Profile avatar
ericonidentity.com
Entra nerd currently @ #Semperis. Parent. Partner. MS Security MVP. Views are those of my cat.
62 posts 1,558 followers 487 following
Prolific Poster
Conversation Starter
Posts 32 Comments 18

Obligatory photo from airplane en route to the #mvpsummit

submitted 6 days ago • 0 comments

The last two months have been a chaotic whirlwind of emotions and activity. I needed to talk about it, so I did: jakehildreth.github.io/blog/2025/03...

submitted 20 days ago • 1 comment

Yesterday morning, I woke up to an email from Microsoft with the subject "Congratulations on your Microsoft MVP award". I immediately thought it was a phish, but I dug a bit further. It's real! 🤯 I was selected as an MVP in "PowerShell" and "Identity & Access"!

submitted 26 days ago • 3 comments

📢 To all attendees, sponsors, and speakers of MC2MC Connect! 📸 We have uploaded all the event photos to the Gallery page on the MC2MC Connect website, so you can look back and relive the day! 🔗 connect.mc2mc.be/gallery/ #MC2MC #ConnectMC2MC #MC2MCConnect

submitted 31 days ago • 0 comments

If you work in, around, near, adjacent, or so on, to #identity, including #infosec and #Entra, you should fill out the #IDPro skills survey. It takes five minutes and really helps in understanding the industry landscape. www.surveymonkey.com/r/L9QB6T2

submitted 36 days ago • 0 comments

I received an interesting #M365 subscription email the other week, that turned out to be a scam. I figured I'd pick it apart, and found it curious enough to share the details. #entra #infosec #m365security #azure ericonidentity.com/2025/02/20/a...

submitted 36 days ago • 1 comment

We’re pleased to announce the next speaker for MC2MC Connect: @ericonidentity.com 🚀 In this session, Eric will dive deep into the most common questions about app registrations, enterprise apps, and service principals. 🔍🛡️ 🔗 tinyurl.com/5dxvnsn4 #MC2MC #ConnectMC2MC

submitted 59 days ago • 0 comments

Zuckerberg "loved" an AI slop image on a spam page that also posts AI images of children with amputations, elderly people, fake images of graves, links offsite to ad-loaded pages, etc. Exciting stuff for me www.404media.co/zuckerberg-l...

submitted 65 days ago • 9 comments

If you consume multi-tenant apps in #EntraID, and they’ve been granted consent to do things in your tenant, you can spy on the auth choices your vendor makes - secrets or certs - in the logs available in your #Entra tenant. #infosec #m365 #azure ericonidentity.com/2025/01/13/s...

submitted 71 days ago • 0 comments

With all the speaking I burnt and crashed a bit towards the end of 2024. I plan on writing about the speaking experience… but first hoping to get back into writing more as I research stuff. Hope to have both a personal blog and Semperis blog article out this week 🤞.

submitted 79 days ago • 2 comments

Looking forward to when I can talk about the more interesting case 👀 #MSRC #Entra

submitted 83 days ago • 1 comment

Great advice; received a variant of this last week that had an old password I used to use in it 😅

submitted 105 days ago • 0 comments

Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃

submitted 106 days ago • 3 comments

Oh by the way

submitted 112 days ago • 9 comments

The Moynihan Train Hall Starbucks is an absolute machine of efficiency.

submitted 113 days ago • 0 comments

🦋 Introducing bluesky.ms 👏 = A crowdsourced database of anyone and everyone in the Microsoft community on Bluesky. 👉 Add yourself and anyone you know today 👈 🫂 All are welcome. This is my v1, I'll add options to directly follow from the site itself but first 👇 LET'S FILL IT UP! 🙏

submitted 140 days ago • 60 comments

It is the biggest con in cyber security, hands down. There is *no data* that it changes cyber security *outcomes.* I theorize that most people intuitively know this, but because "improving click rate" is easy to track (and game), many performatively champion it as a "good metric" for security.

submitted 120 days ago • 21 comments

submitted 124 days ago • 0 comments

Which do I pick for SSO?!? #EntraID vs #AzureAD

submitted 121 days ago • 3 comments

Looking forward to that fresh MSRC case smell…

submitted 122 days ago • 1 comment

Celebrating 4 years of the "#MicrosoftEntra Attack & Defense Playbook" 🔐 ☁️ community project! Last week, @samilamppu.bsky.social and I took the opportunity to record a video about the journey of this project, from research to writing process. #MVPBuzz #TechCommunity www.youtube.com/watch?v=fBD1...

submitted 122 days ago • 2 comments

If you use SimpleSAMLphp get ready to patch or update on 1st or 2nd December

submitted 123 days ago • 0 comments

Device-bound #passkeys in #EntraID are finally GA https://aka.ms/Ignite2024/entra #AiTM #Security #FIDO2

submitted 127 days ago • 2 comments

When you’re cleaning up your lab and trying to recall what the server you named trashcan was for… 🧐

submitted 127 days ago • 1 comment

I created a starter pack for those just joining Bluesky to follow some great people talking #microsoft #identity and #security to get you started! Follow and Share! #msignite go.bsky.app/FkPKwkK

submitted 127 days ago • 3 comments

For those that *really* miss the old AAD portal: rc-aad.portal.azure.com#view/Microso... #Entra #EntraID

submitted 129 days ago • 1 comment

Still hard to not laugh when you see Microsoft apps having to resort to these naming conventions in your #Entra tenant 😅

submitted 130 days ago • 1 comment

Haven’t been around these parts in a while. En route to #HIPConf24, where I’ll be presenting on #UnOauthorized tomorrow, as well as joining a panel with Thomas Naunheim on workload identities, and having some good hallway conversations. Looking forward to seeing folks! #Entra #EntraID #infosec

submitted 136 days ago • 2 comments

I've been quiet on here for a while, but wanted to share the blog that details much of UnOAuthorized from my #bhusa talk yesterday. #blackhat #blackhat2024 #EntraID #azure #microsoft365 #microsoft #infosec www.semperis.com/blog/unoauth...

submitted 232 days ago • 0 comments

The obligatory starting my journey to the MVP Summit picture 😜😎 #mvpbuzz

submitted 383 days ago • 0 comments

When you spend a lot of personal time and effort to speak at a conference in a vendor-neutral spot that you had to really put the work in to earn, the conference management team should in turn exclude you from the list of attendees that they give to sponsors. #infosec #cybersecurity #conferences

submitted 520 days ago • 1 comment

Just published a new post: How to Securely Connect to Azure VMs and Use RDP Bastion, Virtual Network Gateway, VPN, Azure Cloud PowerShell and more #CyberSecurity github.com/HotCakeX/Har...

submitted 551 days ago • 0 comments