Securing Microsoft Entra ID: Lessons from the Field – Part 1

This multipart blog series is focused on the real-world lessons learned while securing Microsoft Entra ID. Based on hands-on experience across various environments and organizations, we’ll explore the practical, high-impact strategies that work and more importantly, the common misconfigurations, overlooked settings, and pitfalls that can expose your identity perimeter. Throughout the series, we’ll cover both … Continue reading Securing Microsoft Entra ID: Lessons from the Field – Part 1 →

How to hunt & defend against Business Email Compromise (BEC)

Business email compromise (BEC) remains a commonly utilized tactic that serves as leverage for adversaries to gain access to user resources or company information. Depending on the end goals of the adversaries, and on the compromised user’s business role - the potential impact can vary from simply accessing sensitive information (e.g., from emails, files uploaded … Continue reading How to hunt & defend against Business Email Compromise (BEC) →

Emergency Accounts: Last Call!

Last call: Update your emergency accounts!

Update your emergency accounts before October 15th. Even if you have been out of office for the last couple of months, you should be aware that starting October 15th you will need to provide Multi Factor Authentication (MFA) to logon to Azure portal, Entra admin center and Intune admin center. This will be enforced to … Continue reading Emergency Accounts: Last Call! →

Validate your Windows Audit Policy Configuration with KQL

We provide a KQL query that will help you validate your defined Windows audit security policy configuration. Defining a Windows audit policy is an important step in establishing a robust security posture. Ensuring that the audit policy is applied consistently across your environment is just as important as defining that policy and quality controls should be in place.

Top things that you might not be doing (yet) in Entra Conditional Access – Advanced Edition

Top things you might not be doing (yet) in Entra ID Conditional Access - Advanced Edition

Introduction In the first post of the top things that you might not be doing (yet) in Entra Conditional Access, we focused on basic but essential security controls that I recommend you checking out if you do not have them implemented already. In this second part, we'll go over more advanced security controls within Conditional … Continue reading Top things that you might not be doing (yet) in Entra Conditional Access – Advanced Edition →

Top things that you might not be doing (yet) in Entra Conditional Access

Top things you might not be doing (yet) in Entra Conditional Access

Introduction In this blog post, I focus on the top things that you might not be doing (yet) in Entra Conditional Access. It is not an exhaustive list, but it is based on my experience assessing many different Entra ID, formerly Azure AD, environments as a consultant at NVISO Security. The following points are, in … Continue reading Top things that you might not be doing (yet) in Entra Conditional Access →