-lightbulb-fill text-lightinfo': !isDarkMode}"></i>
</div>
</div>
<p class="mt-3 fs-5 mb-5 w-100" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}" style="margin: auto !important"><span class="poppins-semibold">4 tools</span> to streamline the creation and validation of your organization's access policies and strategy</p>
<div class="row d-block d-lg-none mt-5">
<div class="my-5 embed-responsive">
<iframe class="embed-responsive-item" style="width: 100%; height: 12rem" src="https://www.youtube-nocookie.com/embed/deBfmVg1efs?modestbranding=1" allowfullscreen></iframe>
</div>
</div>
<div class="row d-none d-lg-block mt-5">
<div class="my54 embed-responsive">
<iframe class="embed-responsive-item" style="width: 30% !important; height: 12rem" src="https://www.youtube-nocookie.com/embed/deBfmVg1efs?modestbranding=1" allowfullscreen></iframe>
</div>
</div>
</div>
<div class="container-xxl mt-4 mb-5">
<div class="d-none d-sm-block">
<div class="row text-center">
<div class="col color-white underline-primary me-3 p-0"><p class="py-o m-o text-grey small" style="margin-bottom: 0.3rem;">2 tools for</p><span class="bg-secondary poppins-medium px-3 py-1 rounded my-0 text-light">building security</span></div>
<div class="col color-white underline-primary p-0"><p class="py-o m-o text-grey small" style="margin-bottom: 0.3rem;">2 tools for</p><span class="bg-secondary poppins-medium px-3 py-1 rounded my-0 text-light">verifying security</span></div>
</div>
</div>
<div class="row gx-3">
<div class="col-12 col-sm-3 col-xs-12 position-relative pointer mt-3 h-100" data-bs-toggle="modal" data-bs-target="#modal1" (click)="trackEvent('click_modal_PersonaFlow')">
<div class="position-absolute top-0 end-0 me-3 ">
<svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="bi bi-arrow-up-right-square text-grey pointer" viewBox="0 0 16 16" data-bs-toggle="modal" data-bs-target="#modal1">
<path fill-rule="evenodd" d="M15 2a1 1 0 0 0-1-1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1zM0 2a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v12a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2zm5.854 8.803a.5.5 0 1 1-.708-.707L9.243 6H6.475a.5.5 0 1 1 0-1h3.975a.5.5 0 0 1 .5.5v3.975a.5.5 0 1 1-1 0V6.707z"/>
</svg>
</div>
<div class="p-3 service border border-white" [ngClass]="{'bg-darker hover-bg-lighter': isDarkMode, 'bg-lightgrey hover-bg-darkergrey': !isDarkMode}">
<div class="text-center">
<span class="fs-5 text-info me-2 poppins-semibold">#1</span><span class="fs-5 poppins-semibold">Persona Flow Diagram</span>
<p class="fs-6 mt-2" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">A flow diagram to help you define access restrictions and actions for each user role</p>
<img class="w-100 mb-4" src="/CAF/images/1.png" alt="Mockup">
<a href="/CAF/CA-flow" target="_blank"><button type="button" class="btn btn-info text-light" (click)="trackEvent('click_button_OpenPersonaFlow')">Open Persona Flow</button></a>
<p class="mt-3 mb-0 small pointer" data-bs-toggle="modal" data-bs-target="#modal1">more info</p>
</div>
</div>
</div>
<div class="col-12 col-sm-3 position-relative mt-3 h-100" data-bs-toggle="modal" data-bs-target="#modal2" (click)="trackEvent('click_modal_PersonaRequirements')">
<div class="position-absolute top-0 end-0 me-3">
<svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="bi bi-arrow-up-right-square text-grey pointer" viewBox="0 0 16 16" data-bs-toggle="modal" data-bs-target="#modal2">
<path fill-rule="evenodd" d="M15 2a1 1 0 0 0-1-1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1zM0 2a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v12a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2zm5.854 8.803a.5.5 0 1 1-.708-.707L9.243 6H6.475a.5.5 0 1 1 0-1h3.975a.5.5 0 0 1 .5.5v3.975a.5.5 0 1 1-1 0V6.707z"/>
</svg>
</div>
