Passkeys in Entra ID is currently in public preview. Per-Torben wrote a post about it just over a month ago, which you can read here, and he thought it is time to go through what’s happened with passkeys since then. Passkeys are still in public preview and I expect more changes will come soon, but […]

Conditional Access – Summaries, Insight, Security & Monitoring (CA-SISM) The Conditional Access – Summaries, Insight, Security & Monitoring (CA-SISM) Workbook serves as a robust tool tailored for administrators aiming to gain comprehensive insights into their organization’s conditional access policies. Here are the key features offered by this workbook: Dynamic Reporting: Stay updated with real-time reporting […]

It is currently completely using the undocumented MS Teams API (api.spaces.skype.com), making it possible to obtain an access token for it using a Family of Client IDs (FOCI) refresh token. This is something that is not possible using the documented MS Graph API since there is no way to obtain an access token with the […]

In a typical enterprise environment, numerous solutions and tools protect the digital landscape. Different tools check emails for phishing attempts, secure infrastructure, and the cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each of these tools is valuable on its own, each just tells one part of a […]

In 2019, I delved deeper into Microsoft Security, encountering the Cloud Access Security Broker (CASB) known as Microsoft Cloud App Security (MCAS), which was later rebranded to Microsoft Defender for Cloud Apps. Initially, all the features were daunting, but over time, we achieved a functional synergy. My only challenge was the proxy, which often led […]

This week is kind of a follow up on peter’s post of a couple of weeks ago about why enrolling personal Windows devices might be a really bad idea. That post was focussed on advising against allowing enrolling personal Windows devices into Microsoft Intune (or any other MDM provider). The logic follow up question would […]

Let’s suppose that you have a list of Indicator’s of Compromise such as IPv4 being updated on a weekly basis on a publicly accessible URL or this URL could also be used by your team to push the indicators of compromise into Azure Sentinel. Aniket will detail the steps that are used to ingest these […]

There’s a WSC (Windows Security Center) service in Windows which is used by antiviruses to let Windows know that there’s some other antivirus in the hood and it should disable Windows Defender. This WSC API is undocumented and furthermore requires people to sign an NDA with Microsoft to get its documentation, so decided to take […]

Temporary Access Passes are a method for Microsoft Entra ID (formerly Azure AD) administrators to configure a temporary password for user accounts, which will also satisfy Multi Factor Authentication controls. They can be a useful tool in setting up passwordless authentication methods such as FIDO keys and Windows Hello. In this blog, we take a […]

You’ve most likely heard about passkeys, but have you seen this screenshot before? We hope to see it in Entra ID at some point. Eliminating data fields for storing password strings must be more secure than merely preventing the use of a password with Conditional Access if we are true to Zero Trust.

In today’s increasingly online and hybrid work environment, facilitating seamless work from any location and device is crucial, especially with the growing necessity to share data externally for enhanced collaboration. On the other hand, protecting your organization’s data and resources remains important. Additionally, the rising reliance on web browsers for enterprise tasks introduces new security […]

April 1, 2024, seen the release of Microsoft Copilot for Security to general availability (GA). It is a generative AI solution integrating with Defender XDR, Entra, Purview, and Intune. Just over a month later, it’s time to write down some thoughts. In cybersecurity, we face the challenge of scarce resources — time, finances, attention, will […]

Entra offers an “Alert detail” view that monitors whether eligible administrators are activating their privileged roles. However, it lacks a built-in feature to measure the frequency of these activations. To overcome this, you can schedule the following KQL query to run every 30 days. This will generate a report detailing the activation history of eligible […]

Security operations center (SOC) teams actively look for opportunities to optimize both processes and outcomes. Every organization is unique, with its own security challenges. Teams must regularly adjust security controls to keep up with changing threat landscape and business priorities, while balancing investment (cost, SOC resources, time) and security coverage. Today, we’re happy to announce […]

In today’s threat landscape, the realm of cyberattacks is in a constant state of flux, evolving at an unprecedented pace. Attack vectors, methodologies, and vulnerabilities are continuously changing, presenting a formidable challenge to cybersecurity teams worldwide. To effectively combat this ever-changing landscape of attacks, security teams must equip themselves with tools that are innovating and […]

Microsoft Entra Verified ID is a decentralized identity solution that allows your users to easily verify their identity online. It can be used with online services and applications that need to verify the identity of your users before providing access, like HR or Helpdesk systems for example. Verified ID also allows you to securely onboard […]

Priva Privacy Risk Management helps you safeguard personal data in your Microsoft 365 environment. It automatically detects risks and guides users towards fixing them. Key benefits: – Find exposed data: Secure sensitive information by identifying data with overly broad access permissions. – Control data transfers: Monitor and limit transfers of personal data across departments, regions, […]

You probably already came across the challenge to make sure that administrators using a highly privileged administrative role in Entra ID or an Azure RBAC role which allows control over sensitive resources should be only allowed if administrators use a dedicated administrative workstation. At Microsoft we call those devices Privileged Access Workstations (PAW). PAWs are […]

In recent years, enterprises attack surface has exploded in volume and diversification. Security teams are struggling to keep pace with the technological advancements and changes occurring daily. New technologies, emerging work trends (such as remote work and distributed teams), expansion of the supply chain, cloud adoption, and more have led to an exponential growth in […]

Last November, Microsoft has launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to rapidly evolve, and we have learned a lot. The recent […]

Coming soon for Microsoft Purview Data Loss Prevention (DLP): Enhance your DLP incident management with the new send email notification remediation action and customize email templates in Purview DLP and Defender. Use dynamic variables and tokens to easily create and maintain consistent and efficient email communications, complete with an audit trail.

At the beginning of April (2024) Microsoft announced the general availability of the Microsoft Graph activity logs. The logs can be forwarded using the Azure Diagnostics settings in Entra ID, which will in most cases result in a populated MicrosoftGraphActivityLogs table in your log analytics workspace. This blog discusses the following topics: – Microsoft Graph […]