top of page

BSides Dublin - The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations

We have an Identity problem and not the kind you think of when you look in the mirror. Attacks have shifted from the perimeter to the endpoints and now attackers have their sights on identity. This talk explores the issues with Identity security specifically the two most popular identity systems, Active Directory & Azure AD ("Entra ID" for those who read Microsoft's press releases). These Identity security issues lead to compromise of systems that leverage the identity system for authentication/authorization.

Explored during this talk are the most common ways attackers compromise Identity systems, well-known breaches related to these issues (including the recent MGM breach), and the best ways to mitigate them. Attendees will leave this talk with a better understanding of attacker techniques to compromise Active Directory & Azure AD (Entra ID) as well as methods to best mitigate these attacks

Download Sean's slides below. No registration required. Check back here for the full video once it's available from the organizers. Enjoy!

2024-BSidesDublin-MicrosoftIdentitySecurity-Metcalf-FINAL (1)
Download PDF • 4.13MB



bottom of page