On Wednesday, October 26, I will be speaking at the Microsoft 365 Security & Compliance User Group. The topic of my talk is “Why using a FIDO2 security key is important”. Abstract Learn why classic MFA based authentication is still at risk of being phished using AiTM techniques and how FIDO2 security keys can mitigate such attacks. You can also use Entra ID (Azure AD) conditional access to add an additional layer of security.

When using Microsoft Entra Entra ID (Azure AD), you can choose between a wide range of MFA options as an admin and user. Depending on the method you choose this can be a very strong second factor (e.g., FIDO2), or it could be a weaker second factor like text messages. Up until now there was no way to distinguish between the different methods. But with the recent announcement about authentication strength this changes.

On Thursday, September 22nd , I will be speaking at the Cloud Identity Summit 2022. The Cloud Identity Summit focuses on Cloud Identity Management, various aspects such as identity protection, managing external accounts, passwordless and much more. The Cloud Identity Summit is a free event that focuses on the exchange between the participants. The group of participants is international and comes from different areas and industries. In my talk titled “Azure Attack Paths”, I will describe various attack vectors and techniques for the Azure Cloud.

When using Microsoft Sentinel you can connect multiple sources as data connectors. By default all connected sources will ingest their information to predefined tables in the Log Analytics workspace, backing the Microsoft Sentinel instance. You then can query this data using analytic rules or hunting queries to identify abnormal behavior. But for a few of those data connectors Microsoft is offering an additional feature called “User and Entity Behavior Analytics” or UEBA for short.

At my companies bootcamp, a few colleagues and I did research on the different Azure Active Directory tokens and authentication flows. At the end of the week one question remained unanswered Question How does the usage of continuous access evaluation (CAE) and the extended lifetime of the access token impact security? So, after I returned home, I started digging into this topic to answer the question. OpenID Connect, OAuth2 and token Let’s back up a second and look at the current implementation of the different protocols involved in authentication and authorization to better understand the need for CAE.

Microsoft just announced the public preview of the new Device Health Reporting for Microsoft Defender for Endpoint and I already love it. It not only gives you deeper insights into your environment but also adds much needed information like engine version, last scan time, and scan results. Sensor health & OS Sensor health & OS overview This overview gives you insights into deployed OS versions, the current state of the sensor health and for Windows 10 there is an extra section that shows the different releases deployed in your environment.