219 domain admins.

🔧 Jobbar du med Microsoft‑teknik? Då är Experts Live Sweden 2026 konferensen du inte vill missa. Registrera dig: expertslive.se Communitydrivet. Ideellt. Fullt fokus på Microsoft‑stacken. #Microsoft #ELSE26 #ExpertsLive

Azure Bastion CVE-2025-49752 👀 CVSS Score: 10/10 Affected: All Azure Bastion deployments prior to the security update released on November 20, 2025 zeropath.com/blog/azure-bast…

Key things seen in ransomware incidents: 1) VPN does not require MFA 2) Standard User VPN access gives access to management interfaces 3) LDAP access leads to domain admin via: Passwords in description fields, kerberoasting and other common escalation points (but seriously the above is major) 4) the backup servers are primary corp domain joined 5) the vcenter servers are primary corp domain joined this gives the threat actor the ability to: > destroy your backups > destroy your virtual infrastructure > delete/encrypt your data > exfiltrate the data

I'm just going to leave this here, as I keep seeing surprised faces when I tell people about Windows Hello multifactor unlock. Yes, you can enforce 2️⃣ factors to unlock your Windows machine! See for yourself. learn.microsoft.com/en-us/wi…

🎉 A warm welcome to all the new MVPs! 🎉 You’ve joined a global community of passionate experts, builders, and changemakers who go above and beyond to share knowledge, support others, and drive innovation. Whether you’re leading user groups, writing code, creating content, or empowering your local tech ecosystem—your impact matters. And now, you’re officially part of the MVP family. 🙌 Let’s celebrate YOU. Drop a 👋 and let us know where you're from or what community you're most excited to engage with! #MVPBuzz #MicrosoftMVP

What's a red flag in IR 🚩? My colleague @mikael_nystrom takes you through some of the tools of the trade. Read more here: truesec.com/hub/blog/restore…

A series about red flags, what they are and why you need to care @Truesec @mikael_nystrom truesec.com/hub/blog/restore…

Restore and Repair – Don’t Build New After an Incident @Truesec https://www.truesec.comhub/blog/restore-and-repair-dont-build-new-after-an-incident

🤣

Good find. Those licenses cost on average $500,000,000/year. That saved the country potentially hundreds of billions of dollars. Now the government can put that money to good use such as reintroducing lead to paint to keep the photon radioactive waves out of our brains

Enhance your AppManagEvent 2025 visit by attending an exclusive in-person IT-Pro training from top experts like @samilaiho @PaulaCqure @mikael_nystrom @headburgh or @TimothyMangan – before and/or after the event! 🎟️ Bonus: Your training session includes a ticket to the event.

⚡ Check out this new Microsoft Entra blog post 👇 Microsoft Entra PowerShell module now generally available techcommunity.microsoft.com/…

That's him. He's the one forcing us to change our passwords every 90 days.

Hey, Entra ID admins. Do you have Passkey (FIDO2) enabled, and does your setting look like this? Early next year, Passkey in Authenticator will be enabled automatically. If that's okay, sit back and relax while your users become phishing-resistant. If not, please act now!

Wheels up tomorrow morning, prepping for mine and @mikael_nystrom's Masterclass at @NICconf on Wednesday, and our respective sessions on Thursday. #Truesec #NICConf #PreventBreach #MinimizeImpact

Pop quiz, which requirement providers can enforce MFA within Entra ID? #Azure Portal with 'request' & 'App requires MFA' will be next I guess (: github.com/nicolonsky/ITDR/b…

Spent the last couple of days in Stockholm speaking at #Teamsdagen. Made new friends and met old ones as well. The event was a huge success, and kudos to the organizers for an awesome event!

On Friday 4 of October it is time for the next MMUGSE virtual event! We have some great speakers joining us this time: @AhlbergNicklas @headburgh @ronnipedersen @jannik_reinhard @olsen96967 meetup.com/microsoft-managem…

The financially motivated cybercriminal group that Microsoft tracks as Storm-0501 has been observed exfiltrating data and deploying Embargo ransomware after moving laterally from on-premises to the cloud environment. msft.it/6013m5gnf

Understanding EVERY Token in Entra ID 🔎 Not all tokens are equal. There are many different types with different uses and benefits. In this blog, I break down each token and what they are used for and which tokens are the most "valuable" for an attacker to obtain. Full blog here👇👇 @XintraOrg xintra.org/blog/tokens-in-en…