Tag: Incident Response
-
Microsoft Entra Backup and Recovery: A Practitioner’s Guide to What it Does and Does Not Solve
On 19 March 2026, Microsoft quietly released one of the most requested enterprise identity features to Public Preview: a native, platform-managed backup and point-in-time recovery capability for Entra ID tenant configuration. No big announcement, no Message Centre notification. Just a new blade in the Entra admin centre. This post cuts through the surface-level excitement, maps…
-
Exploring Conditional Access Bypasses in Microsoft Entra ID
Conditional Access is the backbone of Zero Trust in Microsoft Entra ID, yet real world attacks increasingly demonstrate how it can be bypassed. From device and token abuse to built in exclusions and misunderstood session controls, attackers exploit gaps that many organisations assume are protected. Triggered by Microsoft’s upcoming change in February 2026, where session…
-
Mastering Microsoft Sentinel: 25 KQL Queries for Powerful Threat Detection
Unlock the power of Microsoft Sentinel with this comprehensive guide featuring 25 essential KQL queries for potent threat detection. In this post, you’ll discover expertly crafted queries designed to identify a range of adversary tactics—from password spraying and suspicious PowerShell executions to unusual login patterns and obfuscated scripts. Whether you’re looking to refine your current…