Entra Agents are Promising but Could do More
Microsoft's Alex Simons came to the TEC 2025 conference to talk about the future of Entra ID, a lot of which hangs on the use of AI in components like the Entra agents that are now in preview. The idea of using agents to relieve hard-pressed human administrators is great, but only if those agents do more than a skilled human administrator can do, and that's not the case so far.
https://practical365.com/entra-agents-could-do-more/
#Entra #Microsoft365
Blogged: Implement a secure MCP server using OAuth and Entra ID
https://damienbod.com/2025/09/23/implement-a-secure-mcp-server-using-oauth-and-entra-id/
#aspnetcore #dotnet #mcp #oauth #openidconnect #oidc #openai #llm #agent #entra #entraid #ai
🔍 Detection Method
===================
🔍 OSINT
Executive summary: Public-facing identity services such as Entra ID
(Azure AD) are at risk from non-credential enumeration techniques that
combine OSINT with identity-focused tooling. References to
AADInternals and email-harvesting workflows indicate a threat model
where reconnaissance informs credential-based attempts rather than
zero-day exploitation.
Technical details:
• Tools and techniques mentioned include AADInternals for Entra
enumeration and common OSINT sources (LinkedIn, Hunter.io) for
collecting potential usernames and emails.
• Attacks described focus on credential-driven vectors: password
spraying and targeted authentication attempts that probe MFA and
Conditional Access responses.
Analysis:
• The core risk arises from visibility: externally discoverable
identities and role metadata enable focused attacks that bypass noisy
scanning. Entra/AD telemetry can be used to detect reconnaissance if
logs are instrumented.
• The presence of Conditional Access and MFA changes the attacker
tradeoffs: failures and policy evaluation events become important
detection signals.
Detection guidance:
• Surface and aggregate failed sign-in patterns across tenants; alert
on unusual volumes of password-spray–style failures targeting many
accounts in short windows.
• Monitor Conditional Access evaluation logs for repeated policy
decisions from anomalous IPs or device states.
• Correlate OSINT-derived lists with authentication telemetry to spot
targeted attempts.
Mitigation:
• Enforce MFA for all privileged and high-risk accounts and reduce
legacy authentication allowances.
• Harden user discovery: limit public exposure of role-based emails
and group memberships where possible.
• Implement rate-limiting and suspicious-activity thresholds in
identity platforms and enrich logs with UEBA for context.
Limitations:
• Public reporting does not supply IoCs or exploitation artifacts;
analysis is high-level and defensive.
🔹 AzureAD #Entra #AADInternals #OSINT #MFA
🔗 Source: https://dmcxblue.net/2025/08/23/how-to-rob-a-hotel/
Holy moly. As someone who spends way too much time locking down Entra ID this terrifies me. Complete unlogged access to any tenant’s global admin. Why am I even trying? Thankfully it’s fixed but where there’s smoke there’s fire. What else is lurking in that API?
https://www.darkreading.com/cloud-security/critical-azure-entra-id-flaw-microsoft-iam-issues
It’ll never happen but Microsoft’s ethical response here is to analyze whether any tenants have been compromised by this and to disclose to the tenant owners.
Hear the full saga: https://entra.news/p/how-a-pharmacist-became-a-pro-hacker
What's YOUR wildest career pivot?
This is an insane vulnerability. The worst thing about this is that there's literally nothing you could do to stop this. Irresponsible engineering on Microsoft's part. I'm glad it's patched, but I'm concerned about security practices for Entra ID in general. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ #hack #cve #microsoft #azure #entra #cybersecurity
🌗 一個 Token 統治一切——透過 Actor Tokens 取得每個 Entra ID 租戶的 Global Admin 權限
➤ 深入剖析一項可能導致全球 Entra ID 租戶被完全掌控的重大安全漏洞
✤ https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
研究人員 Dirk-jan Mollema 發現了 Entra ID 的重大漏洞,該漏洞允許攻擊者利用未記錄的「Actor Tokens」結合 Azure AD Graph API 的驗證缺陷,在任何 Entra ID 租戶中取得 Global Admin 權限。這種 Actor Tokens 是 Microsoft 後端服務間溝通時使用的,不受條件式存取等安全策略的約束。Mollema 報告此漏洞後,Microsoft 已迅速修補,並發布了 CVE-2025-55241。儘管漏洞已修
#資安 #漏洞 #Entra ID #Azure AD Graph API #Actor Tokens #權限提升
bro just get on #entra bro. just let #microsoft deal with all your stuff bro. just relax and let them handle it. just use #microsoft365 bro. just use #teams. bro, just use teams. just do all your communication thru teams. just teams it with #copilot and let it happen. bro don't even think just use #windows365 bro. comeon, just let sataya nadella happen. let #exchange happen. let new #outlook happen. let it all happen, just relax and copilot, bro. come on. do it.