<div class="p-3 service border border-white pointer" [ngClass]="{'bg-darker hover-bg-lighter': isDarkMode, 'bg-lightgrey hover-bg-darkergrey': !isDarkMode}">
<div class="text-center">
<span class="fs-5 text-info me-2 poppins-semibold">#2</span><span class="fs-5 poppins-semibold">Policy Translator</span>
<p class="fs-6 mt-2" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">An Excel that translates your personas to Conditional Access policies</p>
<img class="w-100 mb-4" src="/CAF/images/2.png" alt="Mockup">
<a href="https://raw.githubusercontent.com/jasperbaes/jasperbaes.github.io/main/CAF/ConditionalAccessBlueprint-Template.xlsx" target="_blank" (click)="trackEvent('click_button_downloadTemplate')"><button type="button" class="btn btn-info text-light">Open template</button></a>
<p class="mt-3 mb-0 small pointer" data-bs-toggle="modal" data-bs-target="#modal2">more info</p>
</div>
</div>
</div>
<div class="col-12 col-sm-3 position-relative mt-3 h-100" data-bs-toggle="modal" data-bs-target="#modal3" (click)="trackEvent('click_modal_Matrix')">
<div class="position-absolute top-0 end-0 me-3">
<svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="bi bi-arrow-up-right-square text-grey pointer" viewBox="0 0 16 16" data-bs-toggle="modal" data-bs-target="#modal3">
<path fill-rule="evenodd" d="M15 2a1 1 0 0 0-1-1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1zM0 2a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v12a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2zm5.854 8.803a.5.5 0 1 1-.708-.707L9.243 6H6.475a.5.5 0 1 1 0-1h3.975a.5.5 0 0 1 .5.5v3.975a.5.5 0 1 1-1 0V6.707z"/>
</svg>
</div>
<div class="p-3 service border border-white pointer" [ngClass]="{'bg-darker hover-bg-lighter': isDarkMode, 'bg-lightgrey hover-bg-darkergrey': !isDarkMode}">
<div class="text-center">
<span class="fs-5 text-info me-2 poppins-semibold">#3</span><span class="fs-5 poppins-semibold">Impact Matrix</span>
<p class="fs-6 mt-2" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">Spot CA misconfigurations and review user impact</p>
<img class="w-100 mb-4" src="/CAF/images/3.png" alt="Mockup">
<a href="https://github.com/jasperbaes/Conditional-Access-Matrix" target="_blank"><button type="button" class="btn btn-info text-light" (click)="trackEvent('click_button_openScript')">Open script</button></a>
<p class="mt-3 mb-0 small pointer" data-bs-toggle="modal" data-bs-target="#modal3">more info</p>
</div>
</div>
</div>
<div class="col-12 col-sm-3 position-relative mt-3 h-100" data-bs-toggle="modal" data-bs-target="#modal4" (click)="trackEvent('click_modal_Simualator')">
<div class="position-absolute top-0 end-0 me-3">
<svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="bi bi-arrow-up-right-square text-grey pointer" viewBox="0 0 16 16" data-bs-toggle="modal" data-bs-target="#modal4">
<path fill-rule="evenodd" d="M15 2a1 1 0 0 0-1-1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1zM0 2a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v12a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2zm5.854 8.803a.5.5 0 1 1-.708-.707L9.243 6H6.475a.5.5 0 1 1 0-1h3.975a.5.5 0 0 1 .5.5v3.975a.5.5 0 1 1-1 0V6.707z"/>
</svg>
</div>
<div class="p-3 service 3 border border-white pointer" [ngClass]="{'bg-darker hover-bg-lighter': isDarkMode, 'bg-lightgrey hover-bg-darkergrey': !isDarkMode}">
<div class="text-center">
<span class="fs-5 text-info me-2 poppins-semibold">#4</span><span class="fs-5 poppins-semibold">Simulator</span>
<p class="fs-6 mt-2" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">Simulate and validate your access policies in both common and malicious scenarios + predict impact</p>
<img class="w-100 mb-4" src="/CAF/images/4.png" alt="Mockup">
<button type="button" class="btn btn-info text-light" data-bs-toggle="modal" data-bs-target="#modal4" (click)="trackEvent('click_modal_Simualator')">Open Simulator</button>
