Cyber Intelligence
๐Ÿ“„

Identity Security

5 articles in this category

๐Ÿ“„
Identity SecurityJun 28, 2026

SyncJacking: Protect Privileged Entra Identities from AD Sync Takeover

SyncJacking is an attack technique that exploits Entra Connect Sync hard-matching to let an on-premises AD attacker take over cloud-privileged Entra ID accounts. Microsoft enforced hard-match blocking for role-assigned users on June 1, 2026, but most tenants still have gaps. Here is how to audit your hybrid environment and lock down privileged identities before attackers exploit the window.

entra-idactive-directoryzero-trust
๐Ÿ“„
Identity Security16 min readJun 18, 2026

NHI (Non-Human Identity) Governance: Beyond the Basics

A leaked service principal secret with Contributor access caused a lateral movement chain that took three days to contain. Most organizations have more non-human identities than users, but fewer than 10% have a credential rotation policy that actually runs. This guide covers credential lifecycle automation, ownership attribution, workload identity federation, and the KQL queries that surface your riskiest NHIs before they become incidents.

Non-Human IdentityNHI SecurityWorkload Identity
๐Ÿ“„
Identity Security15 min readJun 16, 2026

Entra ID External Identities Security: Governing B2B Guest Access at Scale

The average enterprise Entra ID tenant has a guest-to-member ratio approaching 1:1, and most of those guest accounts predate the conditional access policies built for employees. This guide covers Cross-Tenant Access Settings, invitation restrictions, CA policy gaps, Azure RBAC cleanup, Entra ID Access Reviews with auto-deny, and the KQL queries needed to find stale guests before they become incidents.

Entra IDB2B Guest AccessIdentity Security
๐Ÿ“„
Identity Security18 min readMay 19, 2026

Entra ID Workload Identity Federation: Replacing Secrets with Certificates at Scale

Most Azure tenants accumulate hundreds of client secrets across service principals, with no owner tracking and no rotation discipline. Workload identity federation eliminates this category of risk entirely by replacing stored credentials with OIDC token exchange. This guide covers the migration playbook from secrets to federation across GitHub Actions, Terraform, and AKS at scale.

Entra IDWorkload IdentityFederated Credentials