Eric Woodruff
@ericonidentity.com
Entra nerd currently @ #Semperis. Parent. Partner. MS Security MVP. Views are those of my cat.
I’ve been finding the #Entra Usage & Insights report useless lately when it comes to #passkey reporting.
Why? It’s broken.
It’s concerning that this seems to be an ongoing issue that isn’t tenant specific and Microsoft hasn’t caught it.
#EntraID
ericonidentity.com/2025/09/02/e...
Why? It’s broken.
It’s concerning that this seems to be an ongoing issue that isn’t tenant specific and Microsoft hasn’t caught it.
#EntraID
ericonidentity.com/2025/09/02/e...
Entra Useless Insights Report - Eric on Identity
Exploring the Entra Usage & Insights report on MFA usage, and the issues with the reports lack of accuracy, as well as a workaround.
ericonidentity.com
September 3, 2025 at 1:43 PM
I’ve been finding the #Entra Usage & Insights report useless lately when it comes to #passkey reporting.
Why? It’s broken.
It’s concerning that this seems to be an ongoing issue that isn’t tenant specific and Microsoft hasn’t caught it.
#EntraID
ericonidentity.com/2025/09/02/e...
Why? It’s broken.
It’s concerning that this seems to be an ongoing issue that isn’t tenant specific and Microsoft hasn’t caught it.
#EntraID
ericonidentity.com/2025/09/02/e...
Reposted by Eric Woodruff
I have a new post out on the @netspi.bsky.social blog today. This one is on extracting sensitive information from the Azure Load Testing service. www.netspi.com/blog/technic...
Extracting Sensitive Information from Azure Load Testing
Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.
www.netspi.com
July 1, 2025 at 8:47 PM
I have a new post out on the @netspi.bsky.social blog today. This one is on extracting sensitive information from the Azure Load Testing service. www.netspi.com/blog/technic...
Reposted by Eric Woodruff
Quote of the day:
“MSFT has architected themselves into this corner”
#fwdcloudsec25
@ericonidentity.com
“MSFT has architected themselves into this corner”
#fwdcloudsec25
@ericonidentity.com
Home - Eric on Identity
This blog is about all things identity and identity adjacent. Right now, the focus is primarily on Azure AD and the Microsoft identity world, but it could have potential to expand in the future.
ericonidentity.com
June 30, 2025 at 8:12 PM
Quote of the day:
“MSFT has architected themselves into this corner”
#fwdcloudsec25
@ericonidentity.com
“MSFT has architected themselves into this corner”
#fwdcloudsec25
@ericonidentity.com
Going right from @wearetroopers.bsky.social in Heidelberg to @fwdcloudsec.org in Denver ✈️ - from one excellent conference to another!
I’m looking forward to speaking Monday @ 2:00pm in track 1 on the dangers of #nOAuth, with some new and tweaked slides and talking points!
#Entra #EntraID
I’m looking forward to speaking Monday @ 2:00pm in track 1 on the dangers of #nOAuth, with some new and tweaked slides and talking points!
#Entra #EntraID
June 29, 2025 at 6:54 AM
Going right from @wearetroopers.bsky.social in Heidelberg to @fwdcloudsec.org in Denver ✈️ - from one excellent conference to another!
I’m looking forward to speaking Monday @ 2:00pm in track 1 on the dangers of #nOAuth, with some new and tweaked slides and talking points!
#Entra #EntraID
I’m looking forward to speaking Monday @ 2:00pm in track 1 on the dangers of #nOAuth, with some new and tweaked slides and talking points!
#Entra #EntraID
Reposted by Eric Woodruff
nOAuth revisited by @ericonidentity.com at @wearetroopers.bsky.social
June 25, 2025 at 2:06 PM
nOAuth revisited by @ericonidentity.com at @wearetroopers.bsky.social
At @wearetroopers.bsky.social I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well.
You can read all about it here:
#Entra #M365 #infosec
www.semperis.com/blog/noauth-...
