#Himmelblau 2.0: #AzureEntraID für #Linux :tux: – und nicht #von Microsoft | iX Magazin https://www.heise.de/news/Himmelblau-2-0-Azure-Entra-ID-fuer-Linux-und-nicht-von-Microsoft-11071955.html #OpenSource #M365
#AzureEntraID
Excited to be putting the finishing screenshots in my #bsidesatl presentation about some new security controls that #AzureEntraID has made available around App Consent and Workload Identity protection. #entraid #Microsoft365 #cloudsecurity @bsidesatl
https://pretalx.com/bsidesatl-2025/talk/review/DMYAZJ83ZMUH8XWWPTTSBTKUYGDUHBJL
#infosec #cloudsecurity #dfir #AzureEntraID If you have a suspected Azure Service Principal compromise, say a company up the supply chain got breached and the Application Registration might be used for access via a cross-tenant consent, then you absolutely MUST search for the AppId in the body of your logs.
If you’re streaming to a SIEM or LogAnalytics workspace, should be easy enough. If you’re pulling logs from Entra/UAL please leverage the “free text” search capabilities to search for the AppId(s) https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps#-freetext
Once you’ve done that, grab all of the logins for the SPs and look for any non-MSFT IPs, or any unusual ones (use your investigator thinking hats). Pay particular attention to the servicePrincipalCredentialKeyId field. If it’s a value that you don’t have in your tenant for your SP, congratulations you’re the victim of a supply-chain attack.
Then grab the SessionIDs from those logins and run them against the results of your FreeText UAL search. If you find any hits, then you’ll likely have new identities to go hunt for full UAL activity on in your environment.
Who knew configuring Azure Entra ID on #Keycloak was as thrilling as watching paint dry? 🎨🔧 The author bravely attempts to turn a maze of tech jargon into something understandable, but somehow manages to make watching grass grow sound more exhilarating. 🌱💤
https://blog.ght1pc9kc.fr/en/2023/configure-azure-entra-id-as-idp-on-keycloak/ #AzureEntraID #TechJargon #TechHumor #CloudComputing #ITStruggles #HackerNews #ngated
Configure Azure Entra ID as IdP on Keycloak
https://blog.ght1pc9kc.fr/en/2023/configure-azure-entra-id-as-idp-on-keycloak/
#HackerNews #Configure #Azure #Entra #ID #as #IdP #on #Keycloak #AzureEntraID #Keycloak #IdP #Configuration #CloudIdentity #IdentityManagement
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst