Stian A. Strysse 🛡️

Yeah, I’m definitely doing \$batch after looking into it, isn’t that bad actually. Just need this script to be super effective when adding/removing a bunch of group members. Thanks! 🙏🏻

@nathanmcnulty.com - did you ever find a way to remove group members in batches of 20, like we can for adding group members? Looking for the most efficient way to remove members. 😅

Connect-AzAccount with newest PS module does not redirect to browser sign-in as the older versions did. Now it’s a popup instead, which takes longer to sign-in with. Same with Connect-ExchangeOnline newest module, why this new behavior - anyone knows?

Helpful to protect against malicious or inadvertent admin actions.

Now please bring recycle bin support for security groups too, Microsoft. Come on, it’s years overdue!

What are protected actions in Microsoft Entra ID? - Microsoft Entra ID Learn about protected actions in Microsoft Entra ID.

Woah, this feature totally slipped under my #Entra radar - new protected action capability in #ConditionalAccess for hard-deletion of directory objects. Require e.g. compliant device, phishing-resistant MFA and re-auth before allowing permanent deletion of users, M365 groups and apps in Entra ID!

Indeed. I’d love for Microsoft to implement Restricted Admin Units for appregs/SPs, so we could prevent app takeover from a lower privileged admin.

Good discussion! 👍🏻

That we agree on, 💯

CA is a killswitch that can cripple a business in seconds. I’ve heard of several organizations that locked themselves out, one was down for 3 days. A mitigation can be a service principal with CA.ReadWrite.All scope, but then you need to secure and monitor that too…

That’s the thing - a breakglass account isn’t going to save the day if someone messes up a CA policy. One single policy created by mistake with scoping in all users, excluding no one, with an impossible grant, and everyone is locked out of the tenant.

There is always a way of messing up CA policies, so I don’t feel that is an excuse :) I would not feel comfortable with a standing GA only a password away from total compromise.

Some good pointers here: t.co/0bJ4b9u9Ez

Microsoft is enforcing MFA on all accounts accessing admin portals and APIs, so I think that way of managing breakglass accounts are over.

Register 2-3 FIDO2 security keys locked up in a safe with only access for trusted individuals, test them yearly, and monitor the accounts for sign-ins. Right?

I keep hearing recommendations for excluding #Entra breakglass accounts from all CA policies - I don’t agree. They should be included in at least one single, special CA policy requiring phishing-resistant MFA (FIDO2), where only breakglass accs’ are included. Session policy too. Thoughts?

Not my field of expertise, but four day work week sounds awesome 🥺

Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃

Funny thing is, 99% of the apps I’ve seen still using Azure AD Graph is Microsoft’s own apps 😬

I just submitted an idea for this on the MgGraph GitHub repo. Upvote if you agree 🙏🏻

github.com/microsoftgra...

@merill.net is a machine, I wish I had just half of that energy 😅 Excellent work mate! 👏🏻

Search the Microsoft community on Bluesky and get verified! Bluesky account verification for Microsoft staff and MVPs.

Today is the day folks.

The new and updated Bluesky.ms is now live!

Go add yourself. I'll share a detailed step by step...

Salesforce used with for their Outlook plugin, action required for any customers using it: help.salesforce.com/s/articleVie...

I know at least some SaaS vendors use these EXO legacy tokens still, so good to stay updated on this with the coming deprecation.

Activating PIM Roles that require MFA or Conditional Access Authentication Context with PowerShell For some time, I’ve been activating and scheduling activations for Azure roles under Privileged Identity Management (PIM) using the Microsoft Graph PowerShell SDK. However recently we secured…

I just read this cool blog post by @smsagent.bsky.social covering how to activate eligible PIM roles using PS MgGraph when CA policies require Auth Context, found in @merill.net’s epic #Entra newsletter. This problem has been bugging me!

However, shouldn’t MgGraph add support for Auth Context CAPs?

AzSentinelQueries/Defender XDR/DefenderForIdentityInventory.md at master · f-bader/AzSentinelQueries Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources. - f-bader/AzSentinelQueries

Use exposure management data in #XDR to find all domain controllers and check if #MDI is installed.

That would totally rock!

So who wants a verified 'Microsoft' and 'Microsoft MVP' label on their profile and all the posts?

I just finished setting up @bluesky.ms as a labelling service.

Go subscribe to the label to start seeing labels on verified MVPs and Microsofties.

🧵👇

This week's Entra newsletter just went out. Get all the Entra related Ignite announcements in one place 👇

entra.news/p/entra-n...

All days I’m working from my beloved home office, except for special circumstances or team events. I love it.

Nothing to see there I guess… 😅

Quick reminder to check out the #Microsoft community starter packs.

We have new starter packs + starter packs updated with new folks.

So hit up the page and update your follows so you can connect with more folks.

Please add if I've missed any.

bluesky.ms/starterpacks/

New to Bluesky?

Looking for people to follow who post content about Microsoft Azure, Microsoft 365 and/or Security?

Click the below starter pack and click follow all.

Let me know if you want to be added to the list.

go.bsky.app/2nmrHcS

I just created my first starter pack. This one is for women in infosec. Please follow and share, and lmk if you’d like to be added! go.bsky.app/HAGHpCr

I created a list of Cloud Security folks on here. bsky.app/profile/scot...