Discussing various Sentinel and Defender XDR detections related to multi-tenant applications, including the ones that are possible and the ones that are not.
Category Archives: identity
Sentinel alert if SMS is re-enabled
Raising Sentinel alerts, if SMS is re-enabled in your tenant.
Sentinel: SSE logging and alerting
Raising Sentinel alerts for the new Microsoft’s Security Service Edge (SSE) events.
MSSPs and Identity: Q&A
Follow-up to the previous blog post to answer common questions on MSSPs and Identity
MSSPs and Identity
Identity configuration recommendations for MSSPs.
Review any “Don’t know” reviewees prior to the end of an access review
Steps to create access reviews that meet strict compliance requirements by allowing auditors to review any “Don’t know” reviewees prior to the end of a review.
My adventures (so far) with verifiable credentials.
Sharing my initial experience with verifiable credentials.
No, really, you don’t need that access
CloudKnox initial setup and the incredible value it brings to organizations and the security professionals working hard to keep them secure.
Cross-tenant workload identities with a single secret
You can have cross-tenant workload identities authenticating using the secret or certificate from their home tenant.
Joiners – Movers – Leavers (JML) Part 4
An overview of the Joiners-Movers-Leavers process and how it can be implemented using Microsoft Azure Active Directory.
My Faber Security 