<p class="mt-3 mb-0 small pointer" data-bs-toggle="modal" data-bs-target="#modal4">more info</p>
</div>
</div>
</div>
</div>
<p class="text-center mt-5 mb-0">the <span class="poppins-bold" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">Conditional Access Blueprint</span>, made by <a class="text-info poppins-bold text-decoration-none" href="https://www.linkedin.com/in/jasper-baes" target="_blank" (click)="trackEvent('click_CAF_LinkedIn')">Jasper Baes</a></p>
<p class="text-center mt-2 mb-3 small pointer" [ngClass]="{'text-light': isDarkMode, 'text-muted': !isDarkMode}" data-bs-toggle="modal" data-bs-target="#support" (click)="trackEvent('click_modal_support')">support or contribute?</p>
<p class="text-center mt-5 mb-5 small pointer"><a class="text-decoration-none" [ngClass]="{'text-light': isDarkMode, 'text-muted': !isDarkMode}" href="/" target="_blank" (click)="trackEvent('click_CAF_jbaes')">👉 https://jbaes.be</a></p>
<div class="container">
<div class="row justify-content-center">
<div class="col-8">
<hr class="mt-5 mb-5 w-100"/>
</div>
</div>
</div>
<div class="container-xl mt-5 mb-5" id="checklist">
<div class="row justify-content-center">
<div class="col-12 col-sm-8">
<p class="fs-5 poppins-semibold">Checklist</p>
<p class="fs-6">This checklist guides you through the Conditional Access Blueprint, and is conveniently saved in your browser local storage session.</p>
<div *ngFor="let item of checklist; let i = index" class="form-check ms-4" [ngClass]="{'d-none': !checklistShowAll && i >= 5}">
<input
class="form-check-input"
type="checkbox"
[id]="item.id"
[checked]="item.checked"
(change)="toggleCheck(item)">
<label class="form-check-label" [for]="item.id">
{{ item.text }}
<span *ngIf="item.toolsUsed.length > 0">
<span aria-label="Tool selection" *ngFor="let tool of item.toolsUsed">
<span class="badge border border-secondary text-secondary me-2">Tool {{ tool }}</span>
</span>
</span>
</label>
</div>
<p *ngIf="!checklistShowAll" (click)="toggleShowAll()" class="mt-3 ms-4 text-grey pointer">Show All <small>({{ checklist.length }})</small></p>
<p *ngIf="checklistShowAll" (click)="toggleShowAll()" class="mt-3 ms-4 text-grey pointer">Show Less</p>
</div>
</div>
</div>
<div class="container">
<div class="row justify-content-center">
<div class="col-8">
<hr class="mt-5 mb-5 w-100"/>
</div>
</div>
</div>
<div class="container-fluid container-xxl mt-5 mb-5" id="feedback">
<div class="row d-block d-sm-none justify-content-center">
<div class="text-center">
<p class="fs-5 mb-5 poppins-semibold">Some of your feedback 💙</p>
<img class="w-100 m-1" src="/CAF/images/feedback-mobile1.png" alt="Conditional Access Blueprint feedback">
<img class="w-100 m-0" src="/CAF/images/feedback-mobile2.png" alt="Conditional Access Blueprint feedback">
<img class="w-100 m-0" src="/CAF/images/feedback-mobile3.png" alt="Conditional Access Blueprint feedback">
</div>
</div>
<div class="row d-none d-sm-block justify-content-center">
<div class="text-center">
<p class="fs-5 mb-5 poppins-semibold">Some of your feedback 💙</p>
<a href="/CAF/images/feedback.png" target="_blank"><img class="w-100 mb-4" src="/CAF/images/feedback.png" alt="Conditional Access Blueprint feedback"></a>
</div>
</div>
</div>
</div>
<div class="modal fade" id="modal1" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" [attr.data-bs-theme]="isDarkMode ? 'dark' : 'light'">
<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable">
<div class="modal-content">
<div class="modal-header bgcolor-primary">
<h5 class="modal-title poppins-bold color-white" id="exampleModalLabel">#1 Persona Flow Diagram</h5>
<button type="button" class="btn-close color-white" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<p>The first step in building your access security is defining what security restrictions can be applied to each persona in your environment.</p>
