EZ
@IAMERICAbooted
Followers
2K
Following
10K
Media
319
Statuses
6K
Yesterday is history. Tomorrow is a mystery. Cloud Solutions Engineer at Contoso. Hacktive Directory admin. Posts don't represent my employer(s).
Your Microsoft Cloud
Joined March 2025
Here's a quick companion blog post I threw together if anyone is interested. These are not perfect solutions but there's some mitigations you can consider in this blog post to common M365 initial access vectors we discussed in Entra Chat: https://t.co/jFY6BgmBN0
ericazelic.medium.com
I recently had the opportunity to sit down with Merill Fernando on the Entra Chat podcast and discuss some of the security challenges I seeโฆ
๐ From Dispensing Pills to Dismantling Cyber Threats: One Woman's Epic Pivot In 2009, @IAMERICAbooted was ordering drugs with shared passwordsโfast-forward to 2022, and she's pen-testing Azure tenants like a boss. This week on https://t.co/v0cFtrPykt, Erica recounts her DEFCON
6
17
85
I just logged into my test tenant to admin center and it didn't require MFA, but it did for Entra... WTF??????
5
0
11
Today I learned why people hire accountants. I thought I was going to owe a lot more in taxes. Now I'm all caught up and life can move on. W00t!
2
0
17
Whoa my gosh!!! So excited for this one!
๐ Folks, next week I'm recording an Entra Chat podcast with the one and only @_dirkjan ๐คฉ What do you want me to ask him? Post your question below, hit like on the questions so I know which ones are popular. ๐
1
1
23
If you don't already use Device Code Flow (and if you do, you know you do), block it using Conditional Access to protect against the latest phishing attacks: https://t.co/6DEK4neqPP If you do use it, you'll want to still use a Conditional Access policy to block it for most of
3
13
94
@IAMERICAbooted Set up Center of excellence create Environments for Business and Use the default for Personal. Create policies to deny all connectors except approved ones and policies to delete old and unused stuff. Easy and quick to have basics in place.
0
1
1
Working in security is like putting together a jigsaw puzzle. Right now, Im in the sorting the pieces phase so I can figure out what pieces I'm missing that I need to get from other teams, before any of the pieces have come together.
1
1
13
Do you know what's great about big orgs? They have comms departments who are professional social engineers. All you have to do is provide screenshots and a sentence with each one. They do the rest โค๏ธ
4
0
27
Intune now has dedicated security recommendations docs just like Entra ๐ฅ The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance Thanks to my collegaue (@JoshuaGatewood) for pointing this out! https://t.co/FZZbXr6dCs
If you work with Entra, you'll want to bookmark and monitor this page ๐ Much of this is in Identity / Secure Score, but it's great to see security guidance cleanly laid out in one doc You might think this is well known stuff, I assure you it is not :( https://t.co/kTT4bUrFFG
4
69
336
Never a day without a "WTF is this" moment in M365 ๐ Which one wins?
4
1
37
โ ๏ธ Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication Read more: https://t.co/ohEQXHlMNB Critical flaws were uncovered in the network communication between Microsoft Defender for Endpoint (DFE) and its cloud services, allowing post-breach attackers to
3
170
458