Microsoft to Block Third-Party App Access to User Sites and Files

In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting users grant unsupervised consent to third-party apps to access files stored in OneDrive for Business and SharePoint Online is a bad idea. There are certainly apps out there that need such access, but requiring one-time administrator approval is no hardship.

https://office365itpros.com/2025/06/19/app-consent-policy-user-app-consent/

#EntraID #Microsoft365

Updating the Entra ID Custom Banned Password List with PowerShell

Microsoft 365 tenants with Entra P1 or P2 licenses can use a custom banned password list to stop people using specific terms in their passwords. The idea is to prevent easily-guessed terms being used in passwords. You could also block words deemed to be objectionable. In any case, this article explains how to maintain the custom blocked password list with a PowerShell script.

https://office365itpros.com/2025/06/19/custom-banned-password-list/
#Microsoft365 #EntraID

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
Learn why Service Principal is a must for Microsoft Entra ID! Quick read for IT pros tackling secure access. 🚀🔒

#CloudSecurity #Azure
#MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/yh6VDj
[AI generated, Human reviewed]

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
Learn why Service Principal is a must for Microsoft Entra ID! Quick read for IT pros tackling secure access. 🚀🔒

#CloudSecurity #Azure
#MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/yh6VDj
[AI generated, Human reviewed]

Persisting Unseen: Defending against Entra ID persistence

https://kknowl.es/posts/defending-against-entra-id-persistence

#cloudsecurity #EntraID #IAMSecurity #azure

#Password-spraying attacks target 80,000 #Microsoft #EntraID accounts

https://www.bleepingcomputer.com/news/security/password-spraying-attacks-target-80-000-microsoft-entra-id-accounts/

#cybersecurity

Plus de 80 000 comptes Microsoft Entra ID ciblés par des attaques par pulvérisation de mots de passe ! https://www.it-connect.fr/plus-de-80-000-comptes-microsoft-entra-id-attaque-par-pulverisation-de-mots-de-passe/ #ActuCybersécurité #Cybersécurité #Microsoft #EntraID #Cloud

⚠️ #Microsoft #EntraID #AzureAD #MFA #HugOps ⚠️

Microsoft 365: Hackers Abuse Pentesting Tool for Widespread Attack on 80,000 User Accounts

#CyberSecurity #Microsoft #Hacking #EntraID #Proofpoint #InfoSec #PasswordSpray #ThreatIntel #CloudSecurity #CyberAttack #DataBreach #Microsoft365

https://winbuzzer.com/2025/06/12/microsoft-365-hackers-abuse-pentesting-tool-for-widespread-attack-on-80000-user-accounts-xcxwbn/

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
Explore the latest policy enhancement tools in Entra Conditional Access for smarter, stronger security! 🚀 Don’t miss out! 👉

#CyberSecurity #CloudManagement #MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/zTkBwe
[AI generated, Human reviewed]

How to Block Ad-Hoc Email-Based Subscriptions

The old Set-MsolCompanySettings cmdlet is no more, so how can a Microsoft 365 tenant block email-based subscriptions? With the Graph, of course! Seriously, there’s no 1-to-1 mapping from the old cmdlet to a new, but some of the settings are available in the Entra ID authorization policy. We can update the authorization policy with PowerShell to block email-based subscriptions, like Copilot Studio.

https://office365itpros.com/2025/06/11/block-email-based-subscriptions/
#Microsoft365 #EntraID

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
Explore the latest policy enhancement tools in Entra Conditional Access for smarter, stronger security! 🚀 Don’t miss out! 👉

#CyberSecurity #CloudManagement #MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/zTkBwe
[AI generated, Human reviewed]

#EntraID Conditional Access Policy to require compliant device, and #MFA all the time.

Any guesses guesses when this is not actually enforced?

👀👀👀👀

Have you read this week's Entra newsletter?

#cybersecurity #entraid #identity

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
Stay ahead of threats! Learn how to spot and prevent Golden SAML attacks for safer sign-ins. Check it out! 🚀🔐

#cloudsecurity #identity
#MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/w3iF6D
[AI generated, Human reviewed]

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
📢 Learn how to boost security by connecting Microsoft Defender for Identity with Entra recommendations! Easy integration, better protection! 🚀🔒 @mr T-bone

#CyberSecurity #CloudSecurity #MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/5We1CC

[AI generated, Human reviewed]

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
Stay ahead of threats! Learn how to spot and prevent Golden SAML attacks for safer sign-ins. Check it out! 🚀🔐

#cloudsecurity #identity
#MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/w3iF6D
[AI generated, Human reviewed]

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
📢 Learn how to boost security by connecting Microsoft Defender for Identity with Entra recommendations! Easy integration, better protection! 🚀🔒 @mrtbone

#CyberSecurity #CloudSecurity #MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/5We1CC

[AI generated, Human reviewed]

Microsoft has a new blog post on securing your organization against the Golden SAML attack. I wasn't familiar with this attack and learned that it only applies to organizations who use a delegated IdP like Active Directory Federation Services (ADFS). If you use ADFS, this should be on your reading list. #cybersecurity #EntraID

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/understanding-and-mitigating-golden-saml-attacks/4418864

🥩🥩Mr T-Bone tip!🥩🥩[New blog from Microsoft]
Unlock smarter Identity Threat Detection & Response with Microsoft Entra ID! See why identity is at the heart of security. Dive in! 🚀🔐

#CyberSecurity #CloudSecurity #MVPBuzz #EntraID #MicrosoftTechCommunity

https://tip.tbone.se/PaeZYB
[AI generated, Human reviewed]