<p class="text-info poppins-bold mb-0 mt-2">What's a persona, you ask?</p>
<p class="mt-0">A persona can be:</p>
<ul>
<li><span class="poppins-bold" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">a group of users/identities:</span> e.g. regular users, ADM users, DEV users, external users, Entra roles, a group of Service Principals, emergency accounts, C-level users, service accounts or non-interactive accounts <span class="text-grey">(like Entra Connect sync accounts, phone service accounts, server service accounts, meeting room service accounts, ...)</span></li>
<li><span class="poppins-bold" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">an individual user/identity:</span> e.g. a specific service account, a Tier 0 account, an Entra role, a Service Principal, ...</li>
</ul>
<p>Begin by listing all existing personas in your environment. To visualize the relationships and structure, create a hierarchy chart. This will help in understanding how different personas interact and what their place is within the organization. Important to understand is that in this hierarchy chart, each node will inherite Conditional Access actions from the nodes above.</p>
<p>An example of personas in a tenant:</p>
<a href="/CAF/images/hierarchy-chart.png" target="_blank"><img src="/CAF/images/hierarchy-chart.png" class="img-fluid w-100 my-1 border" alt="..."></a>
<p>For most of the organizations, the hierarchy chart looks something like this. But depending on your organization, it might look a bit different, or different keywords are used. You can and you should go really detailled while defining your personas. Later on in the framework, you can delete what you don't need or what you think is overkill.</p>
<p class="text-info poppins-bold mb-0 mt-3">What do you do with these personas?</p>
<p>For each persona, you should define what access restrictions or actions can be applied. This can be done by simply following the persona flow from top to bottom (<a href="/CAF/CA-flow" target="_blank">https://jbaes.be/CAF/CA-flow</a>):</p>
<a href="/CAF/CA-flow" target="_blank"><button type="button" class="btn btn-info text-white poppins-regular" (click)="trackEvent('click_button_OpenPersonaFlow')">Open Persona Flow</button></a>
<p class="text-info poppins-bold mb-0 mt-3">Screenshot(s)</p>
<a href="/CAF/images/CAF-flow.png" target="_blank"><img src="/CAF/images/CAF-flow.png" class="img-fluid w-100 mt-3" alt="..."></a>
<p class="mt-3">Results can be documented in tool #2.</p>
<p class="text-info poppins-bold mb-0 mt-3">Who needs to be involved?</p>
<ul class="mt-0" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">
<li>Security or IT engineer</li>
<li>Each persona owner <span class="fs-6 text-grey">(i.e. the person or team responsible for using the persona)</span></li>
<li>CISO <span class="fs-6 text-grey">(optional)</span></li>
</ul>
</div>
</div>
</div>
</div>
<div class="modal fade" id="modal2" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" [attr.data-bs-theme]="isDarkMode ? 'dark' : 'light'">
<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable">
<div class="modal-content">
<div class="modal-header bgcolor-primary">
<h5 class="modal-title poppins-bold color-white" id="exampleModalLabel">#2 Policy Translator</h5>
<button type="button" class="btn-close color-white" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<p>The second step in building your access security is documenting what security actions can be applied to each persona.</p>
<p></p>
<div class="alert alert-light" role="alert">
The <span class="poppins-bold" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">primary goal</span> of this Conditional Access approach is to use a static set Conditional Access policies and only add/remove personas (=Entra groups) as needed.
