Mastodawn

Duuuuude why did you migrate the entire company to Entra with a ton of resources that are never leaving the on-prem domain and a bunch of Mac users that don’t have credential manager or runas.exe to help them hop domains to access those on-prem resources?

Then there’s the refusal to build a forest trust between Entra and the on-prem domain which is fucking baffling to me.

Also farming the entirety of this troubleshooting out to the Principal Data Architect instead of figuring it the fuck out yourself is beyond annoying. I was last a sysadmin 20 goddamned years ago.

#sysadmin #entra #microsoft #activedirectory

AA 3d ago

New. Surprise! It's Entra.

Reversec Labs: It's Just a Matter of Time: Backdooring Conditional Access Policies https://labs.reversec.com/posts/2026/04/its-just-a-matter-of-time-backdooring-conditional-access-policies

Betanews: Microsoft Entra could be creating a hidden access risk for businesses https://betanews.com/article/microsoft-entra-could-be-creating-a-hidden-access-risk-for-businesses/ @betanews @iandbarker #Microsoft #Entra #infosec #vulnerability

@cR0w A gift for you 😆 .

It's Just a Matter of Time: Backdooring Conditional Access Policies

Conditional Access Policies are a core control in every modern Entra tenant to prevent access outside of expected access methods. A discovery was made on a little-known policy condition that would allow an administrator to define time-based restrictions on when a policy would be evaluated or not. In the event that a sufficiently privileged administrator user was compromised, this capability could allow threat actors to effectively "disable" policies while still seemingly being marked as enabled in the portal.

Bebef 🦦🇪🇺🏴‍☠️🏳️‍🌈🏳️‍⚧️🚙🐼🥦🚩🏴3d ago

"We can't verify that this email came from the sender so it might not be safe to respond to it."

In #Outlook. On an email that was sent from #Microsoft #Entra.

I wonder what Microsoft #Engineers actually do for a living? 🤔

Matv1 6d ago

1/
W.b. digitale souvereiniteit: Voor grotere instellingen is het #microsoft eco-systeem een gegeven. Hoe komt die enorme afhankelijkheid? Voornamelijk door applicaties die je als eindgebruiker niet ziet: de Azure apps die zorgen dat alles aan elkaar verbonden is. De belangrijkste daarvan zijn je Identity en #sso Provider. Heel veel org's zijn de laatste jaren gemigreerd naar MS #Entra in de Azure cloud. Dit is de ultieme vendor lock-in applicatie.

Bill Fellows Apr 10

For those better versed in #Entra and azure security, I have a client experience that I've never encountered before. I get approximately 7 days before I have to renew, full MFA dance, my Azure Storage Explorer, Teams Tenant, Outlook profile. Each of these mind you is a separate sign-in experience even if they're sequential.

My computer is joined to home.domain, but I have persistent resources to client1.foreign, client2.foreign and I don't even remember having to re-auth but client 3, is a 7 day expiry (I made note of the last time because it sure felt fast).

Where would one set such a policy? Poking around in Entra, I'm not seeing where this is defined. And it could be actual AD and GPO with active sync thing going on. A different group manages all of that and I have opinions on how well they do their role...

scottpack Apr 8

My GitHub has been gathering dust. Time to fix that. 🐒

Kicking off a new series where I'll be cleaning up and releasing scripts I've written over the years. First up: Update-UserAttributes, a PowerShell tool for bulk-updating Entra user objects.

https://secopsmonkey.com/post/2026-04-06-tool-library-announcement/

#PowerShell #Entra #SecOps #MicrosoftEntra

Tool Library Announcement

During a recent conversation someone pointed out that my Github profile is somewhat dusty. Afterwards I took a public view and dang, they’re absolutely right. Nearly all of my recent work has been restricted to private repos or owned by my employers.

SecopsMonkey

kurtsh Apr 4

So many Microsoft 365 admins with multiple tenants I know will find this useful.

✅ Microsoft Entra Tenant Governance: Secure and Manage Multi-Tenant Environments at Scale
https://techcommunity.microsoft.com/blog/microsoft-entra-blog/microsoft-entra-tenant-governance-secure-and-manage-multi-tenant-environments-at/4462427
#entra #Microsoft #identity #multitenant #governance

HubSite 365 Mar 30

🟪 New March 2026 Microsoft 365 updates are live
Key changes for Teams Outlook and admin controls 🚀

💡 Teams video meeting recaps
🔍 Teams external bot detection
⚖️ SPO OTP retirement to Entra B2B

Rollouts include timelines and admin impacts across core apps. Which update matters most for your team?

▶︎ https://www.hubsite365.com/en-ww/pro-office-365/?id=b3220177-712b-f111-88b3-7c1e5273f078&topic=35f1a028-c7dd-eb11-bacb-000d3abb299a&theater=true

#Microsoft365 #Teams #Entra #Copilot

Daniel Keer Mar 29

🚨 Entra ID External MFA (old name was External Authentication Methods) is now Generally Available.

Custom Controls is being deprecated on 30 Sept 2026.

Here's how to check your usage.

https://thedxt.ca/2026/03/microsoft-entra-id-external-mfa/

#Entra #MFA #M365 #Microsoft #Microsoft365 #ConditionalAccess

Microsoft Entra ID External MFA

Microsoft recently announced that External Authentication Methods has been renamed to External MFA and is Generally Available. Microsoft also announced that Custom Controls is being deprecated, with its deprecation currently planned for September 30th, 2026. Microsoft Entra ID External MFA (formerly External Authentication Methods) replaces Custom Controls. Here is a brief timeline of Custom... Read More Read More

theDXT

holger Mar 29

Azure DevOps is moving some auth flows to Entra token issuance this summer, so token payloads will stop being readable by clients.

The exact mechanism isn’t specified (JWE would be my guess), but anything decoding tokens to read claims like UPN or tenant ID will break — no graceful degradation.

Most likely to hit internal tooling and scripts, but worth a check either way.

Supported path: Azure DevOps REST APIs for user and org data.

https://devblogs.microsoft.com/devops/authentication-tokens-are-not-a-data-contract/

#AzureDevOps #DevOps #Entra

Authentication Tokens Are Not a Data Contract - Azure DevOps Blog

Authentication tokens exist to answer one question: is this caller authorized to do this? They are not intended to be a stable data interface, a schema you can depend on, or an input into application logic. If your application decodes tokens and reads claims from them, this is an important heads-up. Token Claims Were Never […]

Azure DevOps Blog