Introduction - why do we need to protect the authentication factor registration process? I believe we can all agree that relying on the password alone isn’t a viable authentication strategy anymore - if it ever truly was. As such, enforcing multi-factor authentication for user sign-ins shall be a critical priority... [Read More]

No, I am not going to bore you to tears with another article on how refresh tokens, access tokens and session cookies work and how their implementation in Microsoft Entra ID looks like. In this article, I would rather like to consider specific sub-types of refresh tokens and session cookies... [Read More]

The goal of this article is to present and explain implicit risks related to workload identity federation feature available in Entra ID and Azure infrastructure. The upsides of using it are well known and advertised. What’s more difficult to find, is the summary of main risks attached to the use... [Read More]

I recently had several conversations related to smart lockout feature in Entra ID. Based on those, it occurred to me that inner workings of this feature are not as widely known as I assumed. [Read More]

Some interesting changes happened recently (within last year 😉) in the area of highly privileged (i.e. control plane or Tier 0 in legacy terms) Azure infrastructure RBAC model roles. Up until now, the classic trio of control plane privileged roles with direct control over Azure infrastructure was limited to: [Read More]