</div>
<p class="text-info poppins-bold mb-0 mt-2">Where do I start?</p>
<p>Download the Excel template here:</p>
<a href="https://raw.githubusercontent.com/jasperbaes/jasperbaes.github.io/main/CAF/ConditionalAccessBlueprint-Template.xlsx" target="_blank" (click)="trackEvent('click_button_downloadTemplate')"><button type="button" class="btn btn-info text-white poppins-bold mb-3">Download template</button></a>
<a href="/CAF/images/template.png" target="_blank"><img src="/CAF/images/template.png" class="img-fluid w-100" alt="..."></a>
<p class="mt-3">In this template, fill in your listed personas horizontally in the prepared cells.</p>
<p>For each security action (listed vertically), mark whether the action can be applied on the specific persona. To correctly do this, use tool #1 Flow Diagram.</p>
<p>For each marking, the template has whitespace for a small note. In the end, this makes it easier to group personas in Conditional Access policies. This small note can contain e.g.:</p>
<ul>
<li>which Operating Systems should be blocked</li>
<li>the device Extention Attribute</li>
<li>the device property</li>
<li>IP (ranges)</li>
<li>the sign-in frequency</li>
<li>the action on a identity risk</li>
<li>...</li>
</ul>
<p class="text-info poppins-bold mb-0 mt-2">How will this help (re)creating my Conditional Access policies?</p>
<p>With all security restrictions filled in for each persona, the next step is to group them. This guides you into creating (or adjusting) your Conditional Access policies. For each security restriction, you can <b><u>horizontally see which personas should be included in the policy that enforces this security action</u></b>.</p>
<a href="/CAF/images/template-arrows.png" target="_blank"><img src="/CAF/images/template-arrows.png" class="img-fluid w-100 mb-2" alt="..."></a>
<p>The goal is to create Conditional Access policies once and then simply add or remove personas (Entra groups) as needed.</p>
<p>Next, create or adjust your Conditional Access policies in report-only mode. Do this based on the different security restrictions in the template. For example:</p>
<table class="table">
<thead>
<tr>
<th scope="col">CA Policy</th>
<th scope="col">Included personas</th>
<th scope="col">Excluded personas</th>
</tr>
</thead>
<tbody>
<tr>
<td>CA001 – All Apps: Full block</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA002 – All Apps: Block legacy authentication</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA003 – All Apps: Block device code authentication</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA004 – All Apps: Require MFA</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA005 – All Apps: Require passwordless MFA</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA006 – All Apps: Require phishing-resistant MFA</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA007 – All Apps: Require phishing-resistant MFA with Authentication Context</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA008 – All Apps: Sign-in frequency 60 days</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA009 – All Apps: Sign-in frequency 14 days</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA010 – All Apps: Sign-in frequency 10 hours</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA011 – All Apps: Block on High sign-in risk</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA012 – All Apps: Block on High user risk</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA013 – All Apps: Require Password Reset on High user risk</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA014 – All Apps: Require MFA on high Service Principal risk</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA015 – All Apps: Require MFA on Elevated insider risk</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA016 – All Apps: Require TAP on MFA registration</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA017 – All Apps: Require MFA on device registration or join</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA100 – All Apps: Require compliant device</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA101 – All Apps: Require corporate-owned devices</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA102 – All Apps: Allow deviceID for AD Sync accounts</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA103 – All Apps: Block unknown Operating Systems</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA104 – All Apps: Block all devices except Extension Attribute ‘MeetingRoomDevices’</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA105 – All Apps: Only allow manufacturer X</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA106 – All Apps: Block old Windows versions</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA107 – All Apps: Require App Protection Policies (Android + iOS)</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA108 – All Apps: Block Android and iOS</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA200 – Azure: Block untrusted IP ranges</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA201 – All Apps: Block all locations except USA and Europe</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA202 – Azure: Block access outside serverroom</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA203 – Azure: Block outside VPN IP address</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA204 – All Apps: Require trusted location on MFA registration</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA205 – Azure: Block access from desktop apps</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA206 – Block downloads</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>CA207 – All Apps: Token Protection (preview)</td>
<td>...</td>
<td>...</td>
</tr>
<tr>
<td>...</td>
<td>...</td>
<td>...</td>
</tr>
</tbody>
</table>
<p>By just <span class="poppins-bold" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">adding or excluding personas</span> to these Conditional Access policies, your organization will have a strong, clear and well-documented access security setup. A setup based on your organization's personas and organization's use cases.</p>
<div class="alert alert-light" role="alert">
Do you need help with creating the Conditional Access policies? Check out the <a href="https://www.joeyverlinden.com/conditional-access-framework-4/" class="alert-link">Conditional Access Framework</a> by Joey Verlinden and the <a href="https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-framework" class="alert-link">Conditional Access Framework</a> by Claus Jespersen. They take a different approach.
