Category: Microsoft Entra

CWL Azure Red Team Certification - What I learned

In the first half of 2026 I followed a paid course on Cyberwarfare.live. The CWL Certified Azure Red Team Specialist (AzRTS) course. On this page I will not dive deep into the topics themselves or step by step hacking but took some notes from what I have learned from doing the course.

Tags:
Categories:

  14 minute read  

Get notifications when Entra ID break glass admins are used

As we want to secure our Break Glass Accounts as good as possible, we cloud want to get alerts when break glass admins are used to login. Maybe they are used on a daily basis, or are being attacked. When we configure notifications, we instantly know when the accounts are being used and can check why a login has taken place. In this guide we will configure this without Microsoft Sentinel. If you already have a Sentinel workspace, the recommended action is to configure it there and to configure a automation rule/playbook.

Tags:
Categories:

  6 minute read  

How to properly secure Break Glass Accounts in your Entra ID

In our environment, we will do everything to secure it as much as possible. We give users only the permissions they need and only at given times, we enable Conditional Access to limit access to our data as much as possible. But we also create Break Glass administrator accounts as our last resort, a method to login if everything else doesn’t work. Security wise, this sounds against all rules but we prefer a account to login in emergency situations over a complete tenant lockout. To help you secure break glass administrator accounts, I have 10 generic industry-known guidelines for these accounts which you can implement relatively easy. These help you on top of all other security mechanisms (CA/MFA/PIM/Least privilege) securing, decreasing the chance of lockouts and decrease the value for possible attackers.

Tags:
Categories:

  5 minute read  

Match AD users using Entra Connect Sync and MSGraph

Sometimes, it is necessary to match an existing local Active Directory (AD) user through Entra Connect with an existing Entra ID user (formerly known as Azure AD). This process ensures that the account in both environments is aligned and maintains the same underlying configurations and settings across systems.

Tags:
Categories:

  4 minute read  

Implement Certificate-based authentication for Entra ID scripts

When using Entra ID, we can automate a lot of different tasks. We can use a script processing server for this task but doing that normally means we have to save credentials or secrets in our scripts. Something we don’t want. Today I will show how to implement certificate-based authentication for App Registrations instead of using a client secret (which still feels like a password and matches it’s unsafety).

Tags:
Categories:

  5 minute read  

Audit your Entra ID user role assignments

Today I have a relatively short blog post. I have created a script that exports all Entra ID user role assignments with Microsoft Graph. This can come in handy when auditing your users, but then realizing the portals doesn’t always show you the information in the most efficient way. Therefore, I have created a script that only gets all Entra ID role assignments to users of every role and exports it to a nice and readable CSV file.

Tags:
Categories:

  3 minute read  

Audit your privileged Entra ID applications

In Microsoft Entra ID it’s possible to create App registrations and Enterprise applications who can get high privileges if not managed and monitored regularly. We do our best with Identities to be secure, with security processes like MFA, access reviews and such, but most of the companies don’t care that much about the Enterprise applications. In this post, I will try to convince you that this is as much as important as identities. For helping you to solve this I built a PowerShell script to get a complete overview of all the applications and their permissions.

Tags:
Categories:

  7 minute read  

All Categories