You can read all about it here:
#Entra #M365 #infosec
www.semperis.com/blog/noauth-...
New nOAuth Abuse Alert: Entra Cross-Tenant Saas Apps at Risk
Think nOAuth abuse is old news? We wish. Our recent testing shows that nearly 10% of apps in the Microsoft Entra Gallery remain vulnerable.
www.semperis.com
June 25, 2025 at 4:56 PM
At @wearetroopers.bsky.social I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well.
You can read all about it here:
#Entra #M365 #infosec
www.semperis.com/blog/noauth-...
You can read all about it here:
#Entra #M365 #infosec
www.semperis.com/blog/noauth-...
On the way to #TROOPERS25. The short flight is down… just waiting for the long one to Frankfurt.
Looking forward to talking about #nOAuth with #Entra… sadly it’s still a thing 😑
#EntraID #infosec @wearetroopers.bsky.social
Looking forward to talking about #nOAuth with #Entra… sadly it’s still a thing 😑
#EntraID #infosec @wearetroopers.bsky.social
June 23, 2025 at 9:32 PM
On the way to #TROOPERS25. The short flight is down… just waiting for the long one to Frankfurt.
Looking forward to talking about #nOAuth with #Entra… sadly it’s still a thing 😑
#EntraID #infosec @wearetroopers.bsky.social
Looking forward to talking about #nOAuth with #Entra… sadly it’s still a thing 😑
#EntraID #infosec @wearetroopers.bsky.social
Reposted by Eric Woodruff
Did you know you can send LAPS passwords to Entra on Server OS? Neither did @adamgrosstx.bsky.social or I until yesterday! Just need to hybrid join the server(s) and set the GPO to backup to "AAD"! Neat!
April 30, 2025 at 12:33 AM
Did you know you can send LAPS passwords to Entra on Server OS? Neither did @adamgrosstx.bsky.social or I until yesterday! Just need to hybrid join the server(s) and set the GPO to backup to "AAD"! Neat!
Obligatory photo from airplane en route to the #mvpsummit
March 22, 2025 at 9:29 AM
Obligatory photo from airplane en route to the #mvpsummit
Reposted by Eric Woodruff
The last two months have been a chaotic whirlwind of emotions and activity. I needed to talk about it, so I did: jakehildreth.github.io/blog/2025/03...
New Job! New MVP?
Hi.
jakehildreth.github.io
March 9, 2025 at 12:10 AM
The last two months have been a chaotic whirlwind of emotions and activity. I needed to talk about it, so I did: jakehildreth.github.io/blog/2025/03...
Reposted by Eric Woodruff
Yesterday morning, I woke up to an email from Microsoft with the subject "Congratulations on your Microsoft MVP award". I immediately thought it was a phish, but I dug a bit further.
It's real! 🤯 I was selected as an MVP in "PowerShell" and "Identity & Access"!
It's real! 🤯 I was selected as an MVP in "PowerShell" and "Identity & Access"!
March 2, 2025 at 10:55 AM
Yesterday morning, I woke up to an email from Microsoft with the subject "Congratulations on your Microsoft MVP award". I immediately thought it was a phish, but I dug a bit further.
It's real! 🤯 I was selected as an MVP in "PowerShell" and "Identity & Access"!
It's real! 🤯 I was selected as an MVP in "PowerShell" and "Identity & Access"!
Reposted by Eric Woodruff
📢 To all attendees, sponsors, and speakers of MC2MC Connect!
📸 We have uploaded all the event photos to the Gallery page on the MC2MC Connect website, so you can look back and relive the day!
🔗 connect.mc2mc.be/gallery/
#MC2MC #ConnectMC2MC #MC2MCConnect
📸 We have uploaded all the event photos to the Gallery page on the MC2MC Connect website, so you can look back and relive the day!
🔗 connect.mc2mc.be/gallery/
#MC2MC #ConnectMC2MC #MC2MCConnect
February 25, 2025 at 3:54 PM
📢 To all attendees, sponsors, and speakers of MC2MC Connect!
