The latest on the Azure AD Graph retirement mentions two temporary outage tests and more guidance.
If something stops working it might be because of those tests.
#Entra #AADGraph
techcommunity.microsoft.com/blog/microso...
If something stops working it might be because of those tests.
#Entra #AADGraph
techcommunity.microsoft.com/blog/microso...
Azure AD Graph retirement
Migrate your applications using Azure AD Graph APIs scripts to Microsoft Graph before September 2025.
techcommunity.microsoft.com
June 29, 2025 at 8:49 AM
The latest on the Azure AD Graph retirement mentions two temporary outage tests and more guidance.
If something stops working it might be because of those tests.
#Entra #AADGraph
techcommunity.microsoft.com/blog/microso...
If something stops working it might be because of those tests.
#Entra #AADGraph
techcommunity.microsoft.com/blog/microso...
gist.github.com/CloudProtect...
This one does a very good job because it considers if the device is joined/registered any only looks at the AADGraph. For this resource its not normal that a non-registered device is accessing it
This one does a very good job because it considers if the device is joined/registered any only looks at the AADGraph. For this resource its not normal that a non-registered device is accessing it
Use Defender XDR advanced hunting query capabilities to detect possible device compliance bypass attacks for Entra ID Conditional Access according to the vulnerability disclosed by Yuya Chudo (https:/...
Use Defender XDR advanced hunting query capabilities to detect possible device compliance bypass attacks for Entra ID Conditional Access according to the vulnerability disclosed by Yuya Chudo (http...
gist.github.com
January 9, 2025 at 7:30 AM
gist.github.com/CloudProtect...
This one does a very good job because it considers if the device is joined/registered any only looks at the AADGraph. For this resource its not normal that a non-registered device is accessing it
This one does a very good job because it considers if the device is joined/registered any only looks at the AADGraph. For this resource its not normal that a non-registered device is accessing it
So far, I've tried with AADGraph and it works. I want to try more things when i get the time. Tbh, I haven't time the token expiration, but it should be close to an hour
December 13, 2024 at 5:51 PM
So far, I've tried with AADGraph and it works. I want to try more things when i get the time. Tbh, I haven't time the token expiration, but it should be close to an hour
It actually seems that you can't block the AADGraph by utilizing CAP filters.
I was too excited when I posted this 😂.
Let me know if you know a way to prevent the use of AADGraph.
#azure #redteam #blueteam
I was too excited when I posted this 😂.
Let me know if you know a way to prevent the use of AADGraph.
#azure #redteam #blueteam
You can enumerate #azure CAP with any user by utilizing the old AADGraph API "https://graph.windows.net/organization/conditionalAccessPolicies?api-version=1.61-internal".
To prevent that, you can use CAP filters.
Let me know if you know of any other way to enumerate CAP with low privs account.
To prevent that, you can use CAP filters.
Let me know if you know of any other way to enumerate CAP with low privs account.
December 11, 2024 at 11:06 AM
You can enumerate #azure CAP with any user by utilizing the old AADGraph API "https://graph.windows.net/organization/conditionalAccessPolicies?api-version=1.61-internal".
To prevent that, you can use CAP filters.
Let me know if you know of any other way to enumerate CAP with low privs account.
To prevent that, you can use CAP filters.
Let me know if you know of any other way to enumerate CAP with low privs account.
December 11, 2024 at 10:56 AM
You can enumerate #azure CAP with any user by utilizing the old AADGraph API "https://graph.windows.net/organization/conditionalAccessPolicies?api-version=1.61-internal".
To prevent that, you can use CAP filters.
Let me know if you know of any other way to enumerate CAP with low privs account.
To prevent that, you can use CAP filters.
Let me know if you know of any other way to enumerate CAP with low privs account.