Enhancements in #MicrosoftEntra (diagnostic) logs: Several interesting sign-in properties (including Session ID, status for Token Protection, or GSA traffic) have been added to the sign-in logs and available in #MicrosoftSentinel. (1/3)

Some first-party apps that support ROPC flow, I see some FOCI apps in there 🫣 (I tested it!)

Can someone explain what scenario can cause password failure log in non-interactive sign-in logs? 😥 @merill.net @fabian.bader.cloud

Want to avoid microsoft graph activity log detection? Just create all your requests as $batch And you're done 😋

I just found out that Project Zero has released a Windows Registry Research Series, and I'm really looking forward to reading it! googleprojectzero.blogspot.com/2024/04/the-wi…

Omg I just realized all the good stuff happens here! It's like heaven of blog posts !!!

That looks like a good one to read

I really enjoyed reading parts 1 and 2 of this series!🤩💪 www.edtechirl.com/p/gaining-in...

Hybrid attack paths sound like a crazy capability!! I love correlating stuff 😂

Waiting for today's entra news so bad, I can't find anything to read 🥲

Currently working on a cool automation that sends you a message every time something is added to version v1.0 in the changelog. Would anyone be interested in the code?

I just read that security defaults become disable as soon as there is at least one CAP, is this wise? In practice it can be a very specific CAP, for which many security mechanisms are lost

Copilot is now part of Entra, and I wonder. 1. How does it handle permissions 2. Can we get access to data we are not supposed to be able to read 3. Does it also perform write/update actions for you, or only read? This is going to be interesting 💣

So true !!

Do you know if there is a large amount of entra sign-in logs example data so I can work on it? I have a cool idea 🙂

Perfect rainy morning and the new entra.news (: it's like my dad used to read the paper, but instead of wars, I read about the great new CAE video 😜

I love it here. It feels more pure 🙂

Saturday study session 🙃 any good reading materials?

Wrote a small post sharing my random thoughts on some key sign-in fields!🙃 if you're into security logs and detection ideas- you might enjoy it! More rambling to come! 👀 sapirxfed.com/2024/11/14/e...

I have a day off of work today. So, I'm writing a short post for my blog!

No more depression posts on this social media platform! I'm a new, optimistic person!

Let's create a discussion about #Entra device id in the Sign in logs. For me, it's completely voodoo. One time, my registered device id was PIO, and the next time, it was just exposed there.

One day, you are nothing, and the next day, you are #AADInternals contributer 😎

OK, I'm here. Now what ? @xpnsec.com 🙈