Skip to content

Security

Prevent AiTM with Microsoft Entra Global Secure Access and Conditional Access

Microsoft Entra Global Secure Access brings a new control to Conditional Access. By installing the Global Secure Access Client on (hybrid) Entra joined devices and enabling Global Secure Access signaling for Conditional Access, admins can now work with a new condition: All Compliant Network locations (Preview) That means we can add another layer to our tenant to prevent token theft and replay. Let’s have a first look. Prepare the lab The first step is to activate Global Secure Access in… 

Read More »Prevent AiTM with Microsoft Entra Global Secure Access and Conditional Access

Evilginx resources for Microsoft 365

Okay, let’s start with a disclaimer. This post is created for educational purposes and mainly focuses on red and blue teamers to protect their Microsoft 365 tenants. That being said, Evilginx can be used for all cloud services. Do not use Evilginx for nasty and illegal stuff. I won’t help to fix your Facebook, Instagram, and TikTok phishlets. Feel free to reach out for security tips on Microsoft 365 / Entra ID. This post will grow over time. If you… 

Read More »Evilginx resources for Microsoft 365

A love story about Role Based Access Control for Applications in Exchange Online, Managed Identities, Entra ID Admin Units, and Graph API

I’ve learned something new today. Hear me out. Up until now, sending emails using managed identities trough Graph API was a bit of a hassle. You needed to grant access using Graph API or Powershell first, but before you could do that, you needed to find the correct IDs for Graph API, the Managed Identity, and the permission itself. Lucky for us, Jan Vidar spoiled us with this nice blog post, which I used pretty often. Next, you would end… 

Read More »A love story about Role Based Access Control for Applications in Exchange Online, Managed Identities, Entra ID Admin Units, and Graph API

Prepare for passkeys in Entra ID!

Only a few months until Microsoft Entra ID will support device-bound passkeys stored on computers and mobile devices as an authentication method in preview, in addition to the existing support for FIDO2 security keys. This enables your users to perform phishing-resistant authentication using the devices that they already have.   What is a device-bound passkey? First, let’s zoom in a little on device-bound passkeys. This is a FIDO2 Discoverable Credential that is bound to a single authenticator. For example, FIDO2 security… 

Read More »Prepare for passkeys in Entra ID!

How to create a Temporary Access Pass using Logic Apps

Now that more and more organizations are moving towards passwordless, a Temporary Access Pass becomes indispensable for onboarding and recovery. Using Logic Apps (or Power Automate), organizations can automate and integrate the creation of Temporary Access Passes in their current IT processes. Logic Apps can be triggered from customer service tools like ServiceNow or TOPdesk, to start fully automated workflows. In this blog post, you will learn how to create a Temporary Access Pass in Entra ID using Logic Apps,… 

Read More »How to create a Temporary Access Pass using Logic Apps

Enforce FIDO2 PIN complexity with Microsoft Entra Conditional Access Authentication Strengths.

As you may or may not know, most FIDO2 security keys can be set up with easy PINs like 1111 or 123456. Just like passwords, users tend to come up with easy-to-remember PINs. Token2 recently announced their PIN+ series, a line of FIDO2 Security keys. These security keys feature advanced PIN complexity rules that set a new standard for security. PIN+ keys implement specific complexity rules for both numeric and alphanumeric PINs, which can be found here. With the use… 

Read More »Enforce FIDO2 PIN complexity with Microsoft Entra Conditional Access Authentication Strengths.

Manage user-preferred multi-factor authentication method in Microsoft Entra ID

This post is all about setting the preferred multi-factor authentication method using Graph API. We already know the system-preferred multi-factor authentication method, where Microsoft Entra ID will use the strongest method of all the registered methods, but this time we take a look a the default method set by the user. At the time of writing, the default method can only be set by using the new authentication sign-in preferences in Graph API; however, some of the API’s are already… 

Read More »Manage user-preferred multi-factor authentication method in Microsoft Entra ID

Running Evilginx 3.0 on Windows

In case you missed it: Evilginx 3 was recently launched to the public. This release is a quality-of-life update and has many fixes and a few new features onboard. You can find the changelog here. Big thanks to the creator Kuba Gretzky for this! With the new release, the tool no longer has built-in phishlets onboard but is re-launched as a framework where red-teamers can build phishlets for basically any web application. Due to some changes under the hood, the… 

Read More »Running Evilginx 3.0 on Windows

Step-up authentication with Defender for Cloud Apps and Authentication Context

In this post, I will show you how you can integrate Azure AD’s Authentication Context with Defender for Cloud Apps to require step-up authentication for specific scenarios. Step-up authentication allows you to re-evaluate Azure AD Conditional Access policies when users take sensitive actions during a session. To demonstrate this feature, we need to do the following steps: 1. Create Authentication Context (tag) First, we’ll need to define the Authentication Context̀. This will be used to ‘tag’ resources or actions. Go… 

Read More »Step-up authentication with Defender for Cloud Apps and Authentication Context

Send an email on a new Azure MFA method registration

I’ve done quite some Azure MFA projects over time (and counting), and as we mainly focus on the technical side, there are also practical sides to consider. Every project has its own approach and challenges, and more importantly: the user is impacted more or less, and that asks for some guidance. Now, this solution comes in handy if you want to act on new registrations for Azure MFA methods. That can be an action of any kind. To give you… 

Read More »Send an email on a new Azure MFA method registration