Posts by Tag

AzureAD

Microsoft Entra Workload ID - Lifecycle Management and Operational Monitoring

21 minute read

Workload identities should be covered by lifecycle management and processes to avoid identity risks such as over-privileged permissions but also inactive (stale) accounts. Regular review of the provisioned non-human identities and permissions should be part of identity operations. In th...

Microsoft Entra Workload ID - Introduction and Delegated Permissions

14 minute read

Workload identities will be used by applications, services or cloud resources for authentication and accessing other services and resources. Especially, organizations which follows a DevOps approach and high automation principals needs to manage those identities at scale and implement p...

Abuse and replay of Azure AD refresh token from Microsoft Edge in macOS Keychain

12 minute read

Microsoft is using Keychain to store cached Azure AD tokens for “logged in” Edge profiles on macOS devices. Apple’s integrated password management system offers “encryption at rest” and built-in security features. Nevertheless, options to exfiltrate user’s token and abuse them for token...

AADOps: Operationalization of Azure AD Conditional Access

19 minute read

AADOps is a personal study and research project which sets out to demonstrate how operationalization of Azure AD in Azure DevOps could look like. In this blog post, I’ve set the scope on the scenario to build automation and lifecycle management of Conditional Access - as Zero Trust poli...

Overview of Azure AD (Conditional Access) automation

6 minute read

Cloud Managed Service Providers and many other organizations are mostly interested to manage their environment(s) ‘as code’ which enables advanced automation and scaling options. For some time, there has been improvements in programmatic access but also community-driven projects for aut...

FIDO2 Keys and Hybrid Identities (1/2): Overview and configuration

10 minute read

Microsoft has announced the GA of FIDO2 support in Azure AD at Ignite Spring 2021. Previously, passwordless authentication in hybrid environments was only possible by implementing Windows Hello for Business (WHfB). The first of a two part blog post, gives you an overview about FIDO2 sec...

Sign-in logs and auditing of Managed Identities and Service Principals

10 minute read

Recently, Microsoft added new categories for sign-in logs which finally included non-interactive, managed or service principals in Azure AD. In this blog post I will describe the configuration steps to forward the new collections to Azure Sentinel, some considerations from my first test...

Community Event: Cloud Identity Summit am 23.10.2020 in Koblenz

1 minute read

Am 23.10.2020 wird eine ganztägige Community-Veranstaltung zu Themen rund um Azure AD in Koblenz statt finden. Der Cloud Identity Summit setzt dabei besonders den Fokus auf den Austausch unter den Teilnehmern und Vorträge für Identity Experten.

Azure AD Administrative Units - Use cases, considerations and limitations

5 minute read

Administrative Units (AUs) allow organizations to delegate admin permission to a custom scope and segment (such as region, department, business units) within a single Azure AD tenant. In this blog post I like to share my experience including use cases, considerations and limitations of ...

Azure AD Tenant Hardening - Considerations of default settings

8 minute read

Every created Azure AD tenant has default configurations by Microsoft. These settings should be reviewed and cross checked with your security requirements, strategy of self-services and governance. Using Secure Score and few settings needs particular attention.

Improve security and usability of privileged access in Microsoft Azure

10 minute read

Improve security and usability of privileged access in Azure even if you don’t use (as recommended) a dedicated devices. This blog post give you some recommendations and advices to protect privileged identity, session and browser. This can be use as part of your PAW/Admin workstation im...

Back to Top ↑

Security

Abuse and replay of Azure AD refresh token from Microsoft Edge in macOS Keychain

12 minute read

Microsoft is using Keychain to store cached Azure AD tokens for “logged in” Edge profiles on macOS devices. Apple’s integrated password management system offers “encryption at rest” and built-in security features. Nevertheless, options to exfiltrate user’s token and abuse them for token...

Monitoring of GitHub Enterprise with Microsoft Sentinel

21 minute read

GitHub Enterprise is more than a platform to manage developer’s code in a repository. It will be also used to automate deployment of cloud resources and manage infrastructure-as-code. This blog post gives you an overview about ingest audit data, write analytics rules and automate respon...

FIDO2 Keys and Hybrid Identities (1/2): Overview and configuration

10 minute read

Microsoft has announced the GA of FIDO2 support in Azure AD at Ignite Spring 2021. Previously, passwordless authentication in hybrid environments was only possible by implementing Windows Hello for Business (WHfB). The first of a two part blog post, gives you an overview about FIDO2 sec...

Identity Security Monitoring in Microsoft Cloud Services

48 minute read

Microsoft offers several solutions and services for securing (hybrid) identities and protecting access to workloads such as Azure, Office 365 or other integrated apps in Azure Active Directory. I like to give an overview about data sources or signals that should be considered for monito...

