So excited for this change 🥳 If you don't have a HSM or vTPM for your Entra Connect server, you should try to get that set up before this is related I created a helper script for scenarios without those but will need to test once officially released :p learn.microsoft.com/en-us/entra/fu…

Microsoft have issued a 'consider disabling this service' recommendation which affects Active Directory: "We're advising all enterprise customers who have deployed Windows Server OS (Windows Server 2016, Windows Server 2019, Windows Server 2022, and all intermediate releases

Check out this new browser extension > ourcloudnetwork.com/export-conditi…. Conveniently 𝐂𝐨𝐩𝐲 or 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 any Conditional Access policy to JSON! ⭐ If you have ever needed to backup, recreate or document a Conditional Access policy, the first step is usually to programmatically

It's here! Modern auth for Entra Connect Sync is now available 🚀 This finally moves from user/pass to auth with Entra to using a Service Principle with a certificate. Another benefit is misconfigs in CA policies will no longer break syncing :) Docs: learn.microsoft.com/en-us/entra/id…

I really like getting alerts before something goes wrong in Intune. When a certificate is about to expire, when devices start going out of compliance, or when apps fail to install across many devices. It saves time and it means I can enjoy my coffee instead of clicking through

We just launched a new webinar series at Patch My PC : Patch-n-Rant In this series, I walk through how I troubleshoot weird Intune issues and the tools I actually use to do so! Episode 1 is all about #Fiddler – What Fiddler is, and when to use it – Capturing Intune traffic –

I kept meaning to write an article for this, decided to record a quick video instead 🎥 TL;DW - Create an auth context, target the auth context in a CA policy (SIF Every time, other conditions), select auth context in PIM role settings Thanks Stephan G for the reminder :)

Last two weeks I talked about BYO Identity Providers in Entra ID and backdoors to External Auth Methods to bypass MFA. Only possible because MSFT doesn't implement the mandatory OIDC security measures. Slides with optional dark mode on: dirkjanm.io/talks/

Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: msft.it/6015sE1p5

Seamless SSO is a security risk, and many orgs enabeld it without knowing and are now stuck wondering what might break if they turn it off... Since Microsoft provides no help identifying actual usage, I did some research so you can safely turn it off :) nathanmcnulty.com/blog/2025/08/f…

Awesome idea from Robbe Van den Daele to use Defender for Identity's telemetry :) I've added his content to a new section on my blog article (with his permission of course!): nathanmcnulty.com/blog/2025/08/f… We may also see some official docs for discovering SSSO usage in the future 🥳

Everyone who works in Microsoft Cloud, download this roadmap. Thank Merill Fernando and many others at Microsoft when you get a chance. This is the best work Microsoft has done for security, in my humble opinion. I used to be in the "Zero Trust is just an idea" camp. Microsoft has

When “Block All” in Conditional Access blocks too much… 🔒 Until recently, guest users couldn’t change their MFA methods when you blocked all cloud apps. The My Sign-ins app is now selectable in Conditional Access 🎉 Finally possible: ✅ Limit guests to M365 resources ✅ Keep

Today I learned: Using diskshadow to fetch the NTDS.dit. As mentioned several times, I love reading the HTB writeups from 0xdf because I always learn something new. Like here [1]: "To dump the domain hashes, I’ll want to get the C:\Windows\NTDS.dit file. Unfortunately, this file

Here's an interesting approach for dynamic Conditional Access policies, based on custom security attributes. janbakker.tech/dynamic-condit…

👋 Entra Exporter v3.0 is now out folks! Amazing effort from Andrew for 🚀 Blazingly fast export 🌀 Azure IAM support and more Many thanks to our other contributors including Sam Erde, LitoMore, JayDoubleu and JulianSteiman Check it out at aka.ms/entraexporter

Get ready, folks. 🌟 You’re about to witness ONE. BIG. BEAUTIFUL. ABSURDLY. EPIC. THREAD. 🧵🔥 Some say this might be the MOST EPIC and MOST RIDICULOUSLY LONG identity thread ever written 📗 Bookmark this Honestly… the cover image alone deserves a like + retweet DO IT 😂

🥷Microsoft Incident Response Ninja Hub (Updated 28 Dec 2025) 🛡️ Dive into: - Expert-led guides & best practices - Threat hunting & cloud forensics tips - Ransomware & APT case studies - One-page investigation playbooks - KQL techniques & recovery strategies

Just dropped a new EntraChat episode with Sean Metcalf from TrustedSec and honestly my brain is full 🤯 Sean has been doing Microsoft identity security since Azure AD was barely a thing and he still sees the same misconfigs in enterprise environments every. single. day. legacy

Did you know there are at least 6 ways to store data about users in Entra? 😅 Outside of normal user object attributes, directory extensions tend to be one of the best fits for most things, except for sensitive data - use custom security attributes ;) learn.microsoft.com/en-us/graph/ex…