-
Auditing who checked your email metadata in M365
Background One of the things organizations typically gain when moving into cloud, is visibility. Especially, when you’re using a single vendor (such as Microsoft), you can get very wide visibility into the organizations cloud infrastructure, assuming you have the privileges required (and you know how to navigate 10 different portals). For security professionals this is…
-
Azure DevOps with Workload Identity Federation
Introduction Workload identity federation is a new feature in Entra ID that allows you to configure a workload identity in Entra ID to trust tokens from an external identity provider. In this blog post, I’m looking into how (and why) to use this feature with Azure DevOps service connections, which is a feature that was…
-
Detecting and remediating emails with Defender XDR correlation
One of my customers have seen an interesting campaign, and they wanted help detecting and remediating it. Here’s a short summary of what they had observed: As these emails are coming from consumer email addresses, they will pass all the basic email authentication requirements (SPF, DKIM, DMARC). The customer is using Safe Links from Defender…
-
Blocking desktop apps with M365 E5
Background I recently came across a request from a customer to block specific applications on their Windows clients. More specifically, the requirements were as follows: The customer had the following setup: So the question is: what is the best solution? A few options come to mind, and those are explored in the sections below. Option…
Hey! This is my blog about all things related to Microsoft cloud security. Opinions are my own, etc.
LinkedIn
cloud security blog 