nathanmcnulty.com
Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🐘infosec.exchange@nathanmcnulty
3,171 posts
5,511 followers
426 following
Regular Contributor
Active Commenter
comment in response to
post
Possibly sign-in logs showing secrets were used, but we'll have issues with inactive apps, unused secrets (like secondary ones), and things like that
Log Analytics won't be the ideal tool for this one :p
comment in response to
post
Once you get an inventory and switch things over to certificates (where supported), the article recommends we enable policies to prevent future secrets or weak passwords from being added
Some scenarios don't work well with MI's/certs, just do your best!
learn.microsoft.com/en-us/entra/...
comment in response to
post
If you'd like to see a list of which apps are using secrets, here's the Graph PowerShell for you :)
Get-MgApplication -All -Property displayName,appId,passwordCredentials | Where-Object { $_.PasswordCredentials } | select DisplayName,AppId,PasswordCredentials
comment in response to
post
You too! :)
comment in response to
post
I am so bad at remembering to take pictures.. 😭
Had so much fun with you and Steve on this :)
comment in response to
post
This was so much fun, I think we should do it again :p
comment in response to
post
Sure :p
comment in response to
post
ngl, I would probably watch Tar Wars once
comment in response to
post
Thanks Ben! :)
comment in response to
post
Thanks Liam! ❤️
comment in response to
post
:)
Thanks Hailey! ❤️
Can't wait to hang out next week!
comment in response to
post
Thanks Griff! ❤️
comment in response to
post
Thanks Simon! ❤️
comment in response to
post
Thank you! ❤️
comment in response to
post
Thank you Samuel! ❤️
comment in response to
post
Thanks Tony! :)
comment in response to
post
Thank you! Hope you are doing well :) ❤️
comment in response to
post
Thanks Nathan! :)
comment in response to
post
Thanks Jef! You'll love some stuff I'm working on right now - API-driven provisioning / ID Gov things, very fun :)
comment in response to
post
😂
comment in response to
post
Thank you! I am so glad the things I've shared have been helpful :)
comment in response to
post
Thanks Jeffrey! I'm just happy to hear I've been helpful for folks, MVP is a sweet bonus :p
comment in response to
post
Thanks John! can't wait to hang out at MMS 😁
comment in response to
post
Thanks Bryan! ❤️
comment in response to
post
Haha, I've been getting a lot of that lately 😂
No, I was nominated once, but it was when they changed platforms and stuff was lost in the transition
So excited to be a part of the team :)
comment in response to
post
Thanks man! ❤️
comment in response to
post
Thanks Ryan! So glad I've been able to help :)
comment in response to
post
Thanks Jose! Didn't see the bot beat me to sharing it :p
comment in response to
post
My first nomination was silently deleted, I thought because I was too negative publicly, so I never applied again
In reality, most Microsoft employees LOVE that feedback (when done appropriately) - it was an accident 🤯
So thanks to Ru Campbell for pushing me to try again ❤️
comment in response to
post
I have been extremely fortunate, opportunities and time that few people get. My company gives me so much freedom to build things, share them publicly, and give back to the community - I wouldn't be here without them!
But I'm also honest, very willing to give negative feedback
comment in response to
post
For most of my career, I have benefited from content shared by Microsoft MVPs and employees. I would not be who I am today without them having given their time.
I have an innate love for helping people, always wanted to boost others in their career the way they did for me :)
comment in response to
post
After a kid peed on me (story for another time), I switched majors to Math and Computer Science, got a job on help desk, and ended up at a K12 school district for a decade
My resume is not impressive, couldn't even get an interview with Microsoft, never though about being an MVP
comment in response to
post
In high school, I was in the XP beta program and dreamed of becoming an MVP. I helped tons of people on the microsoft.public.windowsxp.* message boards (can even find archives!), but I did not have the expertise :p
Then I went to college to become an elementary ed teacher... :)
comment in response to
post
The article is really hard to follow because it's more about MSRCs response than the actual issue, or maybe it's just my brain, lol
Either way, I would have to do some testing to see if there are any corner cases on the work side of things :p
comment in response to
post
I think you are correct on the cached creds thing, somewhat similar to AD and cached creds
That checkbox for web accounts enables the RDS AAD Auth protocol which uses modern tokens from Entra / Conditional Access
Not sure what it does for consumer though...
learn.microsoft.com/en-us/opensp...