</div>
<p>And here, you’ll need to make a decision: do you prefer a higher level of security and being able to customize more with better exclusion catches, <b><u>or</u></b> is having a less complex access setup a higher priority. The answer to this question depends on different factors like the type of organization, core business, the IT team, mentality and so on. It is not a binary decision but rather a balance you need to find.</p>
<a href="/CAF/images/balance-scale.png" target="_blank"><img src="/CAF/images/balance-scale.png" class="img-fluid w-75 mb-2" alt="..."></a>
<p class="text-info poppins-bold mb-0 mt-2">Who needs to be involved?</p>
<ul class="mt-0" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">
<li>Security or IT engineer</li>
<li>Each persona owner <span class="fs-6 text-grey">(for validation)</span></li>
<li>CISO <span class="fs-6 text-grey">(for final approval)</span></li>
</ul>
</div>
</div>
</div>
</div>
<div class="modal fade" id="modal3" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" [attr.data-bs-theme]="isDarkMode ? 'dark' : 'light'">
<div class="modal-dialog modal-xl modal-dialog-centered modal-dialog-scrollable">
<div class="modal-content">
<div class="modal-header bgcolor-primary">
<h5 class="modal-title poppins-bold color-white" id="exampleModalLabel">#3 Conditional Access Impact Matrix</h5>
<button type="button" class="btn-close color-white" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<p>Now that you have a strong Conditional Access setup, verifying is vital.</p>
<p>This tool solves 2 problems:</p>
<ul>
<li>What CA policies are applied to who (and are there conflicts)? <u>(deliverable 1)</u></li>
<li>What is the user impact of recent CA changes? <u>(deliverable 2)</u></li>
</ul>
<a href="https://github.com/jasperbaes/Conditional-Access-Matrix" target="_blank" (click)="trackEvent('click_button_openScript')"><button type="button" class="btn btn-info text-white poppins-bold mt-2">Open script (Github)</button></a>
<div class="row gx-3 mt-3 px-3">
<div class="col-12 col-sm-5 p-3 border-radius mt-3 me-3 text-center rounded" [ngClass]="{'bg-black': isDarkMode, 'bg-grey': !isDarkMode}" style="height: 100%;">
<p class="poppins-bold">Deliverable 1: Matrix</p>
<a href="/CAF/images/matrix.png" target="_blank"><img src="/CAF/images/matrix.png" class="img-fluid w-100 my-3 border" alt="..."></a>
<p>This Excel report allows to quickly filter and review the user accounts that are included or excluded from each of your Conditional Access policies.</p>
</div>
<div class="col-12 col-sm-6 p-3 border-radius mt-3 text-center rounded" [ngClass]="{'bg-black': isDarkMode, 'bg-grey': !isDarkMode}" style="height: 100%;">
<p class="poppins-bold">Deliverable 2: Impact</p>
<a href="/CAF/images/impact.png" target="_blank"><img src="/CAF/images/impact.png" class="img-fluid w-100 my-3 border" alt="..."></a>
<p>This web report allow you to review the effects of your recent CA changes on users.</p>
</div>
</div>
<a href="https://github.com/jasperbaes/Conditional-Access-Matrix" target="_blank" (click)="trackEvent('click_button_openScript')"><button type="button" class="btn btn-info text-white poppins-bold my-3">Open script (Github)</button></a>
<p class="text-info poppins-bold mb-0 mt-2">Deliverable 1: Matrix</p>
<p>Besides having these insights, periodic reviews or answering questions about access becomes much easier. Example questions you need (to have) answers on:</p>
<ul>
<li>What user accounts are excluded from MFA?</li>
<li>What service accounts can only access our environment from IP XXX.XXX.XXX.XXX?</li>
<li>What user accounts are not blocked from accessing Azure Management applications?</li>
<li>What users can use old legacy authentication methods?</li>
<li>...</li>
</ul>
<p class="text-info poppins-bold mb-0 mt-2">Deliverable 2: Impact</p>
<p>When specifying a previously generated report while calling the script, it calculates the impact of changes made in CA on users. These changes can result from group membership modifications, direct assignments, or deletions. Often, other admins are unaware of which groups are used in Conditional Access.</p>
<p class="text-info poppins-bold mb-0 mt-2">Screenshot(s)</p>
<a href="/CAF/images/terminal.png" target="_blank"><img src="/CAF/images/terminal.png" class="img-fluid w-100 mt-3 border" alt="..."></a>
