Conditional-Access
Lessons from the field. Always landing on my feet.
Block Device Code Phishing in Entra Without Breaking Legit Workflows
Device code phishing is nasty because the user does not hand over a password. They hand over a session. The lure sends the victim to a legitimate Microsoft device sign-in page. The victim enters a short code. Entra ID issues tokens to the attackerβs β¦
Detecting OAuth Redirect Abuse with Microsoft Sentinel and Entra ID
On March 2, 2026, Microsoft published an advisory on OAuth redirection abuse enabling phishing and malware delivery. Microsoft described phishing-led campaigns where attackers register OAuth apps with attacker-controlled redirect URIs, then send β¦
March 2026 Entra ID Changes: Passkey Auto-Enablement and Conditional Access Enforcement
Microsoft began shipping two Entra ID changes in March 2026 that affect how users authenticate. Neither change required administrator action to take effect, and that is precisely the risk. If you have not already reviewed these settings, Microsoft β¦