📸 We have uploaded all the event photos to the Gallery page on the MC2MC Connect website, so you can look back and relive the day!
🔗 connect.mc2mc.be/gallery/
#MC2MC #ConnectMC2MC #MC2MCConnect
📸 We have uploaded all the event photos to the Gallery page on the MC2MC Connect website, so you can look back and relive the day!
🔗 connect.mc2mc.be/gallery/
#MC2MC #ConnectMC2MC #MC2MCConnect
If you work in, around, near, adjacent, or so on, to #identity, including #infosec and #Entra, you should fill out the #IDPro skills survey. It takes five minutes and really helps in understanding the industry landscape.
www.surveymonkey.com/r/L9QB6T2
www.surveymonkey.com/r/L9QB6T2
IDPro 2025 Skills, Programs, and Diversity Survey
Take this survey powered by surveymonkey.com. Create your own surveys for free.
www.surveymonkey.com
February 20, 2025 at 8:16 PM
If you work in, around, near, adjacent, or so on, to #identity, including #infosec and #Entra, you should fill out the #IDPro skills survey. It takes five minutes and really helps in understanding the industry landscape.
www.surveymonkey.com/r/L9QB6T2
www.surveymonkey.com/r/L9QB6T2
I received an interesting #M365 subscription email the other week, that turned out to be a scam.
I figured I'd pick it apart, and found it curious enough to share the details.
#entra #infosec #m365security #azure
ericonidentity.com/2025/02/20/a...
I figured I'd pick it apart, and found it curious enough to share the details.
#entra #infosec #m365security #azure
ericonidentity.com/2025/02/20/a...
An interesting M365 billing scam - Eric on Identity
A look at a recent spam scam email that I received, trying to understand what mechanism the attacker is using to deliver the scam email.
ericonidentity.com
February 20, 2025 at 2:27 PM
I received an interesting #M365 subscription email the other week, that turned out to be a scam.
I figured I'd pick it apart, and found it curious enough to share the details.
#entra #infosec #m365security #azure
ericonidentity.com/2025/02/20/a...
I figured I'd pick it apart, and found it curious enough to share the details.
#entra #infosec #m365security #azure
ericonidentity.com/2025/02/20/a...
Reposted by Eric Woodruff
We’re pleased to announce the next speaker for MC2MC Connect: @ericonidentity.com 🚀
In this session, Eric will dive deep into the most common questions about app registrations, enterprise apps, and service principals. 🔍🛡️
🔗 tinyurl.com/5dxvnsn4
#MC2MC #ConnectMC2MC
In this session, Eric will dive deep into the most common questions about app registrations, enterprise apps, and service principals. 🔍🛡️
🔗 tinyurl.com/5dxvnsn4
#MC2MC #ConnectMC2MC
January 28, 2025 at 11:09 AM
We’re pleased to announce the next speaker for MC2MC Connect: @ericonidentity.com 🚀
In this session, Eric will dive deep into the most common questions about app registrations, enterprise apps, and service principals. 🔍🛡️
🔗 tinyurl.com/5dxvnsn4
#MC2MC #ConnectMC2MC
In this session, Eric will dive deep into the most common questions about app registrations, enterprise apps, and service principals. 🔍🛡️
🔗 tinyurl.com/5dxvnsn4
#MC2MC #ConnectMC2MC
Reposted by Eric Woodruff
Zuckerberg "loved" an AI slop image on a spam page that also posts AI images of children with amputations, elderly people, fake images of graves, links offsite to ad-loaded pages, etc. Exciting stuff for me
www.404media.co/zuckerberg-l...
www.404media.co/zuckerberg-l...
Zuckerberg 'Loves' AI Slop Image From Spam Account That Posts Amputated Children
Zuckerberg seems to enjoy the spam that has taken over his flagship product.
www.404media.co
January 22, 2025 at 7:39 PM
Zuckerberg "loved" an AI slop image on a spam page that also posts AI images of children with amputations, elderly people, fake images of graves, links offsite to ad-loaded pages, etc. Exciting stuff for me
www.404media.co/zuckerberg-l...
www.404media.co/zuckerberg-l...
