Skip to content

Get started with passkeys in Microsoft 365

It’s here! A long-awaited feature in Microsoft 365 is finally there. Now, in public preview, organizations can add another phishing-resistant credential to their arsenal: device-bound passkeys. DISCLAIMER: This feature is currently in public preview. Everything you read in this blog post is subject to change and may be outdated soon. Always check the current documentation on Microsoft Learn to keep track of changes. Images in this post might be slightly different in reality. What is a device-bound passkey? First, let’s… 

How to simulate risk in Microsoft Entra ID Protection

Entra ID protection is an excellent feature amongst the other services in the Entra Premium P2 license SKU. Microsoft Entra ID Protection detects identity-based risks so that admins can mitigate those risks. Users can also self-mitigate risk. To evaluate and asses this feature, you could, of course, simulate a bunch of risky events, as described here. Using a TOR browser and the developer tools in the browser, you can quickly bump up your sign-in risk to trigger the policies in… 

Microsoft 365 end-user notifications for changes in authentication methods

When moving away from traditional and weak authentication methods like passwords to stronger ones like Authenticator App and passkeys, it’s essential to keep informed when some of these methods change. Organizations moving to modern authentication are facing new challenges around onboarding and recovery of authentication methods, as attackers can also use this to settle in someone’s account by simply adding an extra authentication method. Entra ID will log this event, but no out-of-the-box feature informs the user. This step-by-step tutorial… 

Viewing changes to Conditional Access policies just became easier!

Today, a quick tip for all Entra admins out there. Conditional Access policies can be subject to change. When a policy is changed, its not very easy to see what changed. From the audit logs, this is how it looks: Let’s face it; that’s not very convenient to read. Well, here’s the good part: Microsoft released a new feature that can “visualize” changes to Conditional Access straight from the audit logs. This will show the changes side by side. You… 

A Thread on Frosty Fiascos: Delving into the Microsoft Midnight Blizzard Hack

This post is all about the hack on Microsoft by Midnight Blizzard (NOBELIUM, Cozy Bear, APT29)A lot has been said already, and this event has many angles. This post is focused on one part: What can Entra/Microsoft 365 admins do to prevent such an attack? I don’t have all the answers (certainly not!) but I feel the urge to bundle all the resources so that the community can find guidance during this snowstorm. I did not find any time to… 

Prevent AiTM with Microsoft Entra Global Secure Access and Conditional Access

Microsoft Entra Global Secure Access brings a new control to Conditional Access. By installing the Global Secure Access Client on (hybrid) Entra joined devices and enabling Global Secure Access signaling for Conditional Access, admins can now work with a new condition: All Compliant Network locations (Preview) That means we can add another layer to our tenant to prevent token theft and replay. Let’s have a first look. Prepare the lab The first step is to activate Global Secure Access in… 

Evilginx resources for Microsoft 365

Okay, let’s start with a disclaimer. This post is created for educational purposes and mainly focuses on red and blue teamers to protect their Microsoft 365 tenants. That being said, Evilginx can be used for all cloud services. Do not use Evilginx for nasty and illegal stuff. I won’t help to fix your Facebook, Instagram, and TikTok phishlets. Feel free to reach out for security tips on Microsoft 365 / Entra ID. This post will grow over time. If you… 

A love story about Role Based Access Control for Applications in Exchange Online, Managed Identities, Entra ID Admin Units, and Graph API

I’ve learned something new today. Hear me out. Up until now, sending emails using managed identities trough Graph API was a bit of a hassle. You needed to grant access using Graph API or Powershell first, but before you could do that, you needed to find the correct IDs for Graph API, the Managed Identity, and the permission itself. Lucky for us, Jan Vidar spoiled us with this nice blog post, which I used pretty often. Next, you would end… 

Prepare for passkeys in Entra ID!

Only a few months until Microsoft Entra ID will support device-bound passkeys stored on computers and mobile devices as an authentication method in preview, in addition to the existing support for FIDO2 security keys. This enables your users to perform phishing-resistant authentication using the devices that they already have.   What is a device-bound passkey? First, let’s zoom in a little on device-bound passkeys. This is a FIDO2 Discoverable Credential that is bound to a single authenticator. For example, FIDO2 security… 

How to create a Temporary Access Pass using Logic Apps

Now that more and more organizations are moving towards passwordless, a Temporary Access Pass becomes indispensable for onboarding and recovery. Using Logic Apps (or Power Automate), organizations can automate and integrate the creation of Temporary Access Passes in their current IT processes. Logic Apps can be triggered from customer service tools like ServiceNow or TOPdesk, to start fully automated workflows. In this blog post, you will learn how to create a Temporary Access Pass in Entra ID using Logic Apps,…