Microsoft Entra ID - Security Ticks

Microsoft Entra pushes passkeys, tightens identity security

access management, authentication, credentials, identity management, Microsoft, Microsoft Entra ID, News / SecurityTicks

Microsoft Entra pushes passkeys, tightens identity security 2026-06-02 at 15:47 By Anamarija Pogorelec Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and authentication updates Phishing-resistant […]

Microsoft Entra pushes passkeys, tightens identity security Read More »

Microsoft hands Entra ID users new option for MFA

authentication, MFA, Microsoft, Microsoft Entra ID, News / SecurityTicks

Microsoft hands Entra ID users new option for MFA 2026-03-25 at 12:46 By Anamarija Pogorelec Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, expanding support for third-party identity providers. Configure external MFA in Microsoft Entra ID (Source:

Microsoft hands Entra ID users new option for MFA Read More »

Conditional Access enforcement change coming to Microsoft Entra

Microsoft, Microsoft Entra ID, News, policy / SecurityTicks

Conditional Access enforcement change coming to Microsoft Entra 2026-01-29 at 14:05 By Sinisa Markovic Microsoft will change how Conditional Access policies are enforced in Microsoft Entra starting March 27, 2026, with a phased rollout continuing through June 2026. The change affects sign-ins through client applications that request only OIDC scopes or a limited set of

Conditional Access enforcement change coming to Microsoft Entra Read More »

Microsoft Entra ID will auto-enable passkey profiles, synced passkeys

authentication, Microsoft, Microsoft Entra ID, News, passkeys / SecurityTicks

Microsoft Entra ID will auto-enable passkey profiles, synced passkeys 2026-01-26 at 10:52 By Sinisa Markovic Starting March 2026, Microsoft Entra ID will automatically enable passkey profiles and introduce support for synced passkeys. Passkey profiles move into general availability The update brings passkey profiles and synced passkeys into general availability. Administrators gain access to a new

Microsoft Entra ID will auto-enable passkey profiles, synced passkeys Read More »

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint / SecurityTicks

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

Attackers turn trusted OAuth apps into cloud backdoors Read More »

BloodHound 8.0 debuts with major upgrades in attack path management

Black Hat USA 2025, Don't miss, Duo Security, GitHub, Microsoft Entra ID, News, open source, software, SpecterOps / SecurityTicks

BloodHound 8.0 debuts with major upgrades in attack path management 2025-08-05 at 10:11 By Help Net Security SpecterOps has released BloodHound 8.0, the latest iteration of its open-source attack path management platform, featuring major enhancements and expanded capabilities. BloodHound OpenGraph The release introduces BloodHound OpenGraph, a major advancement in identity attack path management that uncovers

BloodHound 8.0 debuts with major upgrades in attack path management Read More »

Researchers warn of ongoing Entra ID account takeover campaign

account hijacking, account protection, brute-force, Don't miss, Hot stuff, Microsoft Entra ID, News, penetration testing, Proofpoint / SecurityTicks

Researchers warn of ongoing Entra ID account takeover campaign 2025-06-12 at 19:50 By Zeljka Zorz Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions using TeamFiltration date back nearly to the tool’s initial release

Researchers warn of ongoing Entra ID account takeover campaign Read More »

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts

account hijacking, Cloud, credentials, Don't miss, Hot stuff, Microsoft, Microsoft Entra ID, News, privileged accounts, Ransomware / SecurityTicks

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts 2024-09-30 at 17:01 By Zeljka Zorz Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts Read More »

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

account hijacking, BEC scams, cryptojacking, Don't miss, Hot stuff, Microsoft, Microsoft 365, Microsoft Azure, Microsoft Entra ID, News, OAuth, phishing, spam / SecurityTicks

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns 13/12/2023 at 16:46 By Helga Labus Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant applications access to server resources without

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns Read More »

Microsoft introduces new access policies in Entra to boost MFA usage

access management, Don't miss, enterprise, Hot stuff, identity protection, MFA, Microsoft, Microsoft Entra ID, News, policy / SecurityTicks

Microsoft introduces new access policies in Entra to boost MFA usage 07/11/2023 at 18:17 By Helga Labus As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to increase the use of multifactor authentication (MFA) for enterprise accounts. Microsoft Entra Conditional

Microsoft introduces new access policies in Entra to boost MFA usage Read More »

Assess multi-cloud security with the open-source CNAPPgoat project

AWS, Ermetic, GitHub, Microsoft Azure, Microsoft Entra ID, News, open source, penetration testing, software / SecurityTicks

Assess multi-cloud security with the open-source CNAPPgoat project 03/08/2023 at 07:31 By Help Net Security Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. It is available on GitHub. CNAPPgoat supports AWS, Azure (Microsoft

Assess multi-cloud security with the open-source CNAPPgoat project Read More »

Open-source penetration testing tool BloodHound CE released

Active Directory, Azure, cybersecurity, Don't miss, GitHub, Microsoft Azure, Microsoft Entra ID, News, open source, penetration testing, software, SpecterOps / SecurityTicks

Open-source penetration testing tool BloodHound CE released 02/08/2023 at 06:32 By Mirko Zorz SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub. Identifying simple Attack

Open-source penetration testing tool BloodHound CE released Read More »