@fabian_bader@sapirxfed Yes, I’ve updated the slides with minor changes to my talk at HIPConf. There’s also a recording of the session. Unfortunately, the most fun part - the live demos of my queries - wasn’t captured: https://t.co/pv1rLA6yxB
Why did I leave Microsoft?
To work full time on 🔥 Maester.
Over 40,000+ tenants today rely on Maester to monitor their tenants daily.
I wanted to make sure that the tests they are running continue to be relevant and evolve as Microsoft 365 and the security landscape evolves.
So today I'm announcing the launch of https://t.co/F5uN233Yh7
Maester Cloud is the portal companion to Maester that lets you track your results over time. It is multi tenant, runs in your cloud (or ours) and more → check out the site for all the features.
More importantly Maester Cloud is a way for me to fund the continued development of the open source Maester core and the tests in Maester.
That is our mission. In fact I worked with the core team @fabian_bader , @Thomas_Live , @MySnozzberries and @SamErde to create the Maester Manifesto (https://t.co/wcm7PnGEMr). It is our promise to the community.
If you value Maester and would like to support and ensure that Maester continues to grow and be healthy, I would be beyond thrilled if your organisation can sponsor this effort.
I would also appreciate it very much if you can share this post with your network to spread awareness.
Thanks!
Attendees at #TROOPERS this week enjoyed a fantastic line-up of talks, including sessions from our own @martinsohndk and @MGrafnetter.
Thank you to everyone who stopped by these sessions!
Speaking at #TROOPERS26 in less than two weeks and I can't wait. Joining @martinsohndk to talk about attack paths to #PAW and real-world risks of tiered admin models with #IntuneRBAC. Plus something we've been working on for months... See you in Heidelberg!
#EntraOps#Bloodhound
🧪 #Maester checks - coming to preview soon
Maester checks that leverage the hashtag#EntraOps classification model via UnifiedIdentityInfoXdr are expanding scope beyond Microsoft Graph to cover additional Microsoft APIs.
🔐 #EntraOps API Permission classification goes beyond #MicrosoftGraph - delegated permission identification got a major upgrade.
The upcoming version in #EntraOps brings a significantly expanded #EnterpriseAccess classification model for sensitive Microsoft API permissions.
I'm working on updates across the community projects that use the classification:
🔎 #KQL function updates
My functions have been already updated, and WorkloadIdentityInfoXdr now includes also an experimental overall EntraOps investigation score
https://t.co/FfM4kdB4ZN
To summarize the last 3 days. I love the US, and i love @fwdcloudsec 🤭 You can watch our talk now! I think it's not bad at all🙃
https://t.co/bJ9g2zGofJ
⚗️ Heads-up: Early experimental version, tested in my lab. Joins multiple external data sources + large log tables - always use filters. Unfiltered runs in large environments can be expensive. Results combine SigninLogs + EntraIdSignInEvents for full details by Sentinel/XDR
🔍 Hunting for #ConditionalAccess bypasses and baseline scope enforcement in #MicrosoftEntra?
ConditionalAccessAudiences logs every resource evaluated by CAP - but only as raw GUIDs. I built a KQL query that resolves them to names + adds key signals.
🔗 https://t.co/jTDvbKchDx
@GlasgowAzureUG Happy Anniversary! I still look back fondly on it - to August 2019, when I was your guest speaker and it was my very first time presenting in English at a meetup abroad, during my vacation in Scotland 🏴
When Midnight Blizzard breached Microsoft, what they found inside was wild.
Redmond was unknowingly sitting on 7 MILLION internal tenants. Total shadow IT chaos.
If Microsoft can’t track their own tenants, what makes you think your ecosystem is safe? 🧵👇
More is on the way - some exciting features are in development and coming soon. I can’t wait to share what’s next. Stay tuned 👀 More details about recent changes in EntraOps is available from here: https://t.co/TCf0XI07e6
🚀 EntraOps v0.7.0 is out!
The latest release of EntraOps Privileged EAM is now live, featuring enhancements focused on #MicrosoftEntra#TenantGovernance, along with bug fixes and improved visibility into role classification and nested group memberships.
🔗https://t.co/hDwVGx5S9Z
🔍 Nesting path/chain for transitive group members
Full nesting chain visibility (TransitiveByNestingObjectIds, TransitiveByNestingObjectDisplayNames) across all privileged access reports and supported RBACs.