Posts

How To Use App Registration Deactivation

-
  If you’ve been following the steady stream of updates coming out of Entra, you may have noticed a particularly powerful addition to the Microsoft Graph API: the ability to deactivate app registrations. It’s a deceptively simple feature with major implications for anyone responsible for managing the ever‑growing list of applications inside their organization. In this post, I’ll break down why this matters, how it can help you regain control of your app landscape, and—most importantly—how to automate it. I spent a good chunk of time figuring this out so you don’t have to. So… what exactly is this new feature? In short: you can now cleanly deactivate an app registration without deleting it. Historically, if you needed to stop an app from being used in your tenant, your only real option was to delete the service principal. That worked fine for throwaway apps, but for anything with configuration, history, or future relevance, deletion was a non‑starter. You either lived with the r...
Post a Comment
Read more

The Identity Lifecycle Is Your Real Attack Surface

-
Image
Most breaches do not start with a firewall. They start with a forgotten account. Oftentimes, we neglect to acknowledge that identities are the heartbeat of the user and the user can be exploited. Even if they are no longer with the organization. However, the same can also be said about those who still remain. As an organization, it is absolutely crucial that you recognize these phases and take the necessary precautions to prevent them from being used against you. The Joiner Welcome to the organization! We understand that you need tools and roles to do your job. Here: take Global Administrator, Admin access to your Entra Connect server, and the keys to your on-premise Exchange server. While we're at it, we will not govern this at all and give you free reign. Can you identify the issues in this statement? If so, then you'll know that more often than not, this happens in the wild. Not having a proper onboarding process can introduce over-permissions and give way to a whole slew of...
Post a Comment
Read more

The 5 Species You’ll Meet in Entra — and How to Optimize Them

-
  [Insert National Geographic Narrator Here…] Welcome… to the vast and vibrant land of Entra — a sprawling digital ecosystem teeming with life. Here, hundreds of species coexist in a delicate balance, each playing a unique role in the survival of the tenantlands. Some are harmless grazers. Some are apex predators. Some are invasive species that should have been removed seasons ago. Today, we embark on an expedition deep into this identity wilderness to study several of the most fascinating creatures you’ll encounter. Observe closely. Take notes. And do not forget to feed the Admin on your way out. The Default User (defaultious homosapiens) The everyday creature who just wants their email to work. Habitat: Roams freely across Outlook plains and Teams barrens. Occasionally wanders into SharePoint by accident. Conservation Status: Vulnerable The defaultious homosapiens is a gentle, hardworking species. They thrive in predictable environments and become distressed when confronted w...
Post a Comment
Read more