Protect your multi-tenant applications from being hijacked by admins in the customer tenant

In this article, we demonstrate a somewhat convoluted method used by bad actors to obtain persistence and execute operations in the context of Entra ID multi-tenant applications, as well as the steps Microsoft is taking to address the issue. As the solution only covers part of the story, a follow up article and a PowerShell script will be needed to address it. …

Continue readingProtect your multi-tenant applications from being hijacked by admins in the customer tenant

Non-existent users show up in SignInActivity data (or how logs continue to disappoint)

Spotting some strange entries in the output of a Graph SDK cmdlet leads us down the rabbit hole of troubleshooting “missing” GUIDs in Entra ID. Or how SignInActivity data for users’ access to other tenants is collected …

Continue readingNon-existent users show up in SignInActivity data (or how logs continue to disappoint)

Scoping conditional access policies to “tagged” applications

Microsoft has been gradually expanding the reach of its Conditional Access feature, while at the same time also releasing a bunch of controls that allow us to more granularly scope CA policies. Examples in this area include not just the ability to scope policies to a subset of the objects …

Continue readingScoping conditional access policies to “tagged” applications

Using the Graph API to Export eDiscovery (Premium) datasets

Microsoft has steadily been adding Graph API endpoints to cover eDiscovery scenarios, albeit only targeting the “Premium” experience. Just recently, the Export operation become available, bringing full coverage for (Premium) eDiscovery operations. Among other things, eDiscovery export is still being leveraged as one of the few ways to get data …

Continue readingUsing the Graph API to Export eDiscovery (Premium) datasets