All Stories

Identity Security Monitoring in Microsoft Cloud Services

Microsoft offers several solutions and services for securing (hybrid) identities and protecting access to workloads such as Azure, Office 365 or other integrated apps in Azure Active Directory. I like...

Community Project: Azure AD Attack and Defense Playbook

In the recent weeks, I’ve worked together with Sami Lamppu on the first section of a playbook about common attack and defense scenarios in Azure AD. In this article I...

Sign-in logs and auditing of Managed Identities and Service Principals

Recently, Microsoft added new categories for sign-in logs which finally included non-interactive, managed or service principals in Azure AD. In this blog post I will describe the configuration steps to...

MVP Award 2020-2021 - Thank you!

Thank you all for congratulations and the kind words in the recent days! On the weekend, I’ve used the opportunity to look back on my (Azure) learning journey and previous...

Privileged Access Groups: Manage privileged access outside of Azure AD admin roles with Azure PIM

Azure Privileged Identity Management (PIM) allows to assign eligibility for membership as part of “Privileged Access Groups” (PAG). In this blog post I like to give an overview of current...

Azure AD B2B: Security considerations to protect external (privileged) identities

In the recent months I‘ve spent time on research of identity security in B2B scenarios (when users are invited to another Azure AD tenant). In this blog post I like...