-
Azure DevOps with Workload Identity Federation
Introduction Workload identity federation is a new feature in Entra ID that allows you to configure a workload identity in Entra ID to trust tokens from an external identity provider. In this blog post, I’m looking into how (and why) to use this feature with Azure DevOps service connections, which is a feature that was…
-
Detecting and remediating emails with Defender XDR correlation
One of my customers have seen an interesting campaign, and they wanted help detecting and remediating it. Here’s a short summary of what they had observed: As these emails are coming from consumer email addresses, they will pass all the basic email authentication requirements (SPF, DKIM, DMARC). The customer is using Safe Links from Defender…
-
Blocking desktop apps with M365 E5
Background I recently came across a request from a customer to block specific applications on their Windows clients. More specifically, the requirements were as follows: The customer had the following setup: So the question is: what is the best solution? A few options come to mind, and those are explored in the sections below. Option…
Hey! This is my blog about all things related to Microsoft cloud security. Opinions are my own, etc.
LinkedIn
cloud security blog 