Yes. The name is snarky on purpose. With the drive to using phishing-resistant MFA something on the mind of many organizations, I’ve been taking a look at the Usage & […] The post Entra Useless Insights Report appeared first on Eric on Identity.| Eric on Identity
Update I called the 888 number this morning and it does indeed go to a scam call center. I played along with the person on the other end, who ultimately […] The post An interesting M365 billing scam appeared first on Eric on Identity.| Eric on Identity
Microsoft, and the general identity industry, has recommended that applications use certificates over secrets when it comes to credentials for things like applications. This recommendation has existed for about as […] The post Spying on your ISVs credential choices appeared first on Eric on Identity.| Eric on Identity
For those that must manage application integrations in Entra ID, it’s an inevitable question: What is the difference between an App Registration and an Enterprise Application? Why are there two […] The post Entra App Registrations and Enterprise Applications: The Definitive Guide appeared first on Eric on Identity.| Eric on Identity
When you work someplace that develops software that interacts with Entra ID, the question of Graph permissions eventually comes up. With the recent Midnight Blizzard attack against Microsoft, where a […] The post The Intersection of Graph and Entra ID: Application Permissions and Roles appeared first on Eric on Identity.| Eric on Identity
According to the Microsoft Digital Defense Report 2022, weak identity controls are listed as a top three contributing factors found during ransomware incident response. One particularly troubling finding within identity […] The post Protect your privilege with PAW appeared first on Eric on Identity.| Eric on Identity
If you haven’t followed the news recently, Descope released an article diving into how their security researchers were able to abuse OpenID Connect (OIDC) ID token claims to spoof the […] The post The nOAuth “flaw” is a symptom of industry anti-patterns appeared first on Eric on Identity.| Eric on Identity
Going to a conference like Identiverse is a privilege, even if the travel is funded by airline and hotel miles earned by the feverish pace of pre-COVID travel from my […] The post Identiverse 2023: Recap and Highlights appeared first on Eric on Identity.| Eric on Identity
According to Wikipedia, Toshkent (or Tashkent) is the largest city in, as well as the capital of, Uzbekistan, a country located in Central Asia. The city sports a population of […] The post March 23rd, 2023: The Day Everyone Came From Uzbekistan appeared first on Eric on Identity.| Eric on Identity
Audit logs can provide all sorts of wonderful points of data. In the interest of identity security, we have historically seen that we can glean rich sets of information around […] The post Dude, Where’s My Audit Logs? appeared first on Eric on Identity.| Eric on Identity