Microsoft's Entra service for identity management and access control (Identity and Access Management, IAM) currently relies on certificates based on DigiCert Global Root G1. The manufacturer has now ...

As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security ...

Have you ever wondered if your organization’s security measures are truly airtight? In an era where cyber threats evolve faster than ever, relying solely on well-known defenses might leave critical ...

Hacker Reveals New Authentication Bypass in Active Directory and Entra ID Environments Your email has been sent At last week’s Black Hat event in Las Vegas, Dirk-jan Mollema, hacker, security ...

In today’s AI-first world, identity and network access are the first touchpoints for enforcing least privilege and protecting against sophisticated, identity-based attacks—but for many organizations, ...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra's subscription handling is allowing guest users to ...

Guest users with certain billing roles can create and own subscriptions, potentially gaining persistence and privilege escalation within an organization’s Azure environment. Threat actors can abuse ...

As companies build more and more AI agents, the risk of AI chaos grows. Entra Agent ID is Microsoft’s initiative to manage this chaos by providing organizations a way to register, monitor, and control ...

Enhance Active Directory tasks with these 21 PowerShell scripts, such as creating accounts, checking for account lockouts, and finding domain administrators. Save Time — Boost efficiency by automating ...

Attackers could exploit two key authentication cookies used by Azure Entra ID to bypass MFA and hijack legitimate user sessions — thus gaining persistent access to Entra ID-protected resources in ...

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. On Saturday morning, ...