#Security #Azure #EntraID #XDR #MDE #Identity #M365 #AD #PKI #KQL
Microsoft MVP
Tweets and opinions are my own
Fabian Bader
Loading...
In my latest blog "Now You See Me: AADGraphActivityLogs" I explore the newly released Azure AD Graph logs and demonstrate how you can detect tools like ROADtools and AADinternals that rely on this API and have been under the radar for defenders so far.
cloudbrothers.info/en/aadgrapha...
We’re thrilled to reveal our next MC2MC Connect speakers for February 5th in Antwerp: @fabian.bader.cloud @rogierdijkman.bsky.social ! 🎙️
➡️Looking to explore the program or secure your spot? Check out: connect.mc2mc.be
#MC2MC #ConnectMC2MC #ConnectMC2MC2026 #Connect #Collaborate #Create
Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 | Microsoft Community Hub! 🦋
techcommunity.microsoft.com/blog/Exchang...
What are preferred methods to lock someone out of a remote Intune managed computer? Any that work well in a hybrid configuration?
Our best solution to date is a push of a “deny local login” policy in advance and a forced reboot.
@nathanmcnulty.com @merill.net @fabian.bader.cloud
My Disobey talk "Are passkeys as secure as you think" is now available on YouTube
youtu.be/DQ4dnXibaoM?...
Today at 15:00 CET #YellowHat will start. It's a free live streamed conference around Microsoft Security and we have amazing speakers and topics lined up for you.
Register now to reserve your free spot.
yellowhat.live
#XDR #EDR #Defender #Microsoft #Security
With the unified SOC experience there might be some ANRs you want to exclude from XDR correlation. Now you can!
Either using the UI or add #DONT_CORR# at the beginning of the ANR description.
learn.microsoft.com/en-us/defend...
Microsoft just announced official support to store device bound Passkeys for Entra ID in the Windows Hello container. No app, no external hardware key but built in support. Sadly no attestation while in preview.
mc.merill.net/message/MC12...
#Passkey #EntraID
@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube.
"Finding Entra ID CA Bypasses - the structured way" @wearetroopers.bsky.social
youtu.be/yYQBeDFEkps
#ConsentFix is a great way for attackers to work around some protective layers but not all. @naunheim.cloud , @cbrhh.bsky.social and I wrote a blog post on detection and mitigations. Hope you find it useful and can adapt it to your environment.
www.glueckkanja.com/de/posts/202...
