Have you checked out this week's Entra newsletter?
Get the latest at https://entra.news
Recent searches
Search options
#entraid
0 posts0 participants0 posts today
Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
Diese gefährlichen Defaults in Microsofts Entra ID sollte jeder Admin kennen, verstehen und vielleicht dann auch ändern. Das kompakte Webinar hilft dabei.
heise online · Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
Microsoft Entra ID Lockouts After MACE App Flags Legit Users – Source:hackread.com https://ciso2ciso.com/microsoft-entra-id-lockouts-after-mace-app-flags-legit-users-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Microsoft #Hackread #security #EntraID #MACE
CISO2CISO.COM & CYBER SECURITY GROUP · Microsoft Entra ID Lockouts After MACE App Flags Legit Users – Source:hackread.comSource: hackread.com - Author: Deeba Ahmed. Was your Microsoft Entra ID account locked? Find out about the recent widespread lockouts caused by the new
How is everybody monitoring Apps and secrets in Entra ID? 3rd party tool? MS Graph?
We use cloud only admin accounts that don't have email so we don't get email alerts for secrets expiring etc.
Also, apps that aren't used anymore.
Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
Microsoft Entra ID kommt mit gefährlichen Defaults. Wir zeigen, wo man unbedingt nachbessern muss. Und bis Mittwoch gibts das Webinar noch 20 Prozent reduziert.
heise online · Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
Anyone know how to find log entries for successful Entra ID Seamless SSO logins? I want to turn off this configuration and need to validate what, if anything, is using this authentication method. Microsoft’s documentation is lacking in this area.
It’s great to see @merill has launched his #podcast! It’s been fun listening to!
If you work in #entraid , or just like hearing about #iam - give it a listen.
https://podcasts.apple.com/gb/podcast/entra-chat/id1801200012
Apple PodcastsEntra.ChatTechnology Podcast · Updated weekly · Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been…
Just spent like 3 days trying to figure out another Azure Tenants Intune rbac roles not applying... it was caused by the intune license group being nested under another group. Nested groups are a wonderful concept but the amount of times they have been the root of random issues is very high. #azure #intune #entraID
Really interesting article on this ransomware operators tactics, this part especially so:
“Early Warnings Suggest Entra Connect Is Next Target”
I think it’s worth your time to harden your Microsoft #EntraID Connect (formerly Azure AD Sync) configuration as this is not the first article I’ve seen noting attackers targeting your IAM infrastructure. #cybersecurity
From: @nopatience
https://swecyb.com/@nopatience/114023912775060407
Swedish Cyber Security CommunityChristoffer S. (@nopatience@swecyb.com)ReliaQuest Inside the World’s Fastest Rising Ransomware Operator - BlackLock https://www.reliaquest.com/blog/threat-spotlight-inside-the-worlds-fastest-rising-ransomware-operator-blacklock/
Somewhat of a deep dive into a relatively new RaaS (BlackLock), a very active group both on RAMP and with adding new victims to their leaksite. Employing significant amount of techniques to prevent analysis (also on their leaksite(!).
#Ransomware #CyberSecurity #ThreatIntel #BlackLock #ScreamingGoat
At this point, most organizations don’t need the old Azure AD Seamless SSO configuration as they use the more modern Entra ID Native or Hybrid join features. AFAIK the Seamless SSO feature was used to support Windows 8 and 2012 systems. If you don’t have any of those, you should be ok to disable this vulnerable feature. Here’s some documentation on how to do so:
#cybersecurity #EntraID #microsoft
From: @r1cksec
https://infosec.exchange/@r1cksec/114019481650636237
learn.microsoft.comTurning off Seamless single sign-on - AZUREADSSOACC - Seamless SSO object for Microsoft Entra Connect - Microsoft Q&AI need some help and guidance in Turning off Seamless single sign-on as we are already using Hybrid Azure AD / Entra ID with Password Hash Sync.
There is an AD object called AZUREADSSOACC - Seamless SSO object for Microsoft Entra Connect.
