In the last article called āTest Yourself: The Preludeā, we talked about some basic principles of security that we need to keep in mind moving forward. In this blog, weāre going to focus on identity and how you can start making sure youāre secure in that area. If you havenāt...
[Read More]
Hardening Entra ID
This is an update to a previous article I wrote on hardening Azure Active Directory. The idea of this update is to provide a table of default settings that I would change in any Entra ID-tenant I manage.
The layout for this article will be quite straightforward. I will create a table for each setting-menu and list the settings I would change. I will also provide a short explanation for why I would change the setting, as well as what the setting is by default.
[Read More]
Security Monitoring - Threat Modeling and Data Sources
One of the most misunderstood aspects of security monitoring is determining what data sources to use for what purpose. In this post, we will go through the process of determining what data sources to use for what purpose, where to prioritize developing use cases and how to plan for the future.
The idea that ingesting all the data and enabling all the use cases is the best approach to security monitoring is something we have explored time and time again here on this blog. So I thought, instead of just ranting about it, letās show you how I would go about...
[Read More]
Security Monitoring Antipatterns
A little bit of a deconstruction of some antipatterns in Security Operations
Welcome back to another post - this time we are talking about antipatterns. If you donāt know what an antipattern is, we can describe it as almost the polar opposite of best practice, put into a pattern.
[Read More]
Adding Graph API permissions to Managed Identities
Making a little note of this in Graph API so it's easy to find for using it
In this post, we will go over how to simply add a Graph API permission to a managed identity. You can view the permissions from the Enterprise Application blade in Entra ID, but not add any new permissions. Instead we have to use Powershell.
[Read More]