My Disobey talk "Are passkeys as secure as you think" is now available on YouTube

youtu.be/DQ4dnXibaoM?...

Nothing new that I'm aware of

For your main identity you will use Windows hello for business. But if you have a secondary account this can be stored there

Microsoft just announced official support to store device bound Passkeys for Entra ID in the Windows Hello container. No app, no external hardware key but built in support. Sadly no attestation while in preview.

mc.merill.net/message/MC12...

#Passkey #EntraID

What are preferred methods to lock someone out of a remote Intune managed computer? Any that work well in a hybrid configuration?

Our best solution to date is a push of a “deny local login” policy in advance and a forced reboot.

@nathanmcnulty.com @merill.net @fabian.bader.cloud

No it's live stream only

Yellowhat Yellowhat is a cutting-edge cybersecurity event dedicated to Microsoft Security Technology, offering advanced deep-dive sessions (level 400+) for seasoned professionals. It brings together experts and...

Today at 15:00 CET #YellowHat will start. It's a free live streamed conference around Microsoft Security and we have amazing speakers and topics lined up for you.

Register now to reserve your free spot.

yellowhat.live

#XDR #EDR #Defender #Microsoft #Security

Exclude analytics rules from correlation in Microsoft Defender XDR - Microsoft Defender XDR Learn how to exclude specific analytics rules from the correlation engine to maintain static incident grouping behavior similar to Microsoft Sentinel.

With the unified SOC experience there might be some ANRs you want to exclude from XDR correlation. Now you can!

Either using the UI or add #DONT_CORR# at the beginning of the ANR description.

learn.microsoft.com/en-us/defend...

#ConsentFix is a great way for attackers to work around some protective layers but not all. @naunheim.cloud , @cbrhh.bsky.social and I wrote a blog post on detection and mitigations. Hope you find it useful and can adapt it to your environment.

www.glueckkanja.com/de/posts/202...

Congratulations. This is great news

We’re thrilled to reveal our next MC2MC Connect speakers for February 5th in Antwerp: @fabian.bader.cloud @rogierdijkman.bsky.social ! 🎙️

➡️Looking to explore the program or secure your spot? Check out: connect.mc2mc.be

#MC2MC #ConnectMC2MC #ConnectMC2MC2026 #Connect #Collaborate #Create

TROOPERS25: Finding Entra ID CA Bypasses - The Structured Way YouTube video by TROOPERS IT Security Conference

@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube.

"Finding Entra ID CA Bypasses - the structured way" @wearetroopers.bsky.social

youtu.be/yYQBeDFEkps

🚀 The speakers for MC2MC Connect 2026 are live!

➡️ Dive into Microsoft Cloud, Endpoint, Security, AI, FinOps & Architecture with top experts.

🎤 Speakers: connect.mc2mc.be/speakers-wid...

🎟️ Only a few early-bird tickets left: connect.mc2mc.be/tickets/

#MC2MC #ConnectMC2MC #ConnectMC2MC2026

Custom data collection in Microsoft Defender for Endpoint was just announced in the November release notes.

Documentation is already available

learn.microsoft.com/en-us/defend...

Predictive shielding sounds also very interesting...
#MDE #XDR

Attackers found a clever way to abuse legitimate, digitally signed software to load malware and it's working.

Expel Intel’s Marcus Hutchins (@malwaretech.com) breaks down a campaign that weaponizes Greenshot, a legit screenshot tool, to evade detection at multiple layers. 🧵

Microsoft Defender just got the September 2025 update

◽Improved core service startup behavior
◽ Security fixes for missing input validation of RPC services
◽Fixed threat exclusion handling
◽Restored performance optimization for network file access

learn.microsoft.com/en-us/defend...

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...

Workplace Ninja Summit 2025: What does Swiss cheese and Conditional A... View more about this event at Workplace Ninja Summit 2025

Did you ever asked yourself: What does Swiss cheese and Conditional Access have in common?

Either way, if you want to learn about (un)documented Conditional Access Bypasses, then join me on Monday at the Workplace Ninja Summit 25

#WPninjas
wpninjas25.sched.com/event/27VE4/...

Not entirely sure as well but I think it's the same reason as @nathanmcnulty.com wrote.

Microsoft Sentinel’s AI-driven UEBA ushers in the next era of behavioral analytics | Microsoft Community Hub Co-author - Ashwin Patil Security teams today face an overwhelming challenge: every data point is now a potential security signal and SOCs are drowning in...

Sentinel UEBA got a welcome set of new data sources

◽Defender XDR device logon events
◽Entra ID managed identity signin logs
◽Entra ID service principal signin logs
◽AWS CloudTrail
◽GCP audit logs
◽Okta MFA

techcommunity.microsoft.com/blog/microso...

Token Protection in Microsoft Entra Conditional Access for Windows is now GA! 🎉

#EntraID #Token

learn.microsoft.com/en-us/entra/...

Detect threats using GraphAPIAuditEvents - Part 3 For a long time now, defenders had the ability to monitor behavior of human- and workload identities in Entra tenants not only through AuditLogs but with high level of insight with the MicrosoftGraphA...

Two years ago I published a two part series on #MSGraph logs and how to use them for threat hunting.

Now comes part 3 and the logs are finally available to the masses.

#EntraID #KQL #Security

cloudbrothers.info/en/detect-th...

Recently, we announced the finalists for the most special of the #GoldenClippyAwards The #ChuckNorris award is for heroes in multiple areas: @nathanmcnulty.com @fabian.bader.cloud @bindertech.se @knudsenm.bsky.social@mortenknudsen.net Congratulate them/reshare for these rockstars! #MVPBuzz #WPNinjas

Defender AV Platform v4.18.25070.5

◽Enhanced Passive Mode Scanning Behavior
◽Improved Tamper Protection Handling
◽Digital Signature Verification Performance Boost
◽Refined ASR Rule Exclusion Processing

#MDAV #MDE #ASR

Microsoft Entra Conditional Access token protection explained - Microsoft Entra ID Learn how to secure your environment with token protection in Microsoft Entra Conditional Access policies.

A rare, but highly welcome change. Microsoft changed the license requirement for Token protection from Entra ID P2 to P1.

This will protect more customers in the long run and lead to a more secure ecosystem.

learn.microsoft.com/en-us/entra/...

🚨 PSA - Zero day in SharePoint on-prem is actively exploited!

◽ Have Defender AV active
◽ Don't disable AMSI integration of SharePoint
◽ Keep an eye out for the alerts outlined in the article
◽ Look for post exploitation with the hunting query

msrc.microsoft.com/blog/2025/07...

Part 8053 of eleventy billion on our path to killing NTLM: way way way way way better auditing.

support.microsoft.com/en-us/topic/...

What r u doing while cooking?
That’s my distraction ….
#PSConfEU 2915

Azure AD Graph retirement Migrate your applications using Azure AD Graph APIs scripts to Microsoft Graph before September 2025.

The latest on the Azure AD Graph retirement mentions two temporary outage tests and more guidance.

If something stops working it might be because of those tests.

#Entra #AADGraph

techcommunity.microsoft.com/blog/microso...

One of the results of the joined research with @dirkjanm.io is entrascopes.com

Basically the yellow pages for Microsoft first party apps.

#TROOPERS25