What will be…
If you are into #entraID and #iam - i highly recommend the https://entra.news/ #newsletter
@merill and Joshua do an amazing job at getting the latest news, tips, podcasts and content together in an easy to read and follow format.
entra.newsEntra.News - Your weekly dose of Microsoft Entra | Merill Fernando | SubstackEntra.News is the go-to newsletter for the latest updates & expert insights on Microsoft Entra. Curated from top sources like Microsoft & MVPs, it's trusted by IT Pros & enterprise security teams worldwide to stay ahead in identity & access management. Click to read Entra.News - Your weekly dose of Microsoft Entra, a Substack publication with tens of thousands of subscribers.
Maester Framework Continues to Prosper
The Maester project continues to prosper with a bunch of new features added, including several in the DevOps space. Maester usually tests tenant settings to find and highlight misconfigurations or potential issues. Some new custom tests look for missing user account properties, which is great except for the problem of finding the right accounts to check. All discussed here.
https://office365itpros.com/2025/02/07/maester-progress/
#Microsoft365 #EntraID
Office 365 for IT Pros · Maester Framework Continues to Prosper - Office 365 for IT ProsThe Maester project continues to prosper with a bunch of new features added, including several in the DevOps space. Testing user accounts might be too far.
Was poking around in Microsoft #EntraID today and looking at the Secure Score for Identity. Good recommendations there—check it out!
I also saw a notice on the page to check out the “new Secure Score experience” so I did. It’s terrible. Why does Microsoft insist on downgrading their UI when they “improve” things? The new experience doesn’t allow you add or remove columns in the recommendations. It also doesn’t allow you to sort columns. These features are valuable and were available in the “old” experience.
Also, I noticed that the score was different depending on whether I was in the new or old experience — with no explanation for the difference in the Entra portal.
#cybersecurity
@merill Thank you for posting this to Mastodon. Appreciate you Merill! #microsoft #mfa #microsoft365 #admin #entraid
Neat way to prevent logins and any other potential badness from Tor using a Conditional Access Policy and a named location
#cybersecurity #microsoft #EntraID
https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips
Lab539 - Tailored Cyber DefenceConditional Access Policies to Block Tor IPs — Lab539How to create a conditional access policy in Microsoft Entra ID that blocks logins from Tor exit node IP addresses.
When using #microsoft #EntraID for your Identity Platform (IdP) you have many options to improve your #cybersecurity by using Conditional Access policies. Here’s a good one to prevent logins from the Tor network
“Using Conditional Access Policies to Block Tor Exit Nodes in Entra ID”
https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips
Lab539 - Tailored Cyber DefenceConditional Access Policies to Block Tor IPs — Lab539How to create a conditional access policy in Microsoft Entra ID that blocks logins from Tor exit node IP addresses.
These are great changes to the Microsoft Entra #Passkey registration process. This was the hardest part of the entire MFA process from my point of view.
From: @merill
https://infosec.exchange/@merill/113351953701422591
Infosec ExchangeMerill Fernando :verified: :donor: (@merill@infosec.exchange)⚡ Check out this new Microsoft Entra blog post 👇
The latest enhancements in Microsoft Authenticator
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/the-latest-enhancements-in-microsoft-authenticator/ba-p/4078807
Pretty cool to see that ~45% of the domains we alert on with the @ThinkstCanary #EntraID #phishing #CanaryToken were issued their TLS certificates within a *day* of triggering an alert (median is 2 days, ~75% in under a week).
Come to my @hack_lu talk next week to learn more!
Come to my @hack_lu talk next week to learn more!
Attn Microsoft 365 & Entra ID admins:
Entra ID Connect Sync service needs to be upgraded to the minimum req'd version of 2.3.2 by Sept 23rd, 2024 to avoid disruption to auto-upgrade & alerting functionality.
Yes, in 2 weeks. Final warning.
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/security-updates-pks
learn.microsoft.comSecurity hardening to the autoupgrade process for Microsoft Entra Connect and Microsoft Entra Connect Health - Microsoft Entra IDThis article describes security improvements to improve autoupgrade.
Have you disabled SSPR for admin accounts after moving to phish resistant auth?
Did you know that you can use 
Maester to monitor this SSPR setting & ensure it never changes?
Asses and monitor a 
+ other settings with Maester today!
For more info see https://maester.dev/docs/tests/EIDSCA.AP01/
