Bernie vs. Claude YouTube video by Senator Bernie Sanders

www.youtube.com/watch?v=h3At...

And I do know the "workaround" but I would like to have it native...

Interesting, but what I really need is the ability to store passkeys on non-company mobile phones, even if the conditional access policy blocks ‘All Apps’ from these types of devices. Have you heard anything about this? There were rumours that it was coming...

🚨 Global Secure Access ≠ “replace VPN and done.”

I just published a new podcast with Chris Brum where we break down real-world Microsoft GSA deployments 🧵👇

Keynote: Code Dark Age Generative AI is supposed to make our lives easier. But what if it's really just coding us straight into a new Dark Age? We hand over our...

Something for your read/ watch only friday.

media.ccc.de/v/god2025-56...

One the craziest elements about cybersecurity is you have half the industry sat worrying about cyberwar!1! and going on about quantum and AI, then you have you have the operational reality of what is actually happening on the ground - it bares no resemblance, at all, to what people are focused on.

Manage external Communications in Teams — thinformatics Hey Teams Admins! once in a month, a colleague at thinformatics organizes a “What’s new” Session where all co-workers can and should share news round about M365, Entra and Azure. This is one tool we’...

You can now define, with granularity, which of your Microsoft Teams users can receive messages from external senders.
I waited for this feature for a long while and was a bit too enthusiastic when I heard about it :). Wrote up my thoughts about this here:
www.thinformatics.com/blog/manage-...

DEFCON33 - Turning Microsoft's Login Page into our Phishing Infrastructure - Keanu Nys YouTube video by RedByte

m.youtube.com/watch?v=z6GJ...

"you'll spend more time fighting your own company than actual hackers. devs hate you for slowing them down. management hates you for costing money. users hate you for making passwords hard. you're basically professional party pooper."

there is my new job title... professional party pooper

doing god's work!

TokenSmith Meets Evilginx: Token Theft Combined with Entra Conditional Access Bypass YouTube video by SYNACK Time

Unfortunately, that was only a matter of time!

This video combines two of the most dangerous tools at the moment associated with phishing - and it's surprisingly simple!
www.youtube.com/watch?v=Dp1z...

Do we have defense options? Read on 👇

sorry to hear. I know how annoying this is.

All you need to know about the TokenSmith Compliant Device Bypass ->

Yeah, rats.. that's true..

Microsoft 365 - Geräte-Compliance-Bypass - < bi-sec > Angriffe auf Microsoft 365 über Gerätecompliance-Bypass sind ab jetzt der Standard. Intune-Portal sei dank, können Angreifer CA umgehen!

The query at the end of this article is less noisy in our environment... thoughts?

www.bi-sec.de/2024/12/28/m...

Bypassing Entra ID Conditional Access Like APT: A Deep Dive Into Device Authentication Mechanisms YouTube video by Black Hat

Fun part is, he held a presentation about this already in August but nobody seemed interested… www.youtube.com/watch?v=JItn...

Bypass Intune Conditional Access Using TokenSmith: Detection & Response Discover how to detect & respond to a new exploit bypassing Microsoft Intune Conditional Access Policies using advanced queries in Microsoft Defender XDR.

This blogpost shows a detection query for TokenSmith:
quzara.com/blog/bypass-...

TokenSmith - Bypassing Intune Compliant Device Conditional Access | JUMPSEC LABS Conditional Access Policies (CAPs) are the core of Entra ID’s perimeter defense for the vast majority of Enterprise Microsoft 365 (M365) and Azure environments. The core ideas of conditional access ar...

Everybody who has something to do with Conditional Access should read about TokenSmith and think about what this could do in combination with EvilGinx2 and what this could mean for your environment. #entraid #conditionalaccess

labs.jumpsec.com/tokensmith-b...

Mostly to study security related topics. But the F1 is a good idea that I did not really have on my radar. thanks.

Fellow non-MSP #Entra security bubble! Without a dev tenant, I’m curious—how do you set up your personal Azure security test environments? What licenses do you use—Microsoft E5, Business Premium + EMS E5, or a mix? How many licenses for effective testing? Would love to hear your approach on this.

Announcing a free GitHub Copilot for VS Code Announcing a free plan for GitHub Copilot in Visual Studio Code.

Announcing GitHub Copilot Free!

We're excited to announce an all new free plan for GitHub Copilot, available for everyone today in VS Code.

No trial. No subscription. No credit card required.

Learn more at the link below 👇

aka.ms/copilot-free

Objective-See: Tools Free, open-source tools to protect your Mac

Never had such a case but I would start here:
objective-see.org/tools.html

Same…

fortunately it is only very, very annoying. I did nothing in that tenant that was only in there. Still... a little not would have been helpful to plan better.

"Your Microsoft 365 E5 developer subscription is for development purposes only and can be revoked if you use it for purposes other than development."...

yeah. sorry. Only want to learn your products and skill up. 🙄

The tenant was still working last week. Was testing something tgere.. At least a little heads-up and a tiny warning would have been nice.

So out of nothing my whole test environment is gone and if I am correct at the moment there is no other way than paying a tenant with all licenses, correct?

Is there any other way we non MSP people can try things out in a test environment and keep our skills up to date without spending several hundred dollars on licenses?

Really annoyed right now.

Great. My Azure developer tenant, which was working just fine a few weeks ago, apparently expired end of october.

No mail, no warning, nothing. All licenses, roles gone.

I often used this to test security-relevant features, as this was the easiest way for testing as enduser.