The goal of this article is to present and explain implicit risks related to workload identity federation feature available in Entra ID and Azure infrastructure. The upsides of using it are well known and advertised. What’s more difficult to find, is the summary of main risks attached to the use... [Read More]

I recently had several conversations related to smart lockout feature in Entra ID. Based on those, it occurred to me that inner workings of this feature are not as widely known as I assumed. [Read More]

Some interesting changes happened recently (within last year 😉) in the area of highly privileged (i.e. control plane or Tier 0 in legacy terms) Azure infrastructure RBAC model roles. Up until now, the classic trio of control plane privileged roles with direct control over Azure infrastructure was limited to: [Read More]

If you need to get information about the size of billable data ingested per Log Analytics table with an indication of Azure subscription responsible for generation of that data, use the following KQL query: [Read More]

If you need to get information about the size of billable data ingested into given Log Analytics workspace (with or without Sentinel solution installed), use the following KQL query: [Read More]