All about Microsoft 365
In this article, we demonstrate a somewhat convoluted method used by bad actors to obtain persistence and execute operations in the context of Entra ID multi-tenant applications, as well as the steps Microsoft is taking to address the issue. As the solution only covers part of the story, a follow up article and a PowerShell script will be needed to address it. …
Spotting some strange entries in the output of a Graph SDK cmdlet leads us down the rabbit hole of troubleshooting “missing” GUIDs in Entra ID. Or how SignInActivity data for users’ access to other tenants is collected …
Microsoft has been gradually expanding the reach of its Conditional Access feature, while at the same time also releasing a bunch of controls that allow us to more granularly scope CA policies. Examples in this area include not just the ability to scope policies to a subset of the objects …
Continue readingScoping conditional access policies to “tagged” applications
In this article we will explore an easy to use method which allowed anyone with sufficient permissions to execute Exchange Online cmdlets without leaving an audit trail. In a nutshell, the issue revolves around how Exchange handles incorrect values for the mailbox anchor, and is supplemented by poor practices within the dual-write method… …
As Microsoft continues to expand the functionality of the Graph API, it’s time for another look at some recently released endpoints. In this article, we will examine a set of new “admin” endpoints, as well as few interesting additions on Azure AD’s side of things. Most of these are quite …