Profile avatar
merill.net
Product Manager @microsoft | Creator of bluesky.ms • cmd.ms • idPowerToys.merill.net • Graph X-Ray • 🇦🇺 • 🇱🇰 • Posts my own http://youtube.com/@merillx Sign up to my newsletter https://entra.news
2,906 posts 5,629 followers 4,376 following
Regular Contributor
Active Commenter
Posts 20 Comments 29

👋 We just sent out this week's Entra community newsletter. ➡️ Check it out at entra.news/p/entra-n...

submitted 16 hours ago • 0 comments

This is a fun one :) Let's say you have a Conditional Access policy requiring MFA for All resources, and then you exclude one resource Did you know that also automatically adds additional exlusions for some low privileged scopes depending on client app? learn.microsoft.com/...

submitted 3 days ago • 3 comments

A quick reminder that security keys are the best MFA option for Emergency Access accounts. All other MFA options have external dependencies that could have an outage and block tenant access in an 'emergency'! See learn.microsoft.com/...

submitted 3 days ago • 1 comment

Hi #Community, 💻 Although not new but from my perspective somewhat forgotten a new blog post on Temporary Access Pass (TAP) in combination with the Web Sign-in feature in #Intune. 💻 #MVPBuzz Read all about it here 👇 intunestuff.com/2025/02/18/t...

submitted 5 days ago • 2 comments

Storm-2372 conducts a device code phishing campaign. Update on Feb 14, 2025: 'Within the past 24 hours, MS has observed Storm-2372 shifting to using the specific client ID for MS AuthBroker in the device code sign-in flow. Read the full story below 👇 www.microsoft.com/en-us/securi...

submitted 6 days ago • 0 comments

👋 We just sent out this week's Entra newsletter. Read at entra.news/p/entra-n...

submitted 7 days ago • 2 comments

Forgive your Entra ID admins, for they know not what they do. In most orgs, IAM is not owned by security. Therefore, security must inform IAM. You MUST defend against modern cloud phishing techniques for INITIAL ACCCESS. Here are 4 of the top vectors when MFA is enforced:

submitted 13 days ago • 2 comments

Yes this is expected 👇 Here's what you should do depending on your licensing. ✅ Entra ID Free Set directory level portal time out learn.microsoft.com/azure/azure-... ✅ E3 / Entra ID P1 Configure a sign in frequency for all admin roles ✅ E5 / Entra ID P2 Enable PIM for admin roles

submitted 14 days ago • 2 comments

I came across GraphPreConsentExplorer which lets you extract a list of first party apps and their pre-consented permissions 👇 www.reddit.com/r/ent...

submitted 13 days ago • 4 comments

Yes this is expected 👇 Here's what you should do depending on your licensing. ✅ Entra ID Free Set directory level portal time out learn.microsoft.com/azure/azure-... ✅ E3 / Entra ID P1 Configure a sign in frequency for all admin roles ✅ E5 / Entra ID P2 Enable PIM for admin roles

submitted 14 days ago • 2 comments

Any M365 folks around here?

submitted 14 days ago • 14 comments

It's a pity Apple doesn't add NFC on Macs. I need to keep plugging in the FIDO2 security keys into the USB ports.

submitted 14 days ago • 3 comments

Have you checked out this week's Entra newsletter? Get it at 👇 entra.news/p/entra-n...

submitted 14 days ago • 0 comments

ROADtools update: I just released roadlib v1.0! This version drops the adal dependency, all auth flows are now implemented natively 🎉 This was mostly a personal goal, but it helps with adding new features, such as forcing MFA during device code auth independent of CA policies 😀

submitted 16 days ago • 2 comments

💀💀

submitted 17 days ago • 1 comment

✳️ Quick heads up. Microsoft just dropped a bunch of new least privilege Graph permissions. Avoid granting super privileges like Directory.ReadWrite.All and User.ReadWrite.All to apps. Instead use these new least privilege permissions where possible.

submitted 18 days ago • 2 comments

Updated guidance on conditional access: Either target all resources with MFA or at least target Azure AD Graph through "Custom security attributes". #EntraID https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps#protecting-directory-information

submitted 18 days ago • 4 comments

bluesky.ms really is such a life saver in finding my Microsoft people on this platform. Shout outs to @merill.net for this awesome project!!

submitted 19 days ago • 0 comments

🚀 Dev Proxy Toolkit v0.16.0 New release updated for Dev Proxy v0.24 with: - Improved diagnostics - Updated schemas - New snippets Checkout the change log: marketplace.visualstudio.com/items/garryt... Learn more: aka.ms/devproxy #DevProxy #APIs

submitted 20 days ago • 0 comments

Now you can use your own company standard values for your attributes in Entra with Custom Maester Tests and #PowerShell Learn more clatent.com/2025/02/now-... @merill.net @fabian.bader.cloud @naunheim.cloud

submitted 20 days ago • 0 comments