<p class="text-info poppins-bold mb-0 mt-2">Who needs to be involved?</p>
<ul class="mt-0" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">
<li>Security or IT engineer</li>
<li>CISO <span class="fs-6 text-grey">(optional)</span></li>
</ul>
</div>
</div>
</div>
</div>
<div class="modal fade" id="modal4" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" [attr.data-bs-theme]="isDarkMode ? 'dark' : 'light'">
<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable">
<div class="modal-content">
<div class="modal-header bgcolor-info">
<h5 class="modal-title poppins-bold color-white" id="exampleModalLabel">#4 Simulator</h5>
<button type="button" class="btn-close color-white" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<p>Finally, you should continiously verify both common and malicious access situations. Key here is <u>compliance</u>.</p>
<p class="text-info poppins-bold mb-0 mt-2">Tools to simulate access:</p>
<div class="row gx-3 mt-3 px-3">
<div class="col p-3 mb-3 border-radius me-3 text-center rounded" [ngClass]="{'bg-black': isDarkMode, 'bg-grey': !isDarkMode}" style="height: 100%;">
<p class="poppins-bold mb-0">Conditional Access Simulator</p>
<p class="small poppins-light mt-0">(made by me 😉)</p>
<p class="fs-6 mt-2" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">
The PoC was developed in February 2022 during my personal time, and the tool itself was further developed during work hours for my employer Toreon. Although it is currently <span class="text-decoration-underline">closed-source and only available with consulting support</span>, I would have preferred to make it open source as well.
</p>
<a href="https://security.toreon.com" target="_blank" (click)="trackEvent('click_button_openCASimulator')">
<button type="button" class="btn btn-info text-white poppins-bold mb-3">More info</button>
</a>
</div>
<div class="col d-flex flex-column justify-content-between">
<div class="p-3 border-radius mb-3 text-center rounded" [ngClass]="{'bg-black': isDarkMode, 'bg-grey': !isDarkMode}">
<p class="poppins-bold">🔥 Maester</p>
<p class="fs-6 mt-2" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">
In 2024, a good-looking and open-source PowerShell test automation tool was developed providing similar functionality.
</p>
<a href="https://maester.dev" target="_blank" (click)="trackEvent('click_button_maester')">
<button type="button" class="btn btn-info text-white poppins-bold mb-3">More info</button>
</a>
</div>
<div class="p-3 border-radius text-center rounded" [ngClass]="{'bg-black': isDarkMode, 'bg-grey': !isDarkMode}">
<p class="poppins-bold">What If</p>
<p class="fs-6 mt-2" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">
The built-in simulator in Conditional Access will get you started. Results are not compliance-based and simulations can't be saved.
</p>
</div>
</div>
</div>
<p class="text-info poppins-bold mb-0 mt-2">The need for a Breach and Attack Simulator (BAS)</p>
<p>Conditional Access is one of the most important security components of Entra, but complicated to setup and maintain. It can contain many policies, which can add up or exclude eachother. Also, misconfigurations happen often resulting in security gaps or incidents. Your access setup is partly a translation of the policies business has defined. So you should just be (continuously) checking if your Conditional Access setup meets these business defined policies. </p>
<p>The easiest way to do this is with compliance. For each simulation you define what the expected outcome is (e.g. MFA, company device, password reset, block, ...). If the simulation matches the expected actions, you're good. If not, you have a misconfiguration or wrong configured Conditional Access policy.</p>
<p>You should only create simulations for user accounts you specifically want to test, or a random user from a persona.</p>
<p class="text-info poppins-bold mb-0 mt-2">Screenshot(s)</p>
<p class="mb-0 mt-3">Define simulations:</p>
<a href="/CAF/images/simlator-2.png" target="_blank"><img src="/CAF/images/simulator-2.png" class="img-fluid w-100 mt-1 border" alt="..."></a>
<p class="mb-0 mt-3">Simulation results:</p>
<a href="/CAF/images/simlator-1.png" target="_blank"><img src="/CAF/images/simulator-1.png" class="img-fluid w-100 mt-1 border" alt="..."></a>