Community Project: Azure AD Attack and Defense Playbook

4 minute read

In the recent weeks, I’ve worked together with Sami Lamppu on the first section of a playbook about common attack and defense scenarios in Azure AD. In this article I would like to talk about the motivation, objective of the document and invite everyone from the community to participate...

Azure AD Administrative Units - Use cases, considerations and limitations

5 minute read

Administrative Units (AUs) allow organizations to delegate admin permission to a custom scope and segment (such as region, department, business units) within a single Azure AD tenant. In this blog post I like to share my experience including use cases, considerations and limitations of ...

Azure AD Tenant Hardening - Considerations of default settings

8 minute read

Every created Azure AD tenant has default configurations by Microsoft. These settings should be reviewed and cross checked with your security requirements, strategy of self-services and governance. Using Secure Score and few settings needs particular attention.

Improve security and usability of privileged access in Microsoft Azure

10 minute read

Improve security and usability of privileged access in Azure even if you don’t use (as recommended) a dedicated devices. This blog post give you some recommendations and advices to protect privileged identity, session and browser. This can be use as part of your PAW/Admin workstation im...

Back to Top ↑

Azure

Microsoft Entra Workload ID - Lifecycle Management and Operational Monitoring

21 minute read

Workload identities should be covered by lifecycle management and processes to avoid identity risks such as over-privileged permissions but also inactive (stale) accounts. Regular review of the provisioned non-human identities and permissions should be part of identity operations. In th...

Microsoft Entra Workload ID - Introduction and Delegated Permissions

14 minute read

Workload identities will be used by applications, services or cloud resources for authentication and accessing other services and resources. Especially, organizations which follows a DevOps approach and high automation principals needs to manage those identities at scale and implement p...

FIDO2 Keys and Hybrid Identities (1/2): Overview and configuration

10 minute read

Microsoft has announced the GA of FIDO2 support in Azure AD at Ignite Spring 2021. Previously, passwordless authentication in hybrid environments was only possible by implementing Windows Hello for Business (WHfB). The first of a two part blog post, gives you an overview about FIDO2 sec...

Document your Azure environment

3 minute read

In this article I like to give you an overview about resources that helps you to visualize and document your Azure cloud solutions and environments

Back to Top ↑

Community

Community Engagements and Recap of Q1/2021

5 minute read

Over the past 3 months, I spoke at community events and set my focus on research work. Unfortunately, there was no time left for blogging. But I’m planning to share the results of the recent community work also on my blog. Therefore I like to start with an overview and recap of my commu...

Community Project: Azure AD Attack and Defense Playbook

4 minute read

In the recent weeks, I’ve worked together with Sami Lamppu on the first section of a playbook about common attack and defense scenarios in Azure AD. In this article I would like to talk about the motivation, objective of the document and invite everyone from the community to participate...

MVP Award 2020-2021 - Thank you!

3 minute read

Thank you all for congratulations and the kind words in the recent days! On the weekend, I’ve used the opportunity to look back on my (Azure) learning journey and previous community experiences.

Community Event: Cloud Identity Summit am 23.10.2020 in Koblenz

1 minute read

Am 23.10.2020 wird eine ganztägige Community-Veranstaltung zu Themen rund um Azure AD in Koblenz statt finden. Der Cloud Identity Summit setzt dabei besonders den Fokus auf den Austausch unter den Teilnehmern und Vorträge für Identity Experten.

Back to Top ↑

Microsoft Entra

Microsoft Entra Workload ID - Lifecycle Management and Operational Monitoring

21 minute read

Workload identities should be covered by lifecycle management and processes to avoid identity risks such as over-privileged permissions but also inactive (stale) accounts. Regular review of the provisioned non-human identities and permissions should be part of identity operations. In th...

Microsoft Entra Workload ID - Introduction and Delegated Permissions

14 minute read

Workload identities will be used by applications, services or cloud resources for authentication and accessing other services and resources. Especially, organizations which follows a DevOps approach and high automation principals needs to manage those identities at scale and implement p...

Back to Top ↑

Workload ID

Microsoft Entra Workload ID - Lifecycle Management and Operational Monitoring

21 minute read

Workload identities should be covered by lifecycle management and processes to avoid identity risks such as over-privileged permissions but also inactive (stale) accounts. Regular review of the provisioned non-human identities and permissions should be part of identity operations. In th...

Microsoft Entra Workload ID - Introduction and Delegated Permissions

14 minute read

Workload identities will be used by applications, services or cloud resources for authentication and accessing other services and resources. Especially, organizations which follows a DevOps approach and high automation principals needs to manage those identities at scale and implement p...

