Welcome to my blog!
This blog is about Microsoft Security and cybersecurity in general.
All writings are human operated, un-copiloted and opinions are that of my own.
If the author should hallucinate, contact him via LinkedIn or let him know in the comments.
-
Protecting VMs from rootkits using Trusted Launch
In this blog post we’ll dip our feet into the world of rootkits and bootkits and how we can defend ourselves against them in Azure. Azure Virtual Machine security has improved a lot since Windows Server 2016. Terms like Trusted Launch and Secure Boot are being thrown around, but do we really understand what these…
-
Is permanent admin access elevation to User Access Administrator role a risk?
I once bumped into a customer who said their Global Administrators all have the access elevation toggle switch permanently turned on, so that they all have the User Access Administrator role assigned at the root level all the time for environment-wide visibility. The justification for this was, that the access elevation cannot be controlled in…
-
Managing your FIDO YubiKey with YubiKey Manager
I needed to check what accounts I have in my YubiKeys and do some housekeeping to delete unnecessary accounts. I figured there has to be some way to do this and found out that Yubico has a nifty command line tool called YubiKey Manager that does exactly that. This isn’t a new tool and it…
-
No more SMTP with Basic Authentication for you! Can I get you OAuth instead?
Microsoft has set a date for deprecating basic authentication for client submissions (SMTP AUTH) in Exchange Online. That date is September 2025. In this blog post I will guide through what you need to know and what you need to do to avoid service interruption or downtime. Let’s start! Disclaimer: This article only applies to…
-
Restrict personal access token usage in Azure DevOps
There’s two takeaways in this blog post and I’m going to give them away right here in the beginning. According to Azure DevOps documentation all token data like SSH keys and personal access tokens (PATs) are stored in US region. No matter where your DevOps organization resides. You should be aware of this especially if…
-
Zero Trust alert: Secure your Azure resource access using constrained delegation
Did you know that you can now delegate Azure RBAC assignments to ease your own burden as administrator? There has always been a possibility to assign Owner or User Access Administrator role, but what if you wanted to delegate the assignment process to someone without them being able to delegate it further or being able…
Disclaimer: Due to the high pace of cloud evolvement all information on this site is provided ‘as-is’, with no warranties included. The author of this blog is not responsible of your actions.