5 posts tagged with "Entra"

With September finally upon us that can only mean one thing, that authentication methods are being migrated to the new combined policies at the end of the month! That's less than 30 days away!

I got some time to sit down and pick up from the last entry in the series where we had just finished setting up Scenario 1 of Entra Goat. We were left with a compromised user account and given the goal to login as the Global Admin and grab their flag. Let's jump in to how I approached this.

The talented people over at Semperis have recently released EntraGoat which provides a deliberately vulnerable Entra tenant to simulate real-world security misconfigurations. If you haven't checked it out, I urge you to over on the Github repo! EntraGoat

This post will provide an introduction into the world of emergency access accounts, what they are, why you need them and how you can manage them, including the recent recommendations with regards to authentication.

So, you'd like to manage Entra ID via PowerShell whether that is to run one off commands or series of fancy scripts, you're probably aware this will now require utilising 'PowerShell Graph'.

What you are doing is using PowerShell to access the Graph API endpoints, and as a result, everytime you connect you need to specify the scope of access, for example User.ReadWrite.All.

This in itself is fine, but you might like more control over this process, and be able to even limit access to this application to set users or groups in your environment. Well, the answer is to create an Entra ID Application for this purpose.