Have you checked out this week's Entra newsletter?
Get the latest at https://entra.news
Have you checked out this week's Entra newsletter?
Get the latest at https://entra.news
Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
Diese gefährlichen Defaults in Microsofts Entra ID sollte jeder Admin kennen, verstehen und vielleicht dann auch ändern. Das kompakte Webinar hilft dabei.
Microsoft Entra ID Lockouts After MACE App Flags Legit Users – Source:hackread.com https://ciso2ciso.com/microsoft-entra-id-lockouts-after-mace-app-flags-legit-users-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Microsoft #Hackread #security #EntraID #MACE
How is everybody monitoring Apps and secrets in Entra ID? 3rd party tool? MS Graph?
We use cloud only admin accounts that don't have email so we don't get email alerts for secrets expiring etc.
Also, apps that aren't used anymore.
Das heise security Webinar: Gefährliche Voreinstellungen der Microsoft-Cloud
Microsoft Entra ID kommt mit gefährlichen Defaults. Wir zeigen, wo man unbedingt nachbessern muss. Und bis Mittwoch gibts das Webinar noch 20 Prozent reduziert.
Anyone know how to find log entries for successful Entra ID Seamless SSO logins? I want to turn off this configuration and need to validate what, if anything, is using this authentication method. Microsoft’s documentation is lacking in this area.
It’s great to see @merill has launched his #podcast! It’s been fun listening to!
If you work in #entraid , or just like hearing about #iam - give it a listen.
https://podcasts.apple.com/gb/podcast/entra-chat/id1801200012
Just spent like 3 days trying to figure out another Azure Tenants Intune rbac roles not applying... it was caused by the intune license group being nested under another group. Nested groups are a wonderful concept but the amount of times they have been the root of random issues is very high. #azure #intune #entraID
Really interesting article on this ransomware operators tactics, this part especially so:
“Early Warnings Suggest Entra Connect Is Next Target”
I think it’s worth your time to harden your Microsoft #EntraID Connect (formerly Azure AD Sync) configuration as this is not the first article I’ve seen noting attackers targeting your IAM infrastructure. #cybersecurity
From: @nopatience
https://swecyb.com/@nopatience/114023912775060407
At this point, most organizations don’t need the old Azure AD Seamless SSO configuration as they use the more modern Entra ID Native or Hybrid join features. AFAIK the Seamless SSO feature was used to support Windows 8 and 2012 systems. If you don’t have any of those, you should be ok to disable this vulnerable feature. Here’s some documentation on how to do so:
#cybersecurity #EntraID #microsoft
From: @r1cksec
https://infosec.exchange/@r1cksec/114019481650636237
If you are into #entraID and #iam - i highly recommend the https://entra.news/ #newsletter
@merill and Joshua do an amazing job at getting the latest news, tips, podcasts and content together in an easy to read and follow format.
Maester Framework Continues to Prosper
The Maester project continues to prosper with a bunch of new features added, including several in the DevOps space. Maester usually tests tenant settings to find and highlight misconfigurations or potential issues. Some new custom tests look for missing user account properties, which is great except for the problem of finding the right accounts to check. All discussed here.
https://office365itpros.com/2025/02/07/maester-progress/
#Microsoft365 #EntraID
Was poking around in Microsoft #EntraID today and looking at the Secure Score for Identity. Good recommendations there—check it out!
I also saw a notice on the page to check out the “new Secure Score experience” so I did. It’s terrible. Why does Microsoft insist on downgrading their UI when they “improve” things? The new experience doesn’t allow you add or remove columns in the recommendations. It also doesn’t allow you to sort columns. These features are valuable and were available in the “old” experience.
Also, I noticed that the score was different depending on whether I was in the new or old experience — with no explanation for the difference in the Entra portal.
#cybersecurity
@merill Thank you for posting this to Mastodon. Appreciate you Merill! #microsoft #mfa #microsoft365 #admin #entraid
Neat way to prevent logins and any other potential badness from Tor using a Conditional Access Policy and a named location
#cybersecurity #microsoft #EntraID
https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips
When using #microsoft #EntraID for your Identity Platform (IdP) you have many options to improve your #cybersecurity by using Conditional Access policies. Here’s a good one to prevent logins from the Tor network
“Using Conditional Access Policies to Block Tor Exit Nodes in Entra ID”
https://www.lab539.com/blog/conditional-access-policy-to-block-tor-ips
These are great changes to the Microsoft Entra #Passkey registration process. This was the hardest part of the entire MFA process from my point of view.
From: @merill
https://infosec.exchange/@merill/113351953701422591
Attn Microsoft 365 & Entra ID admins:
Entra ID Connect Sync service needs to be upgraded to the minimum req'd version of 2.3.2 by Sept 23rd, 2024 to avoid disruption to auto-upgrade & alerting functionality.
Yes, in 2 weeks. Final warning.
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/security-updates-pks
Have you disabled SSPR for admin accounts after moving to phish resistant auth?
Did you know that you can use Maester to monitor this SSPR setting & ensure it never changes?
Asses and monitor a + other settings with Maester today!
For more info see https://maester.dev/docs/tests/EIDSCA.AP01/