So, you are attacking Azure? Or you want to test out something in the context of a user assigned identity? In this blogpost I’ll show you how create an access token for any Azure API, Microsoft Graph API, etc. for a user assigned identity.
Continue reading “Creating an access token for a user assigned identity in Azure”How I work effectively with multiple Azure AD tenants and user accounts
Many people have to work with several Azure AD and Microsoft 365 tenants, several user accounts in the same tenant, or a combination of both. I often see people working using a single browser, or using incognito mode, signing in and out all the time.
I work with several customers, several lab and demo environments, several different users – often in the same tenant, and I work super effectively. How? Let me show you!
Continue reading “How I work effectively with multiple Azure AD tenants and user accounts”Recommendations for Azure Bastion shareable links
Azure Bastion just got a new feature in preview called “Shareable Links”. Without this feature, in order to grant a user access to use Azure Bastion to connect to a virtual machine, you will need to delegate reader access in Azure. At minimum you’ll need “reader” on the bastion host itself, on the virtual network connected to the VM and the VM itself.
While these permissions are not “scare”, it leaves you with permissions to handle somehow. The new sharable links feature, however, eliminates this by allowing you to create – well – a link that you can share that directly allows a user to connect to a VM using Azure Bastion.
Continue reading “Recommendations for Azure Bastion shareable links”Deploying Sentinel hunting queries using Terraform
Ok, so creating hunting queries in Sentinel using Terraform works fine, but it is very funky to actually understand, even though it works. First of all, you need to use the log_analytics_saved_search resource, nothing more. However, for the keen observer, this resource does not support entity mapping and no MITRE ATT&CK. Or does it? 😉
Continue reading “Deploying Sentinel hunting queries using Terraform”Microsoft Sentinel, error in EntityMappings: The given column does not exist
Long time, no blogging. Been busy starting a company. Working a lot with Microsoft Sentinel lately, so lots of content will be coming surrounding that. This time, we’ll do a short one:
Tables in log analytics are weird. Or, at least they can cause headaches because the available columns vary based on what content you ingest.
Continue reading “Microsoft Sentinel, error in EntityMappings: The given column does not exist”Terraform module for automatically maintaining Azure DevOps variable group with app secret
Dropping a quick Terraform module that automatically rotates the password of an Azure AD application, outputting the value into an Azure DevOps variable group. This can be super handy when maintaining a tenant by code, allowing developers to “order” app secrets.
Continue reading “Terraform module for automatically maintaining Azure DevOps variable group with app secret”Digging into Azure AD Certificate-Based Authentication
Azure AD Certificate-Based Authentication is now in public preview, with a surprisingly good documentation. Usually I have to guess how 50% of a feature actually works, but this time they have gone all-in with technical details of just about everything. What is a blogger to do? Well, let’s configure it and see if we can sneak a peek behind the scenes 🙂

Finding Azure AD domain from tenant id
Ever had an Azure AD tenant id, and wondered which tenant this is? While checking the APIs behind the new Azure AD cross-tenant access settings, I found a new API that can help you with this!
Continue reading “Finding Azure AD domain from tenant id”Azure IP Ranges Terraform Module
There is no reason to have your services available from the entire internet, if you don’t need to, but often it can be difficult to maintain allow lists for public cloud IP addresses. Not anymore. I have built a Terraform module that updates itself from the Microsoft provided JSON of IP addresses.
Checking out Azure AD cross tenant access policies
So, as one does, I was checking out the different Microsoft Graph AppRoles, which are the application scopes available. And then I found this:

Now, I now cross tenant access is something Microsoft has been working on for a while, and I have seen some preview stuff presented, but I have no access to any preview at all at this point. However, let’s see what we can find!
Disclaimer: Do not use this in production, as it is only a private preview feature I discovered.
Continue reading “Checking out Azure AD cross tenant access policies”