Matt Wyatt

With September finally upon us that can only mean one thing, that authentication methods are being migrated to the new combined policies at the end of the month! That's less than 30 days away!

I got some time to sit down and pick up from the last entry in the series where we had just finished setting up Scenario 1 of Entra Goat. We were left with a compromised user account and given the goal to login as the Global Admin and grab their flag. Let's jump in to how I approached this.

The talented people over at Semperis have recently released EntraGoat which provides a deliberately vulnerable Entra tenant to simulate real-world security misconfigurations. If you haven't checked it out, I urge you to over on the Github repo! EntraGoat

If you've heard 'Copilot' used in multiple different contexts and conversations and felt lost or unsure what was being referenced, you're not alone. The fact you're reading this post, is a good start to understanding the myriad of differences and shedding some light on the product whose name is thrown around so much.

This post will provide an introduction into the world of emergency access accounts, what they are, why you need them and how you can manage them, including the recent recommendations with regards to authentication.

I recently decided to take a look at how SPF, DKIM and DMARC actually work under the hood, whilst I've always had a rough, wishy washy idea of what the purpose was I never fully understood the implementation or what the records meant.

So I learnt, and what better way to implement the theory than to implement these records in my developer instance?

This post will detail the implementation process in a M365/Exchange Online only environment and won't touch so much on the nitty gritty of what or how.

So, you'd like to manage Entra ID via PowerShell whether that is to run one off commands or series of fancy scripts, you're probably aware this will now require utilising 'PowerShell Graph'.

What you are doing is using PowerShell to access the Graph API endpoints, and as a result, everytime you connect you need to specify the scope of access, for example User.ReadWrite.All.

This in itself is fine, but you might like more control over this process, and be able to even limit access to this application to set users or groups in your environment. Well, the answer is to create an Entra ID Application for this purpose.

When dealing with email security and trying to protect your organisation there are numerous steps that you can conduct as an administrator in order to help your users and provide them with the best possible chances of spotting a phish/suspicious email before it does any damage. First and foremost the best way to help your users would be to enrol them in an appropriate cyber education scheme and potentially run phishing scenarios with re-inforcement and education for those users who need it. However, there are some technical controls that can be implemented to aid your users, this post will detail setting a warning message to highlight external email to alert your users that the email is infact external.