Tag
security
Entra ID App Registration Secrets Expiry: How to Stop Getting Caught Off Guard
Client secrets on App Registrations expire silently — no email alert is sent by default. When the deadline passes, every integration fails immediately with AADSTS7000215. This article covers a PowerShell audit script, safe rotation without a maintenance window, and credential lifecycle policies.
Device Code Flow Phishing: How Attackers Steal M365 Tokens While Bypassing MFA — and How to Stop Them
Device code flow phishing lets attackers take over M365 accounts even when MFA is fully enforced — the victim authenticates on a real Microsoft page, the attacker gets the tokens. Storm-2372 has been running this campaign since August 2024. Learn how to detect existing compromise in your Entra ID logs, block the attack via Conditional Access, and avoid breaking Teams Rooms in the process.