If you consume multi-tenant apps in #EntraID, and they’ve been granted consent to do things in your tenant, you can spy on the auth choices your vendor makes - secrets or certs - in the logs available in your #Entra tenant.
#infosec #m365 #azure
ericonidentity.com/2025/01/13/s...
#infosec #m365 #azure
ericonidentity.com/2025/01/13/s...
Spying on your ISVs credential choices - Eric on Identity
Examining Entra ID sign-in and graph activity logs to determine what type of credentials your ISVs use in their multi-tenant applications.
ericonidentity.com
January 16, 2025 at 12:12 PM
With all the speaking I burnt and crashed a bit towards the end of 2024. I plan on writing about the speaking experience… but first hoping to get back into writing more as I research stuff. Hope to have both a personal blog and Semperis blog article out this week 🤞.
January 9, 2025 at 12:33 AM
With all the speaking I burnt and crashed a bit towards the end of 2024. I plan on writing about the speaking experience… but first hoping to get back into writing more as I research stuff. Hope to have both a personal blog and Semperis blog article out this week 🤞.
January 4, 2025 at 8:57 PM
Great advice; received a variant of this last week that had an old password I used to use in it 😅
Have you received an email from an alleged hacker with an attached PDF that includes your name, a picture of your house, and a threat to leak embarrassing info or photos to your friends and family? Don’t panic. 🧵 (1/7)
December 13, 2024 at 10:30 PM
Great advice; received a variant of this last week that had an old password I used to use in it 😅
Reposted by Eric Woodruff
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
December 12, 2024 at 3:59 PM
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
Reposted by Eric Woodruff
The Moynihan Train Hall Starbucks is an absolute machine of efficiency.
December 5, 2024 at 1:43 PM
The Moynihan Train Hall Starbucks is an absolute machine of efficiency.
Reposted by Eric Woodruff
🦋 Introducing bluesky.ms 👏 = A crowdsourced database of anyone and everyone in the Microsoft community on Bluesky.
👉 Add yourself and anyone you know today 👈
🫂 All are welcome.
This is my v1, I'll add options to directly follow from the site itself but first 👇
LET'S FILL IT UP! 🙏
👉 Add yourself and anyone you know today 👈
🫂 All are welcome.
This is my v1, I'll add options to directly follow from the site itself but first 👇
LET'S FILL IT UP! 🙏
Search bluesky.ms
Use this page to search for the Microsoft community on bluesky.ms.
bluesky.ms
November 8, 2024 at 3:51 PM
🦋 Introducing bluesky.ms 👏 = A crowdsourced database of anyone and everyone in the Microsoft community on Bluesky.
👉 Add yourself and anyone you know today 👈
🫂 All are welcome.
This is my v1, I'll add options to directly follow from the site itself but first 👇
LET'S FILL IT UP! 🙏
👉 Add yourself and anyone you know today 👈
🫂 All are welcome.
This is my v1, I'll add options to directly follow from the site itself but first 👇
LET'S FILL IT UP! 🙏
Reposted by Eric Woodruff
It is the biggest con in cyber security, hands down. There is *no data* that it changes cyber security *outcomes.*
I theorize that most people intuitively know this, but because "improving click rate" is easy to track (and game), many performatively champion it as a "good metric" for security.
I theorize that most people intuitively know this, but because "improving click rate" is easy to track (and game), many performatively champion it as a "good metric" for security.
November 28, 2024 at 1:43 PM
It is the biggest con in cyber security, hands down. There is *no data* that it changes cyber security *outcomes.*
I theorize that most people intuitively know this, but because "improving click rate" is easy to track (and game), many performatively champion it as a "good metric" for security.
I theorize that most people intuitively know this, but because "improving click rate" is easy to track (and game), many performatively champion it as a "good metric" for security.