"One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens"
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
#entra #azure #cloud #devops #infosec #cybersecurity #pentesting #pentest
Entra ID’s Keep Me Signed In Feature – Good or Bad?
The Entra ID Keep Me Signed In (KMSI) feature creates persistent authentication cookies to allow users to avoid sign-ins during browser sessions. Is this a good or bad thing and should Microsoft 365 tenants enable or disable KMSI. I think KMSI is fine in certain conditions and explain my logic in this article. Feel free to disagree!
https://office365itpros.com/2025/09/17/kmsi-good-or-bad/
#Entra #Microsoft365
IC Enterra geçen yıl devreye aldığı YEKA Erzin-2 GES projesi için sağladığı krediyi yeniden yapılandırdı #ENTRA #güneşenerjisi #yeka
https://yesile.co/Oozqkb
Digital Toolbox: Microsoft Entra ID
Cloud-based identity and access management service that provides user, device, and application identity, authentication, and protection for Microsoft 365, Azure, and other cloud services.
https://wadebach.blackcatwhitehatsecurity.com
#Digital #Toolbox #Microsoft #Entra #ID #Applications
I’ve been finding the #Entra Usage & Insights report useless lately when it comes to #passkey reporting.
Why? It’s broken.
It’s concerning that this seems to be an ongoing issue that isn’t tenant specific and Microsoft hasn’t caught it.
https://ericonidentity.com/2025/09/02/entra-useless-insights-report/
India Brazes for Export Shock ya que el 50% de la tarifa estadounidense entra en vigencia #Brazes #entra #estadounidense #Export #India #shock #tarifa #vigencia #ButterWord #Spanish_News Comenta tu opinión 👇
https://butterword.com/india-brazes-for-export-shock-ya-que-el-50-de-la-tarifa-estadounidense-entra-en-vigencia/?feed_id=39683&_unique_id=68aeb9ef75575
FindMeAccess is a tool useful for finding gaps in Azure/M365 MFA requirements for different resources, client ids, and user agents🕵️♂️
https://github.com/absolomb/FindMeAccess
#infosec #cybersecurity #pentest #redteam #azure #entra #cloud #opensource
Microsoft #Entra ID Flaw Enables Global Admin Takeover 🤯
Tight governance on Admin usage is required
#microsoft #cybersecurity #threat
https://petri.com/microsoft-entra-id-flaw-global-admin/
Now Generally Available: Platform SSO for macOS with Microsoft Entra ID https://techcommunity.microsoft.com/blog/microsoft-entra-blog/now-generally-available-platform-sso-for-macos-with-microsoft-entra-id/4437424 #microsoftintune #msintune #macos #macadmin #entra #microsoftentra #entraid
La prohibición griega de los cargos de cajero involuntario y los límites de otras tarifas bancarias entra en vigor hoy #automático #banca #bancarias #cajero #cargos #dinero #economía_griega #entra #Grecia #griega #hoy #límites #los #otras #prohibición #tarifas #vigor #ButterWord #Spanish_News Comenta tu opinión 👇
https://butterword.com/la-prohibicion-griega-de-los-cargos-de-cajero-involuntario-y-los-limites-de-otras-tarifas-bancarias-entra-en-vigor-hoy/?feed_id=36935&_unique_id=689ae81c9de3d