Back to Top ↑

SecuringPrivilegedAccess

Azure AD Administrative Units - Use cases, considerations and limitations

5 minute read

Administrative Units (AUs) allow organizations to delegate admin permission to a custom scope and segment (such as region, department, business units) within a single Azure AD tenant. In this blog post I like to share my experience including use cases, considerations and limitations of ...

Improve security and usability of privileged access in Microsoft Azure

10 minute read

Improve security and usability of privileged access in Azure even if you don’t use (as recommended) a dedicated devices. This blog post give you some recommendations and advices to protect privileged identity, session and browser. This can be use as part of your PAW/Admin workstation im...

Back to Top ↑

PrivilegedIAM

Back to Top ↑

Architecture

Document your Azure environment

3 minute read

In this article I like to give you an overview about resources that helps you to visualize and document your Azure cloud solutions and environments

Back to Top ↑

ExternalIdentities

Back to Top ↑

DevOps

AADOps: Operationalization of Azure AD Conditional Access

19 minute read

AADOps is a personal study and research project which sets out to demonstrate how operationalization of Azure AD in Azure DevOps could look like. In this blog post, I’ve set the scope on the scenario to build automation and lifecycle management of Conditional Access - as Zero Trust poli...

Overview of Azure AD (Conditional Access) automation

6 minute read

Cloud Managed Service Providers and many other organizations are mostly interested to manage their environment(s) ‘as code’ which enables advanced automation and scaling options. For some time, there has been improvements in programmatic access but also community-driven projects for aut...

Back to Top ↑

Automation

AADOps: Operationalization of Azure AD Conditional Access

19 minute read

AADOps is a personal study and research project which sets out to demonstrate how operationalization of Azure AD in Azure DevOps could look like. In this blog post, I’ve set the scope on the scenario to build automation and lifecycle management of Conditional Access - as Zero Trust poli...

Overview of Azure AD (Conditional Access) automation

6 minute read

Cloud Managed Service Providers and many other organizations are mostly interested to manage their environment(s) ‘as code’ which enables advanced automation and scaling options. For some time, there has been improvements in programmatic access but also community-driven projects for aut...

Back to Top ↑

Sentinel

Abuse and replay of Azure AD refresh token from Microsoft Edge in macOS Keychain

12 minute read

Microsoft is using Keychain to store cached Azure AD tokens for “logged in” Edge profiles on macOS devices. Apple’s integrated password management system offers “encryption at rest” and built-in security features. Nevertheless, options to exfiltrate user’s token and abuse them for token...

Monitoring of GitHub Enterprise with Microsoft Sentinel

21 minute read

GitHub Enterprise is more than a platform to manage developer’s code in a repository. It will be also used to automate deployment of cloud resources and manage infrastructure-as-code. This blog post gives you an overview about ingest audit data, write analytics rules and automate respon...

Back to Top ↑

IdentityGovernance

Back to Top ↑

Microsoft Sentinel

Back to Top ↑

AzureSecurity

Back to Top ↑

WorkloadIdentities

Sign-in logs and auditing of Managed Identities and Service Principals

10 minute read

Recently, Microsoft added new categories for sign-in logs which finally included non-interactive, managed or service principals in Azure AD. In this blog post I will describe the configuration steps to forward the new collections to Azure Sentinel, some considerations from my first test...

Back to Top ↑

Microsoft365Defender

Identity Security Monitoring in Microsoft Cloud Services

48 minute read

Microsoft offers several solutions and services for securing (hybrid) identities and protecting access to workloads such as Azure, Office 365 or other integrated apps in Azure Active Directory. I like to give an overview about data sources or signals that should be considered for monito...

Back to Top ↑

MicrosoftSentinel

Identity Security Monitoring in Microsoft Cloud Services

48 minute read

Microsoft offers several solutions and services for securing (hybrid) identities and protecting access to workloads such as Azure, Office 365 or other integrated apps in Azure Active Directory. I like to give an overview about data sources or signals that should be considered for monito...

Back to Top ↑

Events

Community Engagements and Recap of Q1/2021

5 minute read

Over the past 3 months, I spoke at community events and set my focus on research work. Unfortunately, there was no time left for blogging. But I’m planning to share the results of the recent community work also on my blog. Therefore I like to start with an overview and recap of my commu...

Back to Top ↑

GitHub

Monitoring of GitHub Enterprise with Microsoft Sentinel

21 minute read

GitHub Enterprise is more than a platform to manage developer’s code in a repository. It will be also used to automate deployment of cloud resources and manage infrastructure-as-code. This blog post gives you an overview about ingest audit data, write analytics rules and automate respon...

Back to Top ↑

M365Defender

Back to Top ↑