In this episode of Entra.Chat, I dive deep with cybersecurity architect Fabian Bader into his research on bypassing poorly designed Microsoft Entra’s conditional access policies and what you can do about them.
We also cover the game-changing new Group Source of Authority feature that lets you finally manage synced groups in the cloud, and share insights from Fabian’s work with MSRC to secure the platform—don’t miss this one if you want to stay ahead in cloud security!
Subscribe with your favorite podcast player or watch on YouTube 👇
About Fabian Bader
Fabian Bader is a Cybersecurity Architect at glueckkanja, based in Hamburg, Germany. He is a well-known researcher in the Microsoft identity space, creator of the Cloud Brothers blog, and creator of the Maester and Token Tactics V2 tools. His work focuses on Microsoft Entra and the Defender suite, helping customers secure their cloud environments.
LinkedIn - https://www.linkedin.com/in/fabianbader/
🔗 Related Links
Fabian’s Blog - https://cloudbrothers.info/
Entra Scopes - https://entrascopes.com/
Maester - https://maester.dev/
Token Tactics V2 - https://github.com/f-bader/TokenTacticsV2
📗 Chapters
02:19 The Story of the "Cloud Brothers" Blog
03:32 The Origin Story of Maester
07:39 Token Tactics V2 & Continuous Access Evaluation
09:43 How Conditional Access Bypasses Are Found
12:05 What is FOCI (Family of Client IDs)?
18:04 Hardening Your Conditional Access Policies
29:59 V1 vs V2 Token Endpoints Explained
38:19 Using Graph Activity Logs in Defender XDR
42:45 The New Group Source of Authority (SOA)
54:59 Workplace Ninjas US Announcement
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Share this post