<p class="mb-0 mt-3">Best practices:</p>
<a href="/CAF/images/simlator-3.png" target="_blank"><img src="/CAF/images/simulator-3.png" class="img-fluid w-100 mt-1 border" alt="..."></a>
<p class="mb-0 mt-3">Maester example:</p>
<a href="/CAF/images/maester-example.png" target="_blank"><img src="/CAF/images/maester-example.png" class="img-fluid w-100 mt-1 border" alt="..."></a>
<p class="text-info poppins-bold mb-0 mt-2">Who needs to be involved?</p>
<ul class="mt-0" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}">
<li>Security or IT engineer</li>
<li>CISO</li>
</ul>
</div>
</div>
</div>
</div>
<div class="modal fade" id="support" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true" [attr.data-bs-theme]="isDarkMode ? 'dark' : 'light'">
<div class="modal-dialog modal-lg modal-dialog-centered modal-dialog-scrollable">
<div class="modal-content">
<div class="modal-header bgcolor-info">
<h5 class="modal-title poppins-bold color-white" id="exampleModalLabel">How can you make a difference?</h5>
<button type="button" class="btn-close color-white" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<p>The sole purpose of the Conditional Access Blueprint is to guide you towards a more secure access configurations. Here's how you can contribute to that mission:</p>
<ul>
<li class="text-info poppins-bold mb-0 mt-2">Use it: <span class="poppins-regular" [ngClass]="{'text-light': isDarkMode, 'text-dark': !isDarkMode}">Use the tools and other referenced tools! That's why they were build. Use it in your own organization, or use it with your clients.</span></li>
<li class="text-info poppins-bold mb-0 mt-2">Talk about it: <span class="poppins-regular" [ngClass]="{'text-light': isDarkMode, 'text-dark': !isDarkMode}">Engage in discussions about this, or invite me to spreak about the framework.</span></li>
<li class="text-info poppins-bold mb-0 mt-2">Feedback or share ideas: <span class="poppins-regular" [ngClass]="{'text-light': isDarkMode, 'text-dark': !isDarkMode}">Have ideas or suggestions to improve this framework? Message me on <a class="poppins-bold" [ngClass]="{'text-light': isDarkMode, 'text-secondary': !isDarkMode}" href="https://www.linkedin.com/in/jasper-baes" target="_blank" (click)="trackEvent('click_CAF_LinkedIn')">LinkedIn</a> (Jasper Baes)</span></li>
<li class="text-info poppins-bold mb-0 mt-2">Contribute: <span class="poppins-regular" [ngClass]="{'text-light': isDarkMode, 'text-dark': !isDarkMode}">Join efforts to improve the quality, code and usability of the Conditional Access Blueprint.</span></li>
<li class="text-info poppins-bold mb-0 mt-2">Donate: <span class="poppins-regular" [ngClass]="{'text-light': isDarkMode, 'text-dark': !isDarkMode}">Consider supporting financially to cover costs (domain name, hosting, development costs, time, production costs, professional travel, ...) or future investments: donate on</span>
<div class="mt-2">
<a class="poppins-bold" href="https://www.buymeacoffee.com/jasperbaes" target="_blank" (click)="trackEvent('click_button_buyMeACoffee')"><button type="button" class="btn btn-info text-white poppins-bold mb-3">☕ Buy Me A Coffee</button></a>
</div>
</li>
</ul>
<p class="small text-grey">The Conditional Access Blueprint was developed entirely on my own time, without any support or involvement from any organization or employer. For tool 4, a free alternative is available.</p>
<hr class="mt-3 mb-3 w-100"/>
<p class="small text-grey">Please be aware that the Conditional Access Blueprint is intended solely for individual administrators' personal use. It is not licensed for use by organizations seeking financial gain. This restriction is in place to ensure the responsible and fair use of the tools. Admins are encouraged to leverage this code to enhance their own understanding and management within their respective environments, but any commercial or organizational profit-driven usage is strictly prohibited.</p>
<p class="small text-grey">Thank you for respecting these usage terms and contributing to a fair and ethical software community. </p>
</div>
</div>
</div>
</div> -->
<script src="polyfills-FFHMD2TL.js" type="module"></script><script src="main-3MPHCQ5Y.js" type="module"></script>
<script id="ng-state" type="application/json">{"__nghData__":[{},{"c":{"0":[{"i":"c864111055","r":1}]}}]}</script></body></html>