Entra ID

Factors That Complicate Pricing When Using Microsoft Intune for Authentication

| | BYOD Security, Conditional Access, Entra ID, microsoft intune
Learn how BYOD policies complicate Microsoft Intune authentication pricing, including Entra ID, Conditional Access, and additional security costs ...
MojoAuth Blog - Passwordless Authentication & Identity Solutions
ImmutableID and hard matching - syncjacking

SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover

| | active directory security, Entra ID, Hybrid Identity Protection, Identity Threat Detection & Response, SyncJacking, Threat Research
Attackers with certain privileges can abuse Entra Connect hard matching synchronization to take over synchronized Entra ID accounts. The post SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover appeared first on ...
Semperis
Rethinking Microsoft Security: Why Identity is Your First Line of Defense 

Rethinking Microsoft Security: Why Identity is Your First Line of Defense 

| | active directory security, AD misconfigurations, Conditional Access, configuration drift, continuous monitoring, cyber resilience, endpoint compliance, Entra ID, Golden Ticket attacks, hybrid identity, identity governance, Identity Monitoring, identity resilience, Identity-First Security, Intune, Kerberoasting, Microsoft 365 security, Microsoft ecosystem, Microsoft Identity, OAuth consent phishing, OneDrive security, pass-the-hash, privilege abuse, Ransomware, recovery readiness, SharePoint security, Teams, Teams phishing, zero trust
Identity is the new security perimeter. Defend Microsoft Entra ID and Microsoft 365 from evolving identity-based cyberattacks ...
Security Boulevard
Update: Dumping Entra Connect Sync Credentials

Update: Dumping Entra Connect Sync Credentials

| | Active Directory, attack-path-management, azure, Entra ID, Red Team
Recently, Microsoft changed the way the Entra Connect Connect Sync agent authenticates to Entra ID. These changes affect attacker tradecraft, as we can no longer export the sync account credentials; however, attackers ...
Posts By SpecterOps Team Members - Medium
SPA is for Single-Page Abuse! - Using Single-Page Application Tokens to Enumerate Azure

SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure

| | azure, Cybersecurity, Entra ID, red-team-methodology
Author: Lance B. CainOverviewMicrosoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology ...
Posts By SpecterOps Team Members - Medium
A single, juicy raspberry on a plain, white background

Biden Review Board Gives Microsoft a Big, Fat Raspberry

| | Active Directory, Authentication, azure, Azure Active Directory, Azure AD, Azure security, cisa, CISA.gov, CSRB, Cyber Safety Review Board, Cybersecurity Infrastructure Security Administration, Entra ID, Exchange, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, Outlook.com, SB Blogwatch, Storm-0558
Storm-0558 forecast: Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says CISA ...
Security Boulevard
Satya Nadella and President Xi Jinping

‘China’ Azure Breach: MUCH Worse Than Microsoft Said

| | Active Directory, Authentication, azure, Azure Active Directory, Azure AD, Entra ID, Exchange, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, OpenID, Outlook.com, SB Blogwatch, Storm-0558, Wiz
Storm-0558 Breaks: Satya and Pooh, sitting in a tree, K.I.S.S.I.N.G ...
Security Boulevard